OAuth Apps
Create secure OAuth applications to integrate third-party services with Syncaty. OAuth provides delegated access without sharing credentials.
Overview
OAuth apps allow external services (like n8n) to access your Syncaty data on your behalf. Each app gets unique credentials and can be granted specific permissions (scopes).
Secure Access
OAuth tokens can be revoked without changing your password. Each integration has separate credentials.
Scoped Permissions
Grant only the permissions each integration needs. Limit access to specific data types.
Creating an OAuth App
- Go to Settings → OAuth Apps in your Syncaty dashboard
- Click "Create New App"
- Enter a descriptive name for the application
- Enter the Redirect URI (where users return after authorization)
- Click "Create"
- Copy and securely store the Client ID and Client Secret
Important
The Client Secret is only shown once during creation. Store it securely. If lost, you'll need to regenerate it.
OAuth Flow
Syncaty uses the standard OAuth 2.0 Authorization Code flow:
Authorization Request
Redirect users to the authorization endpoint with client_id and scopes.
User Authorization
User logs in and approves the requested permissions.
Authorization Code
User is redirected back with an authorization code.
Token Exchange
Exchange the code for access and refresh tokens.
Available Scopes
| Scope | Access |
|---|---|
stores:read | Read store information and settings |
customers:read | Read customer profiles and analytics |
orders:read | Read order data and history |
products:read | Read product catalog and categories |
segments:read | Read customer segments and rules |
segments:write | Create and modify segments |
Best Practices
Request Minimal Scopes
Only request the permissions your integration actually needs.
Store Secrets Securely
Never commit Client Secrets to version control. Use environment variables.
Use HTTPS
Always use HTTPS for redirect URIs in production.
Implement Token Refresh
Don't rely on long-lived tokens. Implement automatic token refresh.