Implement OAuth 2.0 authorization code flow
This recipe shows how to implement the OAuth 2.0 authorization code flow to enable secure user login via Banqup One—useful, for example, when adding your extension to Banqup Store and needing to integrate the Banqup One login process into your app.
The recipe walks you through the essential steps to authenticate users and retrieve access tokens for authorized API access.
Prerequisites
- You have Postman installed.
- You have successfully registered on Banqup One app.
- You have an account and an app on Banqup Developer Portal.
Recommended: Set up a new, dedicated app specifically for the authorization code flow.
Step 1: Enable API product
On the Banqup Developer Portal, enable the Oauth2 - Authorization code flow API product within the newly created app.
The API is activated instantly.
Step 2: Activate redirect URI
The redirect URI tells the authorization server where to send the user after access is granted.
You can activate one or more URIs in this API request.
Endpoint: 
/oauth2/activate_redirect
Request body: View documentation
- To authenticate, generate a bearer token using these steps.
curl --location 'https://{{serverURL}}/oauth2/activate_redirect' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer YOUR_TOKEN' \
--data '{
"redirect_uri": ["www.banqup.com"]
}'
Successful response:
{
"message": "Redirect created successfully.",
"redirect_uri": [
"www.banqup.com"
]
}
Update redirect URIs
Endpoint: 
/oauth2/update_redirect
Request body: View documentation
curl --location --request PUT 'https://{{serverURL}}/oauth2/update_redirect' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer YOUR_TOKEN' \
--data '{
"redirect_uri": ["https://www.unifiedpost.com"]
}'
Successful response:
{
"message": "Redirect URI updated successfully.",
"redirect_uri": [
"https://www.unifiedpost.com"
]
}
Step 3: Generate access token
- In Postman, select the OAuth2 authentication type and fill in the necessary data in the Authorization tab.
Then, click on Get new access token button.
Authorization data
| Element | Value |
|---|---|
| Token name | e.g. My OAuth2 Token |
| Grant type | Authorization Code |
| Callback URL | Needs to be the redirect URI activated in the previous step. |
| Auth URL | |
| Access token URL | |
| Client Id | Use the API key from the app created on the Developer Portal. |
| Client secret | Use the client secret from the app created on the Developer Portal. |
| Scope | openid |
| Client authentication | Send client credentials in body |
- Scan the QR code that appears on the pop-up window with your Banqup mobile app, and then confirm your login.
- Only at first login, grant access to the user accessing the space.
In Postman, the access token is generated and will be used to give the user access to Banqup.
