Authorize¶

OAuth API

GEThttps://my.mollie.com/oauth2/authorize

Note

You should construct the Authorize URL from the endpoint above with the parameters below. Then, you should redirect the resource owner to the Authorize endpoint.

The Authorize endpoint is the endpoint on Mollie web site where the merchant logs in, and grants authorization to your client application. E.g. when the merchant clicks on the Connect with Mollie button, you should redirect the merchant to the Authorize endpoint.

The resource owner can then grant the authorization to your client application for the scopes you have requested.

Mollie will then redirect the resource owner to the redirect_uri you have specified. The redirect_uri will be appended with a code parameter, which will contain the auth token. You should then exchange the auth token for an access token using the Tokens API.

Parameters¶

client_idstringrequired

The client ID you receive when registering your app. This starts with app_.

Example: app_j9Pakf56Ajta6Y65AkdTtAv.

redirect_uristringoptional

The URL the merchant is sent back to once the request has been authorized. If given, it must match the URL you set when registering your app.

statestringrequired

A random string generated by your app to prevent CSRF attacks. This will be reflected in the state query parameter when the user returns to the redirect_uri after authorizing your app.

scopestringrequired

A space-separated list of permissions your app requires. Refer to Permissions for more information about the available scopes.

Example organizations.read profiles.read payments.read payments.write

response_typestringrequired

Mollie only replies with code responses.

Possible values: code

approval_promptstringoptional

This parameter can be set to force to force showing the consent screen to the merchant, even when it is not necessary. Note that already active authorizations will be revoked when the user creates the new authorization.

Possible values: auto force

localestringoptional

Allows you to preset the language to be used in the login and sign up flow if the merchant is not logged in. If the merchant is already logged in, his/her preferred language will be used and this parameter is ignored.

When this parameter is omitted, the browser language will be used instead. You can provide any xx_XX format ISO 15897 locale, but the authorize flow currently only supports the following languages:

Possible values: en_US nl_NL nl_BE fr_FR fr_BE de_DE es_ES it_IT

landing_pagestringoptional

Allows you to specify if Mollie should show the login or the signup page, when the merchant is not logged in at Mollie. Defaults to the login page. Defaults to login.

Possible values: login signup

Response¶

301 Redirect

Errors are indicated by redirecting back to the provided redirect URL with additional parameters in the query string (as per the OAuth2 specification).

There will always be an error parameter, and the redirect may also include error_description.

codestring

The auth code, with which you can request an app access token.

statestring

The random string you’ve sent with your request to prevent CSRF attacks. Always check if this matches the expected value.

errorstring

If the request is canceled by the merchant, or fails for any other reason, the merchant will be redirected back with an error field. The field will contain a code indicating the type of error.

error_descriptionstring

If the error field is present, this field will be present as well with an explanation of the error code.

In case of an invalid value, your user will be redirected to the redirect URI set for your OAuth application with the error and error_description query parameters added.

Example¶

Refer to the documentation of the Mollie API client you are using.