Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.busha.io/llms.txt

Use this file to discover all available pages before exploring further.

Before you begin

OAuth2 app registration sits inside your Busha business account. Make sure you have:
  • A Busha business account with completed KYB (Know Your Business) verification.
  • The scopes your integration needs. Review the Scopes reference before registering — you request scopes at registration time, and an admin approves the bundle.
If you haven’t set up a business account yet, follow the Quick Start guide first.

Register your OAuth2 app

1

Open Developer Tools

Sign in to your Busha business account at app.busha.io. In the sidebar, go to Settings → Developer Tools → OAuth Apps and click Create App.
2

Fill in the app details

Provide a name, homepage URL, and one or more redirect URIs. Select the scopes your integration requires.
Register the exact redirect URI your app will send in the authorization request. Busha compares it byte-for-byte — a trailing slash, different casing, or a missing port makes it a different URI and the request will be rejected. HTTPS is required for all redirect URIs unless the host is localhost.
Submit. Your app lands in pending status.
3

Wait for approval

Busha admin reviews and approves your app. You’ll be notified when the status changes. Approval grants your app the full set of scopes you requested — approved_scopes = requested_scopes.If your app shows pending, rejected, or suspended in the dashboard, authorization requests will fail with unauthorized_client.
4

Copy your client credentials

Once approved, open the app page and click Reveal Client Secret. The secret is shown exactly once — copy it into your secret manager immediately.Your credentials are:
CredentialFormatWhere to find it
client_idbusha-oauth2-{uuid}-{live|test}App page, always visible
client_secretOpaque stringClick Reveal Client Secret (once only)
Use Rotate Secret on the same page if your secret is ever compromised.
client_secret belongs in your backend — never in a mobile app, single-page app, browser extension, or anything shipped to users. Store it in a secret manager (HashiCorp Vault, AWS Secrets Manager, GCP Secret Manager).

Sandbox vs production

Sandbox and production are fully isolated — they have separate URLs, separate OAuth2 clients, separate users, and separate tokens. Nothing crosses between them.
SandboxProduction
PurposeTest your integration safelyLive customer traffic
Approval turnaroundLighter-touch (ask your integration manager)Standard KYB review
CredentialsSeparate client_id and client_secretSeparate client_id and client_secret
API hostapi.sandbox.busha.soapi.busha.io
OAuth2 issuerlogin.sandbox.busha.iologin.busha.io
Register a separate OAuth2 app for each environment. Never reuse production credentials in sandbox — the data sets are isolated and mixing credentials muddies your testing.
To get sandbox access, complete partner onboarding at the sandbox host. Talk to your integration manager about approval turnaround.

What’s next

You have your client_id and client_secret. Now make your first authorized API call:

Quick start

Walk through the full authorization-code flow and call GET /v1/balances on behalf of a real user.