OAuth enables separate Braintree accounts to securely connect with each other and share information. You can use OAuth either on its own or in conjunction with other Braintree functionality like the Grant API and Shared Vault.
Our OAuth implementation follows the OAuth 2.0 specification.
- Your server generates a connect URL that specifies your requested OAuth scopes and a redirect URI where a merchant will be sent after authorization
- A Braintree merchant clicks a Connect with Braintree button on your site or mobile app, which sends them to the connect URL
- At the connect URL, the merchant logs into their Braintree account and agrees to your requested OAuth scopes
- Braintree sends the merchant to your redirect URI and includes an authorization code as a query parameter in the URI
- Your server uses this authorization code to create an access token for the merchant, which you can then use to make authorized API calls on the merchant's behalf