RevCent offers OAuth 2.0 access for external access to your RevCent account via the API. This is useful for third parties, especially AI via the RevCent MCP. Some third parties prefer not to save API Keys and instead use OAuth to access the RevCent API.
Only use OAuth if necessary, such as when implementing the RevCent MCP.
OAuth 2.0 is a standard for accessing protected resources programmatically. It allows you to grant external access to your RevCent account via API without the need to use an API key.
OAuth is a multi step process, requiring endpoints, credentials and ultimately granting access.
The following are the RevCent OAuth endpoints if needed when configuring a third party to access your RevCent account.
https://revcent.com/oauth/authorizehttps://revcent.com/oauth/token
An OAuth client is the starting point for granting remote access to the API and generating access tokens. Every access token generated must have an associated OAuth Client in RevCent. An OAuth client is necessary for issuing tokens and granting access.
View all of your OAuth clients by visiting https://revcent.com/user/oauth-clients
Create a new OAuth client by clicking the Create New OAuth Client button when viewing all OAuth clients, or go to https://revcent.com/user/new-oauth-client
Edit a specific OAuth client by clicking the edit button when viewing all OAuth clients. View all current access tokens specific to the OAuth client by clicking the Access Tokens tab.
The Auth Details tab contains the following values for configuring a third party to access your RevCent account:
An access token can be generated via OAuth endpoints using OAuth client credentials, or manually within the RevCent web app.
View your access tokens and their associated OAuth clients by visiting https://revcent.com/user/oauth-access-tokens. You can view the access token as well as delete an access token.
You can manually create an access token when editing an OAuth client. Edit a specific OAuth client, view the Access Tokens tab, then click the Create Access Token button. Access tokens should only be created manually when you want to connect to RevCent using a bearer token without using a client ID and secret.
When using an access token, requests should use the “Authorization” header and Bearer.
Example: “Authorization”: “Bearer YourAccessToken”
Important: By default, new OAuth Clients in RevCent have all 250+ permissions enabled.
It is recommended to only enable the permissions that are needed for the OAuth Client, especially if using this OAuth client with the RevCent MCP. This can help prevent AI from performing unintended actions due to hallucinations.
When editing a specific OAuth client, click on the Permissions tab and enable only the permissions the OAuth client will need, i.e. least privileges.