Create credentials for a partner-hosted app
A Zettle partner-hosted app is hosted by the integrator building the app. Authorisation is done using the authorisation code grant method.
This method provides the client app with access to a merchant’s data without giving away any credentials. The merchant authorises the client app, which presents proof of authorisation to the server. A temporary authorisation code is generated from the authorisation server using app credentials. These include a client secret and client ID. The temporary code is then exchanged for an access token by the authorisation server.
With authorisation code grant, client app usage tracking is available by default.
To use the authorisation code grant method, you need to create app credentials from the Developer Portal. See the following how to do this.
- An account for the Developer Portal. If you don't have this, sign up for a developer account.
- A working and publicly available URL. It starts with https and includes a redirect URI to direct your app users back to your app, after they authorise it to access their Zettle merchant data. For example,
https://awesomeapp.com
. You will use it for getting credentials for a new app.If the URL is located at your local server, you can make the URL publicly available using ngrok.
Follow these steps to get new app credentials.
- Log in to the Developer Portal.
- On your Dashboard, click Create app credentials.
- On the Create app credentials page, click Public API credentials to open the form for app information.
- Fill in the form. For the OAuth Redirect URIs field, fill it in with the URL that you have prepared.
- Click Create credentials to create the app credentials.
- Download the app credentials and save them somewhere safe.
See the following how to get a new client secret for an existing app. The client ID of an app doesn't change.
- Log in to the Developer Portal.
- On your Dashboard, select the app for which you need a new client secret. The current client secret is hidden.
- On the app page, click Request new client secret to deactivate the current secret and generate a new one. The new client secret will be shown.
- Download the app credentials and save them somewhere safe.