Best practices for OAuth integration
When using OAuth, it is important to take certain aspects into account so that the integration works correctly.
Below, you will find a guide to possible errors and good practices to keep in mind.
Correct use of values in request headers
Always use the accept
and content-type
headers in your POST request. Be careful not to add values to headers that are not part of the integration to avoid getting a response error.
Correct use of 'params' values
In your POST call, be careful to use only the requested params
values. Do not add any other non-required values, otherwise you will receive an error code in response.
Correct use of Query Params
Remember not to send any parameters inside Query Params. Send the parameters within the request body as indicated in API Reference.
Correct use of the 'grant_type' field
Always use the grant_type
field in your requests with the authorization_code
or client_credentials
values. Remember that if you send another value, it is possible that you will receive an error in response.
Using the 'state' field in the 'authorization code' request
To enhance integration security, we recommend including the state
parameter in the authorization code
request flow. This way, you can ensure that the response belongs to a request initiated by the same application.
Make sure that the redirect_uri
is a static URL. If you want to send additional parameters in that URL, use the state
parameter to include that information. Otherwise, the call will receive an error response if the redirect_uri
does not exactly match the application's configuration.
To find more information about the request, its parameters, and the possible success and error responses you may receive, go to API Reference documentation.