OAuth 2.0 🆕

Before diving into integration, make sure you understand the basics of OAuth 2.0, including key concepts like authorization server, client application, resource owner, and access token. This type of solution might be interesting to you if you are considering to build a highly compliant application in terms of security or if you are a dev partner aiming to build your own app which you would like to list in our marketplace and expose to hundreds of thousands of Brevo users.

Pre-requisite : Register Your Application

First of all, we need to know a little bit about the type of work you would like to do. In order to grant you access to the authentication server you will need to submit your project details by using the following form.

Once we approve your submission we will get back to you with additional information and credentials which you will require to work with the oAuth protocol. We try to review applications as soon as we receive them.

Implement the OAuth Flow

As mentioned before, Brevo uses the OAuth 2.0’s grant flow to create access tokens on behalf of users. The OAuth flow helps users to authorise Brevo apps to access and manipulate data from their account. For example, an app might be authorised to send emails or update contacts.

For most web applications the auth flow is straightforward. Here is a general outline of the process for Brevo apps.


oAuth grant flow for Brevo apps

oAuth grant flow for Brevo apps

  1. User attempts to install your app from our marketplace listing or on a different platform.
  2. Your app loads the Brevo authentication pop up window.
  3. User is prompted to authenticate with their Brevo credentials. This can be email:password combination, Google or Apple.
  4. Your app requests an access token against the Brevo Auth Server.
  5. The Brevo Auth Server validates the payload and replies with the oAuth tokens. Access token and refresh token.
    1. The access token is a bearer type token which is attached as a header in every subsequent request.
    2. The refresh token allows the Auth server to issue a new access token if this on is expired.
  6. The app handles the storage of the credentials and proceeds to interface with the Brevo API
  7. For each request, the Brevo Auth Server will validate the bearer (access) token is valid and return the requested information

📘

Let's now jump into this step-by-step code guide on how to bring OAuth into your application