Guides
SupportAPI StatusSubscribe To Updates

Integration Started from Pliant

Suggest Edits

📘

Authorize Data Sharing

Before calling our endpoints, the customer needs to authorize the partner to access data stored with Pliant. Pliant’s customers have the option to authorize partners in the app. Once a partner is authorized for an organization, the partner can call all available endpoints within the agreed scope (e.g., list transactions, upload receipts, issue cards, etc.).

Authorize Data Sharing

Authorize Data Sharing Flow

  1. Start the Process:
    In the Pliant web app, the admin of an organization initiates the process to authorize a partner for the given organization.

  2. Customer Consent:
    Pliant provides information to the customer regarding the data to be shared with the partner. The admin approves the authorization by giving explicit consent.

  3. Redirect to Partner App:
    The admin is redirected to the partner app in the browser. Pliant uses a URL provided by the partner and appends the following parameters:

    • organizationId: The unique identifier for the Pliant organization. The partner must persist this ID, as it is needed later to call the API endpoints.
    • redirectUrl: The URL the partner uses to redirect the user back to Pliant. The partner appends a status parameter (e.g., &status=success or &status=error) to indicate the outcome of the integration. A status of error rolls back the integration, while success displays a success message.
    • partnerId: The unique identifier of the partnership on the Pliant side. This is only relevant if multiple partnerships exist.

  4. Partner App Login:
    The admin logs into the partner's web app using their existing credentials.

  5. Redirect Back to Pliant:
    Upon successful authentication with the partner, the admin is redirected back to the Pliant web app. The redirectUrl is extended with the status of the integration. Partners must use this URL for the redirect.

  6. Finalize Authorization:
    The partner finalizes the authorization by calling the Activate Organization Authorization endpoint in Pliant’s API. This step is critical to complete the integration, ensuring both parties explicitly agree on the integration.

  7. Active Integration:
    The admin sees the active integration/authorization within Pliant and can revoke the authorization status if necessary.

This flow ensures that both parties explicitly agree to exchange data.

Example

The partner provides the redirect URL:
partner.com/login

When Pliant redirects a user to this URL, two parameters are appended, e.g.:
partner.com/login?organizationId=6d868483-9043-4ce6-a8ce-a5814de90c0a&redirectUrl=https%3A%2F%2Fgetpliant.com%2Forganizations%2F6d868483-9043-4ce6-a8ce-a5814de90c0a%2Fintegrations&partnerId=1d4f605c-f3ba-4297-bc0b-f52514a876d7.

The partner activates the integration on their side and redirects the user back to Pliant:
getpliant.com/organizations/6d868483-9043-4ce6-a8ce-a5814de90c0a/integrations?status=success.

In parallel, the partner finalizes the integration by calling the Activate Organization Authorization endpoint.

Updated about 1 month ago