Enable your app to access Hyperline accounts using OAuth flows
name
: displayed to the user during the authorization flowdescription
(optional): to show more details to the userlogo_uri
(optional): to customise the authorization screen with your brandcallbacks
: URLs whitelisted to use as a callback/redirect after authorization (e.g. an URL within your app that processes authorizations)Authorize
https://api.hyperline.co/v1/oauth/authorize
(or https://sandbox.api.hyperline.co/v1/oauth/authorize
). You must append these four query parameters to the URL:client_id
: received upon app registrationredirect_uri
: where the user will be sent after authorization, it must match the URL you set when registering your appresponse_type=code
: the only supported mode at the momentstate
: a random string to prevent CSRF attacks that you verify when the user returns to your app - more informationRetrieve tokens
redirect_uri
with the code
and state
query parameters. You must ensure that the query parameter state
matches the original state you passed at the start of the flow.If it does, you can exchange the provided code for tokens by making a POST request to https://api.hyperline.co/v1/oauth/tokens
(https://sandbox.api.hyperline.co/v1/oauth/tokens
), including the following attributes in a JSON body:client_id
: as aboveclient_secret
: received upon app registrationgrant_type: "authorization_code"
code
: as provided in the query parametersredirect_uri
: must match the value set at the 1. Authorize
stepUse tokens
Authorization
header after a Bearer prefix. For example:expires_in
field to know the number of seconds left before the app access token expires. Be sure to renew it before this reaches zero.
https://api.hyperline.co/v1/oauth/tokens
(or https://sandbox.api.hyperline.co/v1/oauth/tokens
), including the following attributes in a JSON body:
client_id
: received upon app registrationclient_secret
: received upon app registrationgrant_type: "refresh_token"
refresh_token
: received during the first authorization flowhttps://api.hyperline.co/v1/oauth/revoke
(or https://sandbox.api.hyperline.co/v1/oauth/revoke
), including the following attributes in a JSON body:
client_id
: received upon app registrationclient_secret
: received upon app registrationtoken
: refresh token you want to revokehttps://api.hyperline.co/v1/companies
endpoint.
For targeting a particular company, include the Hyperline-CompanyId
header in each API request.
Hyperline-CompanyId
header, the first company (oldest one) linked to the user will be used.We advise including this header by default when constructing a third-party app/flow.