OAuth
OAuth is an open standard that lets one app access another on a user's behalf using scoped, revocable tokens instead of sharing passwords or keys.
OAuth is an open authorization standard (the current version is OAuth 2.0) that lets one application act on a user's behalf in another application without ever handling that user's password. Instead of sharing credentials, the user approves a specific, limited grant, and the app receives a scoped access token it can use to call the API.
How the flow works
- The app redirects the user to the provider's authorization page, listing the permissions (scopes) it wants.
- The user reviews the request and approves or declines it.
- On approval, the provider redirects back with a short-lived authorization code.
- The app exchanges that code for an access token (and often a refresh token) and uses the token to make API calls.
Because the token is scoped and revocable, the user can grant read-only access, limit what the app can touch, and disconnect at any time — which immediately invalidates the token.
OAuth in Stripe
Stripe Connect uses OAuth so a platform can connect to a merchant's Stripe account. The merchant approves the connection, and the platform receives a token tied to that connected account. This is safer than asking a merchant to paste in a raw API key: the grant is explicit, its scope is limited, and either side can revoke it in one click.
Why it matters
OAuth is the reason you can link tools together with a single "Connect" button and trust that access stays bounded. Scoped, read-only grants mean an integration sees only what it needs. ChargeBell connects to Stripe through official read-only Stripe Connect OAuth — it can see payment events but can never move money or modify anything, and you can disconnect in one click.
Related terms
Updated July 6, 2026