Guides
API StatusSubscribe To Updates

Pliant Customer Enables Integration

Suggest Edits

📘

Authorize Data Sharing

Before calling our endpoints, the customer needs to authorize the partner to access data stored with Pliant. Pliant’s customers have an option to authorize partners in the app. As soon as a partner is authorized for an organization, the partner can call all available endpoints within the agreed scope (e.g. list transactions, upload receipts, issue cards, etc.)

Authorize Data Sharing

  1. In the Pliant web app, the admin of an organization is able to start the process to authorize a partner for the given organization
  2. We provide information to the customer on the data, that's going to be shared with the partner. The admin approves the authorization of the partner by giving explicit consent.
  3. The admin is redirected to the partner app in the browser. Here we use a URL provided by the partner and add the following parameters to it when calling it (see example below):
    1. organizationId: the unique identifier for every Pliant organization. The partner has to persist the organizationId as it is needed later to call the API endpoints.
    2. redirectUrl: the URL the partner uses to redirect the user back to the Pliant app. The partner has to append a status here when redirecting back to us, to inform Pliant about a successful or failed integration, for instance &status=success or &status=error. The error status rolls back the integration and the success status will show a success message.
    3. partnerId: the unique identifier of the partnership on Pliant side. Only relevant if multiple partnerships exist.
  4. Admin logs into the partner's web app using existing credentials.
  5. Upon successful authentication with the partner the admin is being redirected back to the Pliant web app, the redirectUrl was extended with the status of the integration. Please use this URL for the redirect.
  6. The partner then finalizes the authorization by calling the specific endpoint in our API: Activate Organization Authorization. Without this step the integration is not complete! This is necessary to have both parties explicitly agree on an integration.
  7. Within Pliant the admin sees the active integration/authorization and is able to revoke the status of the authorization.

With this flow we ensure that both parties explicitly agree on exchanging data.

Example

The partner provides the URL partner.com/login to redirect Pliant customers to, if they want to activate the integration.

When Pliant redirects a user to this URL, we append two parameters to it, e.g.: partner.com/login?organizationId=6d868483-9043-4ce6-a8ce-a5814de90c0a&redirectUrl=https%3A%2F%2Fgetpliant.com%2Forganizations%2F6d868483-9043-4ce6-a8ce-a5814de90c0a%2Fintegrations&partnerId=1d4f605c-f3ba-4297-bc0b-f52514a876d7.

The partner then activates the integration on their side and sends the user back to Pliant by redirecting to the redirectUrl, extended with the status: getpliant.com/organizations/6d868483-9043-4ce6-a8ce-a5814de90c0a/integrations?status=success.

In parallel, the partner calls the API endpoint to finalize the integration: Activate Organization Authorization.

Updated 7 months ago