OAuth

OAuth is an open standard that lets one app access another on a user's behalf using scoped, revocable tokens instead of sharing passwords or keys.

OAuth is an open authorization standard (the current version is OAuth 2.0) that lets one application act on a user's behalf in another application without ever handling that user's password. Instead of sharing credentials, the user approves a specific, limited grant, and the app receives a scoped access token it can use to call the API.

How the flow works

  1. The app redirects the user to the provider's authorization page, listing the permissions (scopes) it wants.
  2. The user reviews the request and approves or declines it.
  3. On approval, the provider redirects back with a short-lived authorization code.
  4. The app exchanges that code for an access token (and often a refresh token) and uses the token to make API calls.

Because the token is scoped and revocable, the user can grant read-only access, limit what the app can touch, and disconnect at any time — which immediately invalidates the token.

OAuth in Stripe

Stripe Connect uses OAuth so a platform can connect to a merchant's Stripe account. The merchant approves the connection, and the platform receives a token tied to that connected account. This is safer than asking a merchant to paste in a raw API key: the grant is explicit, its scope is limited, and either side can revoke it in one click.

Why it matters

OAuth is the reason you can link tools together with a single "Connect" button and trust that access stays bounded. Scoped, read-only grants mean an integration sees only what it needs. ChargeBell connects to Stripe through official read-only Stripe Connect OAuth — it can see payment events but can never move money or modify anything, and you can disconnect in one click.

Related terms

Updated July 6, 2026