For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
Help CenterAPI KeysStatusSign In
GuidesAPI ReferenceChangelog
GuidesAPI ReferenceChangelog
  • Getting started
    • Overview
    • Quickstart
    • Authentication
      • API key authentication
        • Overview
        • Quickstart
        • Integration guide
        • CLI reference
      • IP security
    • Rate limits
  • Messaging API
    • Send transactional email
    • Send transactional SMS
    • Send transactional WhatsApp
  • Marketing Platform
    • Manage your contacts
    • Track website activity
    • Send WhatsApp campaigns
    • Weekly event exports
  • Webhooks
    • Getting started
    • Conversations webhooks
    • Payment webhooks
    • Marketing webhooks
    • Transactional webhooks
    • Loyalty webhooks
    • Batched webhooks
    • Secure webhook calls
    • Meetings and phone webhooks
    • Push notification webhooks
    • Sales CRM webhooks
  • Conversations
    • Getting started
    • Customize the chat widget
    • JavaScript API reference
    • REST API reference
    • Conversations webhooks
  • eCommerce
    • Activate eCommerce app
    • Manage product categories
    • Manage products
    • Manage orders
    • Coupon collections
    • eCommerce tracker events
  • Loyalty
    • Overview
    • Set up a program
    • Enroll members
    • Credit & debit points
    • Read member data
    • Best practices
  • Custom Objects
    • Custom objects management
  • Brevo tracker and events
    • Getting started
    • JavaScript implementation
    • REST implementation
    • Legacy tracker documentation
    • Events
  • Accounts and settings
    • Senders and domains
    • User activity logs
    • External feeds
    • Invited users
LogoLogo
Help CenterAPI KeysStatusSign In
On this page
  • API key vs OAuth 2.0
  • How it works
  • Key concepts
  • Next steps
Getting startedAuthenticationOAuth 2.0

OAuth 2.0

Token-based authentication for Brevo integrations that act on behalf of a user

Was this page helpful?
Previous

Quickstart

Go from zero to a working OAuth flow in under 5 minutes
Next
Built with

Brevo OAuth 2.0 lets your application request access to a user’s Brevo account with their consent. The user authenticates directly with Brevo — your app never handles their password.

API key vs OAuth 2.0

API keyOAuth 2.0
Who authenticatesYour serverThe end user
Best forServer-to-server, direct integrationsApps acting on behalf of users
SetupCopy key from dashboardbrevo app create
Token lifetimeUntil revokedAccess token: 1 hour · Refresh token: 30 days

How it works

Key concepts

TermDescription
client_idUnique identifier for your OAuth app — safe to expose client-side
client_secretSecret used to authenticate your app with Brevo — never expose this
redirect_uriURL Brevo redirects to after the user authorizes — must be pre-registered
scopePermissions your app requests — currently all
access_tokenBearer token included in API requests. Expires after 1 hour.
refresh_tokenUsed to obtain a new access token when the current one expires. Valid for 30 days.

OAuth apps are currently private only. A private app can only be authorized by users within your own Brevo organisation — it cannot be distributed to external users or listed in any marketplace. This makes it suitable for internal tools, automations, and integrations you build for your own team.

Support for public apps — where any Brevo user can authorize your integration — is planned for a future release.

Next steps

Quickstart

Get a working OAuth flow running locally in under 5 minutes.

Integration guide

Implement the full authorization code flow in your own application.

CLI reference

Complete reference for all brevo app commands and flags.