Kopo Kopo OAuth 2.0

Kopo Kopo utilizes the OAuth 2 protocol to facilitate authorization. OAuth is an authorization framework that enables a third-party application to obtain access to protected resources (Transactions, Transfers, etc.) in the Kopo Kopo API. Access to the Kopo Kopo API can be granted to an application either on behalf of a user or on behalf of the application itself. The following guide will walk through Kopo Kopo’s implementation of OAuth 2 and the various flows that can be leveraged by your application depending on your use case.

OAuth terminology:

• Resource Server (Kopo Kopo): The Kopo Kopo server hosting protected resources (Transactions, Transfers, etc.) and responding to requests from an authorized application.
• Authorization Server (Kopo Kopo): The Kopo Kopo server issuing access tokens to an authorized application.
• Client (application): The application making requests to access protected resources after it has obtained authorization.
• Resource Owner (user/application): A user with an existing Kopo Kopo merchant account who grants permission to an application to act on their behalf or an application acting on its own behalf.

Creating an application

Before you can get started with making OAuth requests, you’ll need to first register an application with Kopo Kopo by logging in and navigating to the developers page. Once an application is registered you will obtain your client_id and client_secret (aka client credentials), which will be used to identify your application when calling the Kopo Kopo API. The Sandbox environment provides you with a created application once you have signed up for an account. Learn more in our getting started with sandbox guide. Remember: Your client_secret should be kept a secret! Be sure to store your client credentials securely.

Kopo Kopo’s authorization flow

The OAuth 2 protocol defines four main authorization grant types, more commonly referred to as OAuth flows.

Application authorization: - Using the client credentials grant flow, your application will obtain authorization to interact with the API on its own behalf. This is a server-to-server flow with interaction between an application and the Kopo Kopo API; also known as 2-legged OAuth.