Astra's OAuth module handles a variety of authorization flows. In addition to gathering an auth_code, the OAuth module can guide the User through additional verification steps or help the User connect or reconnect a bank account. You may also use optional query strings in the URL to customize the User experience.

OAuth Module URLs

Below is a table outlining all OAuth Module URLs relative to the Object (i.e. UserIntent), the Status of the Object (i.e Approved), and the relevant Action each URL performs (i.e. Collect Authorization). Each URL contains placeholder query string parameters that must be substituted with real values, all of which are located in your Client Developer Dashboard.

ObjectStatusActionOAuth URL
UserIntentApprovedCollect Authorizationhttps://app.astra.finance/login/oauth/authorize?client_id=your_client_id&redirect_uri=your_redirect_uri&response_type=code&user_intent_id=your_user_intent_id
UserIntentDocumentSubmit Photo IDhttps://app.astra.finance/verify/document?client_id=your_client_id&redirect_uri=your_redirect_uri&user_intent_id=your_user_intent_id
UserIntentRetryVerify Profilehttps://app.astra.finance/verify/personal?client_id=your_client_id&redirect_uri=your_redirect_uri&user_intent_id=your_user_intent_id
UserApprovedCollect Authorizationhttps://app.astra.finance/login/oauth/authorize?client_id=your_client_id&redirect_uri=your_redirect_uri&response_type=code
UserDocumentSubmit Photo IDhttps://app.astra.finance/verify/document?client_id=your_client_id&redirect_uri=your_redirect_uri
UserRetryVerify Profilehttps://app.astra.finance/verify/personal?client_id=your_client_id&redirect_uri=your_redirect_uri
User (Business)*Verify Profilehttps://app.astra.finance/verify/business?client_id=your_client_id&redirect_uri=your_redirect_uri
Account*Link Accounthttps://app.astra.finance/institutions/connect?client_id=your_client_id&redirect_uri=your_redirect_uri
AccountErrorReconnect Accounthttps://app.astra.finance/institutions/connect?client_id=your_client_id&redirect_uri=your_redirect_uri
Card*Link Cardhttps://app.astra.finance/cards/connect?client_id=your_client_id&redirect_uri=your_redirect_uri

📘

Note that an Asterisk in the Status column means the URL is suitable for Any status.

📘

Note that your_user_intent_id should not be used as an additional query string if the User has already been created as this will result in OAuth Module flow errors.

Request Authorization

https://app.astra.finance/login/oauth/authorize

Example with Query Strings

https://app.astra.finance/login/oauth/authorize?client_id=your_client_id&redirect_uri=your_redirect_uri&response_type=code&user_intent_id=your_user_intent_id&phone=5557771234&phone_read_only=true

Parameters

ParameterRequiredDescription
client_idrequiredYour Developer Client ID
redirect_urirequiredThe redirect URI for your Client (this must match your Developer Account settings)
response_typerequiredThe type of response after successful authorization (must be code)
user_intent_idoptionalThe ID of the User Intent (when included the User can bypass manually entering profile details)
phoneoptionalThe User's phone number, to prefill the phone number field (10 digit format 5557771234)
phone_read_onlyoptionalOptionally lock the phone number field (only include if set to true)
stateoptionalA custom query string. Could be used as a parameter to pass through to a redirect URI to better control the UX navigation.
bypass_connectoptionalOptionally skip the connect accounts screen (only include if set to true)
debit_directoptionalOptionally skip the Connect New Debit Card screen and go right to the Enter Your Card Details form. This parameter permits users to enter one debit card. After submitting the card details, the user is immediately navigated to the next screen. For debit enabled clients only. (only include if set to true)

Business Account Verification Flow

Consumer-to-Business and Business-to-Business clients will need to modify their OAuth flow to verify Businesses. Authorizing a business with Astra requires a different set of information from what is required for an individual. Depending on the type of business, additional information will be required. To trigger the business verification flow, you'll need to include the following parameter in your OAuth link: business=true

https://app.astra.finance/verify/business

Example with Query Strings

https://app.astra.finance/login/oauth/authorize?client_id=your_client_id&redirect_uri=your_redirect_uri&response_type=code&business=true

Parameters

ParameterRequiredDescription
client_idrequiredYour Developer Client ID
redirect_urirequiredThe redirect URI for your Client (this must match your Developer Account settings)
response_typerequiredThe type of response after successful authorization (must be code)
businessoptionalA boolean value. If true, the end-user will be sent through the Business Account Verification flow

📘

If a business is in a retry state, Clients can directly link the business to the following verify url: https://app.astra.finance/verify/business?client_id=your_client_id&redirect_uri=your_redirect_uri