Astra's OAuth module (Web SDK) handles a variety of authorization flows. In addition to gathering an auth_code, the OAuth module can guide the User through additional verification steps or help the User connect or reconnect a bank account. You may also use optional query strings in the URL to customize the User experience.

OAuth Module (Web SDK) URLs

Below is a table outlining all OAuth Module URLs relative to the Object (i.e. UserIntent), the Status of the Object (i.e Approved), and the relevant Action each URL performs (i.e. Collect Authorization). Each URL contains placeholder query string parameters that must be substituted with real values, all of which are located in your Client Developer Dashboard.

Object	Status	Action	OAuth URL
UserIntent	Approved	Collect Authorization	`https://app.astra.finance/login/oauth/authorize?client_id=your_client_id&redirect_uri=your_redirect_uri&response_type=code&user_intent_id=your_user_intent_id&phone=10_digit_phone&phone_read_only=true`
User	Approved	Collect Authorization	`https://app.astra.finance/login/oauth/authorize?client_id=your_client_id&redirect_uri=your_redirect_uri&response_type=code&user_id=your_user_id&phone=10_digit_phone&phone_read_only=true`
Card		Link Card	`https://app.astra.finance/cards/connect?client_id=your_client_id&redirect_uri=your_redirect_uri&user_id=your_user_id&phone=10_digit_phone&phone_read_only=true`

📘
Note that an Asterisk in the Status column means the URL is suitable for Any status.

Request Authorization

https://app.astra.finance/login/oauth/authorize

Example with Query Strings

https://app.astra.finance/login/oauth/authorize?client_id=your_client_id&redirect_uri=your_redirect_uri&response_type=code&user_intent_id=your_user_intent_id&phone=5557771234&phone_read_only=true

Parameters

Parameter	Required	Description
client_id	required	Your Developer Client ID
redirect_uri	required	The redirect URI for your Client (this must match your Developer Account settings)
response_type	required	The type of response after successful authorization (must be `code`)
user_intent_id	optional	The ID of the User Intent (when included the User can bypass manually entering profile details)
user_id	optional (required after successful onboarding)	The ID of the User
phone	optional	The User's phone number, to prefill the phone number field (10 digit format `5557771234`)
phone_read_only	optional	Optionally lock the phone number field (only include if set to `true`)
state	optional	A custom query string. Could be used as a parameter to pass through to a redirect URI to better control the UX navigation.
bypass_connect	optional	Optionally skip the connect accounts screen (only include if set to `true`)
debit_direct	optional	Optionally skip the Connect New Debit Card screen and go right to the Enter Your Card Details form. This parameter permits users to enter one debit card. After submitting the card details, the user is immediately navigated to the next screen. For debit enabled clients only. (only include if set to `true`)
session_token	optional	Optionally bypass the phone OTP by passing in the token generated from https://docs.astra.finance/reference/post_v1-partner-identity-verification

Business User Onboarding Flow

Example with Query Strings

https://app.astra.finance/login/oauth/authorize?client_id=your_client_id&redirect_uri=your_redirect_uri&response_type=code&business=true

Parameters

Parameter	Required	Description
client_id	required	Your Developer Client ID
redirect_uri	required	The redirect URI for your Client (this must match your Developer Account settings)
response_type	required	The type of response after successful authorization (must be `code`)
business	required	A boolean value. If `true`, the end-user will be sent through the Business Account Verification flow. (required when onboarding a business user)
business_profile_id	optional	The ID of the business profile created on behalf of the user via Astra's API
phone	optional	The Business User's phone number, to prefill the phone number field (10 digit format `5557771234`)
phone_read_only	optional	Optionally lock the phone number field (only include if set to `true`)
session_token	optional	Optionally bypass the phone OTP by passing in the token generated from https://docs.astra.finance/reference/post_v1-partner-identity-verification