Best practices for OAuth integration
When using OAuth, it is important to take certain aspects into account so that the integration works correctly.
Below, you will find a guide to possible errors and good practices to keep in mind.
Correct use of values in request headers
Always use the
content-type headers in your POST request. Be careful not to add values to headers that are not part of the integration to avoid getting a response error.
Correct use of 'params' values
In your POST call, be careful to use only the requested
params values. Do not add any other non-required values, otherwise you will receive an error code in response.
Correct use of Query Params
Remember not to send any parameters inside Query Params. Send the parameters within the request body as indicated in API Reference.
Correct use of the 'grant_type' field
Always use the
grant_type field in your requests with the
authorization_code value. Remember that if you send another value, it is possible that you will receive an error in response.
Using the 'state' field in the 'authorization code' request
To enhance integration security, we recommend including the
state parameter in the
authorization code request flow. This way, you can ensure that the response belongs to a request initiated by the same application.
Make sure that the
redirect_uri is a static URL. If you want to send additional parameters in that URL, use the
state parameter to include that information. Otherwise, the call will receive an error response if the
redirect_uri does not exactly match the application's configuration.
To find more information about the request, its parameters, and the possible success and error responses you may receive, go to API Reference documentation.