You should construct the Authorize URL from the endpoint above with the parameters below. Then, you should redirect the resource owner to the Authorize endpoint.
The Authorize endpoint is the endpoint on Mollie web site where the merchant logs in, and grants authorization to your client application. E.g. when the merchant clicks on the Connect with Mollie button, you should redirect the merchant to the Authorize endpoint.
The resource owner can then grant the authorization to your client application for the scopes you have requested.
Mollie will then redirect the resource owner to the
redirect_uri you have specified. The
redirect_uri will be
appended with a
code parameter, which will contain the auth token. You should then exchange the auth token for
an access token using the Tokens API.
The client ID you receive when registering your app. This starts with
statequery parameter when the user returns to the
redirect_uriafter authorizing your app.
A space-separated list of permissions your app requires. Refer to Permissions for more information about the available scopes.
organizations.read profiles.read payments.read payments.write
Mollie only replies with code responses.
This parameter can be set to
force to force showing the consent screen to the
merchant, even when it is not necessary. Note that already active authorizations will be revoked when the user
creates the new authorization.
Allows you to preset the language to be used in the login and sign up flow if the merchant is not logged in. If the merchant is already logged in, his/her preferred language will be used and this parameter is ignored.
When this parameter is omitted, the browser language will be used instead. You can provide any
format ISO 15897 locale, but the authorize flow currently only supports the following languages:
Allows you to specify if Mollie should show the login or the signup page, when the merchant is not logged in at
Mollie. Defaults to the login page. Defaults to
Errors are indicated by redirecting back to the provided redirect URL with additional parameters in the query string (as per the OAuth2 specification).
There will always be an
error parameter, and the redirect may also include
errorfield. The field will contain a code indicating the type of error.
errorfield is present, this field will be present as well with an explanation of the error code.
In case of an invalid value, your user will be redirected to the redirect URI set for your OAuth application with
error_description query parameters added.