Authorization
Description
The Authorization section facilitates the OAuth 2.0 flow, enabling third-party applications to request access to a user’s COUNT account. This process ensures that users can securely authenticate, consent to data sharing, and allow external applications to act on their behalf.
🔁 Authorization Flow Overview:
COUNT uses an OAuth 2.0 Authorization Code flow to grant your application access to a user’s workspace. The flow works as follows:
Initiate — Your app redirects the user to COUNT’s authorization page.
User Login & Consent — The user logs in to COUNT and selects a workspace to authorize.
Callback — COUNT redirects back to your redirectUri with an authorization code and state.
Token Exchange — Your server exchanges the authorization code for an access token and refresh token.
API Access — Use the access token to make authenticated API requests on behalf of the user.
Important: Your redirect URI must not contain query parameters. If you need to pass context through the flow, use the state parameter.
Purpose
The Authorization flow allows your application to integrate with COUNT by:
Initiating the process: Calling /auth2/authorize-initiate from your client application to generate the login redirect URL.
Exchanging the authorization code: After user consent, the application exchanges the authorization code received in the redirect for an access token using the /partners/grant-access-token endpoint.
This OAuth 2.0 process ensures secure, token-based access, allowing the application to perform actions (such as posting transactions or retrieving account data) on behalf of users without compromising their credentials.
Note:
All of the stated endpoints and sections are for demonstration purposes only.
Endpoints
auth2/authorize-intiate?clientId=<your-client-id>&redirectUri=<your-redirect-uri>'&state=<...
partners/grant-access-token
partners/refresh-user-access-token