Setting up your applications

Before you can implement OAuth 2.0 with Yoco, you need to create and configure OAuth applications for both sandbox testing and live use.

Coming soon

This functionality is still being built and represents a future state. Stay tuned for updates as we continue to develop this feature.

Prerequisites

Create a developer account in the Yoco Developer Console
Understand the OAuth 2.0 scopes your application will need

Application setup process

You’ll need to register separate applications for sandbox and live environments, each with their own configuration and credentials.

Sandbox application

Create a new sandbox application
Select the OAuth scopes your application needs
- Choose only the scopes necessary for your application’s functionality
- Follow the principle of least privilege - request minimal access
- Each scope provides access to specific API resources
Configure your redirect URL
Note your Client ID
Store your Client Secret securely - it will only be shown once

Live application

Create a new live application
Select the OAuth scopes your application needs
- Choose only the scopes necessary for your application’s functionality
- Follow the principle of least privilege - request minimal access
- Each scope provides access to specific API resources
Configure your live redirect URL
Submit your application for approval
Once approved, note your Client ID
Store your Client Secret securely - it will only be shown once

Important considerations

Scope selection

Minimal access: Only request the scopes your application actually needs
Clear purpose: Understand what each scope provides access to
Security: More scopes mean broader access; follow principles of least privilege

Redirect URLs

Always use HTTPS (HTTP is allowed only for localhost in sandbox)
Must match exactly the URL you provide during the authorization flow

Client secrets

One-time display: Client secrets are shown only once when created
Secure storage: Store secrets securely in your application’s configuration