2. Getting Onboarded
This section describes the steps to register as a partner and become operational.
Step 1 — Contact us
To start the process, contact the OneConnect support team (contact.oneconnect@shine.co).
We'll have a call with you, and please prepare:
- your use case
- your company name and software name
- the URLs that will allow us to access your logo and your presentation page
- your webhook URLs
Step 2 — Integrate with our API
While we are busy with issuing credentials for you, you can start implementing the API, and webhooks handling. We’ll share with you, securely, an OAuth2 client ID and secret.
Step 3 — We provision your credentials
The OneConnect by Shine team creates your partner account and provides:
| Item | Description |
|---|---|
| Client ID | Your application identifier (UUID) |
| Client Secret | Associated secret |
| Scope | Scope associated |
These credentials are used to obtain a Bearer token via the OAuth2 client_credentials flow, required for all your API calls.
Step 4 — Obtain a token
Call the OAuth 2.0 token endpoint of the authorization server:
POST https://auth.shine.co/oauth2/token
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials
&client_id={your_client_id}
&client_secret={your_client_secret}
&scope={the_requested_scope}
Response (excerpt):
{
"token_type": "Bearer",
"expires_in": 3600,
"access_token": "eyJ0eXAiOiJKV1Qi..."
}
Use access_token in the Authorization: Bearer {access_token} header of every call to OneConnect by Shine.
Token lifecycle
The token has a limited lifetime (3600 seconds). Always rely on the expires_in value returned by the token endpoint and handle renewal:
- Cache the token in memory and reuse it for multiple calls within the same session.
- Refresh before expiry: request a new token shortly before the current one expires (e.g. when 80 % of
expires_inhas elapsed) to avoid interrupted requests. - Handle 401 gracefully: if OneConnect by Shine returns
401 Unauthorized, your token has likely expired. Request a fresh token and retry the call once. if the token is valid, the integration has expired. Call the Integration status route ( GET /integrations/:integrationId ) to verify it.
Step 5 — Verify everything works (quick-start)
After you obtain a Bearer token, use the health endpoint to confirm OneConnect by Shine accepts it. This route is for authentication verification only (it does not return business data):
GET /v1/health
Authorization: Bearer {access_token}
| Header | Value |
|---|---|
Authorization | Bearer {access_token} — your OAuth2 partner token |
Expected response: 204 No Content with an empty body.
If you receive 204, your authentication is working. You can move on to invoice imports (detailed in section 3 — Using the API).