Partners

Platform

Payments Oauth

Razorpay OAuth

Use Razorpay OAuth to integrate your applications and securely access client resources via token-based authentication.

OAuth or Open Authorisation is a standard that allows applications to access resources hosted by other web apps on behalf of a user. For example, using OAuth, you can permit CricBuzz to access your Facebook profile without sharing your password. Your Facebook password will remain safe if CricBuzz faces a security breach.

Razorpay OAuth is a token-based authentication method where the third party obtains an access token with your consent without you having to compromise your API key secret. OAuth gives the control in your hands to decide which application can access what level of resources within your Razorpay account.

Example🔗

An online accounting software company, Acme Corp, wants to provide accounting services to a Razorpay merchant, ABC.

Acme Corp. has to be registered as a third-party application with Razorpay to create credentials (client_id and secret) that authenticate the application on Razorpay. When ABC wants to use the Acme Corp application, it should:

  1. Sign in with Razorpay on the Acme Corp application.
  2. Provide approvals that allow the application to access protected resources.

ABC can start using the application only after completing the above process.

Prerequisites🔗

You should have the following ready:

  1. Sign up with Razorpay as a platform partner by reaching out to our support team. You require this to register your application on the Razorpay Dashboard.
  2. A front-end interface for your app with a button redirecting the user to the Razorpay OAuth page.
  3. A redirect URL pointing to your application. Razorpay will redirect users to this URL.

Workflow🔗

The following diagram explains the OAuth flow:

OAuth Flow

Given below is the overall flow:

  1. Merchant logs in to the application.

  2. The merchant clicks Connect with Razorpay and is shown the authorisation page. Merchant clicks Authorize to proceed.

    Sample

  3. The application redirects to the Razorpay authorisation URL. This URL requests the merchant's approval for granting access to the requested resource on Razorpay.

  4. The user is shown the approval page where they can accept or reject the grant of this access.

  5. After the user approves or rejects the request, Razorpay will redirect to the redirect_url specified.

    • If approved, an authorization_code is included as a query parameter.
    • If denied, the error reason is sent in the query parameter.

  6. On approval, the application requests an access_token in exchange for the authorization_code.

  7. The application can use the access_token to access Razorpay APIs on behalf of the merchant.

×

ON THIS PAGE