Skip to content

OAuth2.0 Quickstart Guide


This basic example demonstrates how to get started with Copper OAuth2.0. For a detailed documentation of each step, click here.


  • Your application provides an HTTPS callback endpoint redirect_uri capable of receiving POST requests
  • You have registered your application and received your client_id and client_secret credentials


Once you have set up your redirect_uri and obtained a client_id and client_secret, you're ready to kick off the OAuth2.0 authorization process.

Start by adding a form to your web application that makes a GET request to

<form action="" method="GET">
  <input type="hidden" name="response_type" value="code">
  <input type="hidden" name="client_id" value="{client_id}">
  <input type="hidden" name="redirect_uri" value="{redirect_uri}">
  <input type="hidden" name="scope" value="developer/v1/all">
  <button type="submit">Integrate with Copper!</button>

When the user submits this form, the authorization process begins. First, the user will be prompted to log in to their Copper account, followed by a request to authorize your application.

Accept Scopes

Once the user clicks "Authorize", they will be redirected back to your application's redirect_uri via a POST request. Use the code parameter supplied in the request body, and exchange it for an access token:

curl -X POST \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=authorization_code" \
  -d "code={code}" \
  -d "redirect_uri={redirect_uri}" \
  -d "client_id={client_id}" \
  -d "client_secret={client_secret}" \

A successful response is a JSON document that looks like this:

  "access_token": "MTQ0NjJkZmQ5OTM2NDE1ZTZjNGZmZjI3",
  "token_type": "Bearer",
  "scope": "developer/v1/all"

Extract access_token and store it somewhere safe. You are now ready to make Dev API calls on behalf of the user by passing in access_token in an Authorization header!

curl -H "Authorization: Bearer {access_token}" \