Astra's OAuth module handles a variety of authorization flows. In addition to gathering an auth_code, the OAuth module can guide the User through additional verification steps or help the User connect or reconnect a bank account. You may also use optional query strings in the URL to customize the User experience.
OAuth Module URLs
Below is a table outlining all OAuth Module URLs relative to the Object (i.e. UserIntent), the Status of the Object (i.e Approved), and the relevant Action each URL performs (i.e. Collect Authorization). Each URL contains placeholder query string parameters that must be substituted with real values, all of which are located in your Client Developer Dashboard.
| Object | Status | Action | OAuth URL |
|---|---|---|---|
| UserIntent | Approved | Collect Authorization | https://app.astra.finance/login/oauth/authorize?client_id=your_client_id&redirect_uri=your_redirect_uri&response_type=code&user_intent_id=your_user_intent_id |
| UserIntent | Document | Submit Photo ID | https://app.astra.finance/verify/document?client_id=your_client_id&redirect_uri=your_redirect_uri&user_intent_id=your_user_intent_id |
| UserIntent | Retry | Verify Profile | https://app.astra.finance/verify/personal?client_id=your_client_id&redirect_uri=your_redirect_uri&user_intent_id=your_user_intent_id |
| User | Approved | Collect Authorization | https://app.astra.finance/login/oauth/authorize?client_id=your_client_id&redirect_uri=your_redirect_uri&response_type=code |
| User | Document | Submit Photo ID | https://app.astra.finance/verify/document?client_id=your_client_id&redirect_uri=your_redirect_uri |
| User | Retry | Verify Profile | https://app.astra.finance/verify/personal?client_id=your_client_id&redirect_uri=your_redirect_uri |
| User (Business) | * | Verify Profile | https://app.astra.finance/verify/business?client_id=your_client_id&redirect_uri=your_redirect_uri |
| Account | * | Link Account | https://app.astra.finance/institutions/connect?client_id=your_client_id&redirect_uri=your_redirect_uri |
| Account | Error | Reconnect Account | https://app.astra.finance/institutions/connect?client_id=your_client_id&redirect_uri=your_redirect_uri |
| Card | * | Link Card | https://app.astra.finance/cards/connect?client_id=your_client_id&redirect_uri=your_redirect_uri |
Note that an Asterisk in the Status column means the URL is suitable for
Anystatus.
Note that
your_user_intent_idshould not be used as an additional query string if the User has already been created as this will result in OAuth Module flow errors.
Request Authorization
https://app.astra.finance/login/oauth/authorize
Example with Query Strings
https://app.astra.finance/login/oauth/authorize?client_id=your_client_id&redirect_uri=your_redirect_uri&response_type=code&user_intent_id=your_user_intent_id&phone=5557771234&phone_read_only=true
Parameters
| Parameter | Required | Description |
|---|---|---|
| client_id | required | Your Developer Client ID |
| redirect_uri | required | The redirect URI for your Client (this must match your Developer Account settings) |
| response_type | required | The type of response after successful authorization (must be code) |
| user_intent_id | optional | The ID of the User Intent (when included the User can bypass manually entering profile details) |
| phone | optional | The User's phone number, to prefill the phone number field (10 digit format 5557771234) |
| phone_read_only | optional | Optionally lock the phone number field (only include if set to true) |
| state | optional | A custom query string. Could be used as a parameter to pass through to a redirect URI to better control the UX navigation. |
| bypass_connect | optional | Optionally skip the connect accounts screen (only include if set to true) |
| debit_direct | optional | Optionally skip the Connect New Debit Card screen and go right to the Enter Your Card Details form. This parameter permits users to enter one debit card. After submitting the card details, the user is immediately navigated to the next screen. For debit enabled clients only. (only include if set to true) |
Business Account Verification Flow
Consumer-to-Business and Business-to-Business clients will need to modify their OAuth flow to verify Businesses. Authorizing a business with Astra requires a different set of information from what is required for an individual. Depending on the type of business, additional information will be required. To trigger the business verification flow, you'll need to include the following parameter in your OAuth link: business=true
https://app.astra.finance/verify/business
Example with Query Strings
https://app.astra.finance/login/oauth/authorize?client_id=your_client_id&redirect_uri=your_redirect_uri&response_type=code&business=true
Parameters
| Parameter | Required | Description |
|---|---|---|
| client_id | required | Your Developer Client ID |
| redirect_uri | required | The redirect URI for your Client (this must match your Developer Account settings) |
| response_type | required | The type of response after successful authorization (must be code) |
| business | optional | A boolean value. If true, the end-user will be sent through the Business Account Verification flow |
| business_profile_id | optional | The ID of the business profile created on behalf of the user via Astra's API |
If a business is in a retry state, Clients can directly link the business to the following verify url:
https://app.astra.finance/verify/business?client_id=your_client_id&redirect_uri=your_redirect_uri