This resource provides a guide on how to set up OAuth2.0 on Tyms.

  1. Redirect to Tyms for user authorization

Use the OAuth 2.0 protocol to implement authentication and authorization. Authorization is essential for both testing via sandbox companies and production apps.

To make API requests on behalf of a user, you will need to receive and securely store an access token provided by Tyms OAuth authorization flow. Use this access token as a Bearer token passed as an Authorization header in the API request.

Tyms OAuth 2.0 endpoints are:

This process involves the following steps:

OAuth Flow

The flow to authorize users for your application is:

  1. Users are redirected to Tyms to request authorization of connection

  2. Users are redirected back to your site by Tyms

  3. Your application uses the user's access token to access the Tyms API

Initiate user authorization

Get Tyms OAuth authentication widget by sending a GET request to with these query parameters:

Query ParametersDescription
referenceUser unique reference on your system.
client_idYour Tyms public key
redirect_uriRedirect uri you will provide in your request.
terms_urlYour terms and conditions url.
privacy_urlYour privacy policy url.

For example:

    "status": "success",
    "message": "Authorization request initiated successfully",
    "data": ""


Your application should redirect users to the URL in the response above.

Tyms will prompt the user to authorize your application.

If authorized, Tyms redirects the user to the redirect uri you've set on your Tyms dashboard with additional Get parameters.

  • reference -The user reference you provided on your redirect.
  • authorization_code - This is the authorization code that will be exchanged for access token. May only be used once and expires after 10 minutes.
  • business_id - The id of the business the user is authorizing on your application.