The Mercury implementation of OAuth2 supports the standard Authorization Code Grant Type and Authorization Code Flow with Proof Key for Code Exchange (PKCE).

Contact us at [email protected] to discuss the integration and get access to OAuth2. Please tell us a few details:
• Short description of your company.
• Details about the product that you plan to integrate with Mercury.
• How you plan to use Mercury API.

To get started and set up an OAuth2 client, please tell us a few technical details:
• The redirect URI to register with your production client.
• The redirect URIs to register with your development or testing client, if any.
• Links to your app's policy of use, terms of service, and the logo to display for integration.
• Your GPG public key so that we can securely send the client details.

Once Mercury creates the OAuth2 client, we will securely send you the client id and client secret.

The steps of the OAuth2 web flow

The OAuth2 web flow to authorize users for your app can be described with four high-level steps:

  1. Users are redirected to Mercury to verify their identity and authorize the request.
  2. Users are redirected back to your site by Mercury.
  3. Your app uses the data in the redirect to get the access token.
  4. Your app calls Mercury API with the user's access token.