HomeGuidesAPI ReferenceChangelogStatus
Guides
Help CenterMy API Keys 🔑

OAuth 2.0

Suggest Edits

🚧

Availability

Note OAuth integrations are not yet intended for public distribution or listing in the Brevo Marketplace.

Before starting the integration, ensure you understand the fundamentals of OAuth 2.0, including key concepts such as the authorization server, client application, resource owner, and access token.

At this stage, the main objective is to build secure, private integrations that connect reliably with Brevo’s platform.

Register Your Application

First, we need to understand the type of work you plan to do. To grant you access to the authentication server, please submit your project details using the form below.

✨ Submit your application here ✨

Once we approve your submission we will get back to you with additional information and credentials which you will require to work with the oAuth protocol. We try to review applications as soon as we receive them.

Implement the OAuth Flow

As mentioned before, Brevo uses the OAuth 2.0’s grant flow to create access tokens on behalf of users. The OAuth flow helps users to authorise Brevo apps to access and manipulate data from their account. For example, an app might be authorised to send emails or update contacts.

For most web applications the auth flow is straightforward. Here is a general outline of the process for Brevo apps.


oAuth grant flow for Brevo apps

oAuth grant flow for Brevo apps

  1. User attempts to install your app from our marketplace listing or on a different platform.
  2. Your app loads the Brevo authentication pop up window.
  3. User is prompted to authenticate with their Brevo credentials. This can be email:password combination, Google or Apple.
  4. Your app requests an access token against the Brevo Auth Server.
  5. The Brevo Auth Server validates the payload and replies with the oAuth tokens. Access token and refresh token.
    1. The access token is a bearer type token which is attached as a header in every subsequent request.
    2. The refresh token allows the Auth server to issue a new access token if this on is expired.
  6. The app handles the storage of the credentials and proceeds to interface with the Brevo API
  7. For each request, the Brevo Auth Server will validate the bearer (access) token is valid and return the requested information

📘

Let's now jump into this step-by-step code guide on how to bring OAuth into your application

Updated 21 days ago

What’s Next