App Installation and Authentication

Partner apps are installed by merchants through an install endpoint you host and configure in the Partner dashboard. When a merchant clicks install, Finqu redirects them to that URL; your app then runs the OAuth 2.0 flow to obtain API credentials for that merchant.

Installation flow in short

Merchant clicks “Install” in Finqu → Finqu redirects to your install endpoint.
Your install endpoint redirects the merchant to Finqu’s OAuth authorization URL (with your client_id, redirect_uri, scope, state).
Merchant authorizes in Finqu (sign in if needed, approve scopes).
Finqu redirects back to your redirect_uri with an authorization code and state.
Your backend exchanges the code at the OAuth token endpoint and receives access and refresh tokens.
Optional: Call the OAuth resource endpoint to get merchant info and the merchant-specific API base URL.
Store the tokens (and optionally merchant id and API URL) for that installation and show a success or “back to Finqu” page.

All OAuth details (endpoints, parameters, token exchange, scopes, refresh) are in the Authentication (OAuth basics) guide. For REST usage, see REST API Authentication.

Partner app settings

In the Finqu Partner dashboard, for your app:

Install URL — The public URL of your install endpoint (HTTPS). Finqu sends merchants here when they start installing. Use a dedicated path (e.g. /install or /finqu/install).
Redirect URI(s) — Every callback URL you use in the OAuth flow must be registered here. Finqu redirects to one of these with the authorization code.

After installation

Use the access token in the Authorization: Bearer <access_token> header when calling the Finqu API.
Use the merchant-specific API base URL (from the OAuth resource endpoint) for all API requests.
When the access token expires, use the refresh token to get a new one; see Authentication (OAuth basics).

For embedded admin UIs, Finqu identifies the merchant with a context token (JWT), not the OAuth access token. See App Context.