User Authorization

Documentation | Checkbook

Authorization endpoint

To start this authentication process, your user will access our OAuth authorization endpoint:
https://app.checkbook.io/oauth/authorize

🚧

Sandbox OAuth

If you want to test the OAuth flow in Sandbox, you will need to use this authorization endpoint:
https://sandbox.app.checkbook.io/oauth/authorize

This URL requires 4 query parameters which are:

Query parameterDescription
client_idYour client ID found in Developer Keys
response_typecode
scopeOne of the following values:
- check: the token can be used multiple times to send or request checks
- check_receive: the token can be used multiple times to request checks
- single-use: the token can be used only once to send or request checks
redirect_uriYour callback url found in Developer Keys

Here's an example of an authorization endpoint containing all the query parameters:
https://demo.checkbook.io/oauth/authorize?client_id=313910200b834c009f62ae47feeee407&response_type=code&scope=check&redirect_uri=https://example.com

📘

Note

The previous URL is for the demo environment and cannot be used for an actual OAuth implementation. You will need to use either the sandbox or the production authorization endpoint.

Get user's authorization

The following page is displayed asking the user to login to its Checkbook.io account.

856

If the user doesn't have a Checkbook.io account, then a signup form will be displayed.

856

After the signup, we require the new user to verify its email address by entering the 6-digit code we sent to the email provided.

856

Finally, the user will also be prompted to Complete its profile and Add a bank account before being able to Authorize a Payment.

750

After the user successfully authenticates, the following dialog will be displayed allowing to either Deny or Authorize your business to use Checkbook.io on its behalf.

1432

Once the user confirms they wish to allow a third party to send checks on their behalf, their browser will be redirected to the callback URI that has been specified in the Developer Keys, along with an AUTHORIZATION_CODE:

http://REDIRECT_URI?code=AUTHORIZATION_CODE


What’s Next