Connect OAuth Reference

The unique identifier provided to your application, found in your application settings.

The only option at the moment is code.

The URL for the authorize response redirect. If provided, this must exactly match one of the comma-separated redirect_uri values in your application settings.

In order to protect yourself from certain forms of man-in-the-middle attacks, we require that the livemode redirect_uri are secure HTTPS connections. This means that any livemode redirect_uri must start with https:// rather than just http://.

Defaults to the redirect_uri in your application settings if not provided.

read_write or read_only, depending on the level of access you need.

Defaults to read_only.

An arbitrary string value we will pass back to you, useful for CSRF protection.

login or register, depending on what type of screen you want your users to see. You should only override this to be login if you expect all of your users to have Stripe accounts already (e.g. most read-only applications, like analytics dashboards or accounting software).

Defaults to login for scope read_only and register for scope read_write.

Boolean to indicate that the user should always be asked to connect, even if they're already connected.

Defaults to false.

The user's email address. Must be a valid email format.

The URL for the user's business. This may be the user's website, a profile page within your application, or another publicly available profile for the business, such as a LinkedIn or Facebook profile.

Must be URL-encoded and include a scheme (http or https).

If you will be prefilling this field, we highly recommend that the linked page contain a minimum of a description of the user's products or services and contact information. If we don't have enough information, we'll have to reach out to the user directly before initiating payouts.

Two-letter country code. E.g. "US" or "CA".

Must be a country that Stripe currently supports.

The business phone number. Must be 10 digits only.

Must also prefill stripe_user[country] with the corresponding country.

The legal name of the business, also used for the statement descriptor.

The type of the business.

Must be one of sole_prop, corporation, non_profit, partnership, or llc.

First name of the person who will be filling out a Stripe application.

Last name of the person who will be filling out a Stripe application.

Day (0-31), month (1-12), and year (YYYY, greater than 1900) for the birth date of the person who will be filling out a Stripe application.

All three are required.

Street address of the business.

Address city of the business.

We highly recommend that you also prefill stripe_user[country] with the corresponding country.

Address state of the business. Must be the two-letter state or province code, e.g. "NY" for a U.S. business or 'AB' for a Canadian one.

Must also prefill stripe_user[country] with the corresponding country.

Address ZIP code of the business. Must be a string.

We highly recommend that you also prefill stripe_user[country] with the corresponding country.

true if the user sells a physical product, false otherwise, as a string.

Only used if the user sells a physical product, an integer that represents the average number of days it takes this business to ship a product.

The type of product this business deals with. Should be one of these values:

• art_and_graphic_design
• advertising
• charity
• clothing_and_accessories
• consulting
• clubs_and_membership_organizations
• education
• events_and_ticketing
• food_and_restaurants
• software
• professional_services
• tourism_and_travel
• web_development
• other

A description of what the business is accepting payments for.

Average amount per payment for the business. Must be an integer (in dollars), e.g. 10000 for $10,000.

The estimated past year's volume for the business. Must be an integer (in dollars), e.g. 10000 for $10,000.

Three-letter ISO code representing currency. E.g. "usd" or "cad".

Must be a valid country/currency combination that Stripe supports.

Must prefill stripe_user[country] with the corresponding country.

An authorization code you can use in the next call to get an access token for your user. This can only be used once and expires in 5 minutes.

read_write or read_only, depending what you passed on the initial GET request.

The value of the state parameter you provided on the initial GET request.

A unique error code per error type.

A human readable description of the error.

The value of the state parameter you provided on the initial GET request.

User denied authorization.

Invalid scope parameter provided.

Provided redirect_uri parameter is either an invalid URL or is not allowed by your application settings.

Missing response_type parameter.

Unsupported response_type parameter. Currently the only supported response_type is code.

authorization_code when turning an authorization code into an access token, or refresh_token when using a refresh token to get a new access token.

The value of the code or refresh_token, depending on the grant_type.

When requesting a new access token from a refresh token, any scope that has an equal or lesser scope as the refresh token. Has no effect when requesting an access token from an authorization code.

Defaults to the scope of the refresh token.

The access token you can use to make requests on behalf of this Stripe account. Use it as you would any Stripe secret API key.

This key does not expire, but may be revoked by the user at any time (you'll get a account.application.deauthorized webhook event when this happens).

The scope granted to the access token, depending on the scope of the authorization code and scope parameter.

The livemode of the token. If true, the access_token can be used as a live secret key. If false, the access_token can be used as a test secret key.

Depends on the livemode of the secret API key used to make the request.

Will always have a value of bearer.

Can be used to get a new access token of an equal or lesser scope, or of a different livemode (where applicable).

The unique id of the account you have been granted access to, as a string.

A publishable key that can be used with this account. Matches the livemode of the token.

A unique error code per error type.

A human readable description of the error.

No code, refresh_token or grant_type parameter provided (where required).

A variety of things can prompt this error:

• code does not exist, is expired, has been used, or does not belong to you.
• refresh_token does not exist or does not belong to you.
• API key mode (live or test mode) does not match the code or refresh_token mode

Unsupported grant_type parameter specified. The only currently supported types are authorization_code and refresh_token.

Invalid scope parameter provided.

Unsupported response_type parameter. Currently the only supported response_type is code.

The client_id of the application that you'd like to disconnect the account from. The account must be connected to this application.

The account you'd like to disconnect from.

The unique id of the account you have revoked access to, as a string. This is the same as the stripe_user_id you passed in. If this is returned, the revocation was successful.

A unique error code per error type.

A human readable description of the error.

No client_id or stripe_user_id parameter provided (where required).

A variety of things can prompt this error:

• client_id does not belong to you.
• stripe_user_id does not exist or is not connect to your application.
• API key mode (live or test mode) does not match the client_id mode.