OAuth 2.0, or simply OAuth, is an industry standard for secured authorisation of web applications, allowing them to request access to user-owned resources from external resource providers, without asking users for their access credentials, such as passwords.A few important characteristics of OAuth 2.0:
In order to grant access, OAuth does not request for users’ credentials.
OAuth 2.0 also restricts actions — it keeps a check on what an external website/application performs on the resources hosted on other websites/applications.
OAuth is a standard designed for access delegation. This includes the following four roles participating in the OAuth protocol (explained here in the context of integrating with Pleo):
Resource owner: Pleo’s customer - a company or an organisation (multi-entity set up) that owns a number of protected resources, such as accounting data, list of employees, etc.
Resource server: Pleo APIs provides access to the protected resources.
Client : Third-party applications that the Developer Partner wants to integrate with Pleo.
Authorisation server: Pleo provides an OAuth implementation that fulfils the following:
Allows clients to request access to resource servers.
Helps resources owners to grant access to clients.
