Authentication

Brandclub Sync uses OAuth 2.0 with PKCE. The SDK handles everything automatically.

How It Works

1. User clicks "Connect" in widget
2. SDK redirects to Brandclub
3. User signs in with phone (+1-555-0100 → OTP: 424242)
4. SDK receives access token
5. App can now call APIs

You don't write OAuth code—the SDK does it all.

Phone-Based Identity

Users authenticate with their phone number. This creates a portable identity across all partner apps.

Example:

Sarah connects Amazon in "FitLife Rewards":

  • Phone: +1-555-0100

  • Amazon connected ✓

Later, Sarah opens "PetPal Rewards":

  • Same phone: +1-555-0100

  • Amazon already connected ✓

  • No re-authentication needed

One phone number = one sync account across all apps.

Client Registration

To integrate, provide:

  • App name

  • Redirect URIs (e.g., https://yourapp.com/callback)

  • Required permissions

You'll receive:

  • Client ID - Use in SDK

  • Scopes - Permissions granted

Permissions

Permission
Access

accounts:read

View connected retailers

accounts:connect

Link new retailers

accounts:sync

Trigger syncs

orders:read

Access order data

Request only what you need.

Token Management

The SDK automatically:

  • Obtains tokens

  • Refreshes expired tokens

  • Stores securely

  • Includes in API calls

For advanced use cases (custom UI), see OAuth endpoints in the API Reference.

Testing

Sandbox Environment:

  • URL: https://sync-beta.brandclub.com

  • Phone: +1-555-0199

  • OTP: 424242

  • Demo Client ID: bc_example_rewards_app_demo

PreviousData ReferenceNextSecurity

Last updated