Astra's OAuth module (Web SDK) handles a variety of authorization flows. In addition to gathering an auth_code, the OAuth module can guide the User through additional verification steps or help the User connect or reconnect a bank account. You may also use optional query strings in the URL to customize the User experience.
OAuth Module (Web SDK) URLs
Below is a table outlining all OAuth Module URLs relative to the Object (i.e. UserIntent), the Status of the Object (i.e Approved), and the relevant Action each URL performs (i.e. Collect Authorization). Each URL contains placeholder query string parameters that must be substituted with real values, all of which are located in your Client Developer Dashboard.
| Object | Status | Action | OAuth URL |
|---|---|---|---|
| UserIntent | Approved | Collect Authorization | https://app.astra.finance/login/oauth/authorize?client_id=your_client_id&redirect_uri=your_redirect_uri&response_type=code&user_intent_id=your_user_intent_id&phone=10_digit_phone&phone_read_only=true |
| User | Approved | Collect Authorization | https://app.astra.finance/login/oauth/authorize?client_id=your_client_id&redirect_uri=your_redirect_uri&response_type=code&user_id=your_user_id&phone=10_digit_phone&phone_read_only=true |
| Card | Link Card | https://app.astra.finance/cards/connect?client_id=your_client_id&redirect_uri=your_redirect_uri&user_id=your_user_id&phone=10_digit_phone&phone_read_only=true |
Note that an Asterisk in the Status column means the URL is suitable for
Anystatus.
Request Authorization
https://app.astra.finance/login/oauth/authorize
Example with Query Strings
https://app.astra.finance/login/oauth/authorize?client_id=your_client_id&redirect_uri=your_redirect_uri&response_type=code&user_intent_id=your_user_intent_id&phone=5557771234&phone_read_only=true
Parameters
| Parameter | Required | Description |
|---|---|---|
| client_id | required | Your Developer Client ID |
| redirect_uri | required | The redirect URI for your Client (this must match your Developer Account settings) |
| response_type | required | The type of response after successful authorization (must be code) |
| user_intent_id | optional | The ID of the User Intent (when included the User can bypass manually entering profile details) |
| user_id | optional (required after successful onboarding) | The ID of the User |
| phone | optional | The User's phone number, to prefill the phone number field (10 digit format 5557771234) |
| phone_read_only | optional | Optionally lock the phone number field (only include if set to true) |
| state | optional | A custom query string. Could be used as a parameter to pass through to a redirect URI to better control the UX navigation. |
| bypass_connect | optional | Optionally skip the connect accounts screen (only include if set to true) |
| debit_direct | optional | Optionally skip the Connect New Debit Card screen and go right to the Enter Your Card Details form. This parameter permits users to enter one debit card. After submitting the card details, the user is immediately navigated to the next screen. For debit enabled clients only. (only include if set to true) |
Business User Onboarding Flow
Example with Query Strings
https://app.astra.finance/login/oauth/authorize?client_id=your_client_id&redirect_uri=your_redirect_uri&response_type=code&business=true
Parameters
| Parameter | Required | Description |
|---|---|---|
| client_id | required | Your Developer Client ID |
| redirect_uri | required | The redirect URI for your Client (this must match your Developer Account settings) |
| response_type | required | The type of response after successful authorization (must be code) |
| business | required | A boolean value. If true, the end-user will be sent through the Business Account Verification flow. (required when onboarding a business user) |
| business_profile_id | optional | The ID of the business profile created on behalf of the user via Astra's API |
| phone | optional | The Business User's phone number, to prefill the phone number field (10 digit format 5557771234) |
| phone_read_only | optional | Optionally lock the phone number field (only include if set to true) |