You can use this account type to connect REST Snaps with data sources that use OAuth2 accounts. authenticationWhen choosing between different authentication options for a REST API, we recommend you use the REST OAuth2 account instead of the REST In-memory OAuth2 accountbecause of the flexibility and security features OAuth2 offers. Learn more about the differences between the REST In-memory OAuth2 Account Vs. REST OAuth2 Account.


A valid Client ID, Client secret, OAuth2 endpoint, and OAuth2 token.



Account Settings

Field NameField TypeDescription

Specify the name for the account. We recommend that you update the account name if there is more than one account of the same account type in your project.

Default Value: N/A
ExampleREST OAuth2 Account

Client ID*String

Specify the client ID associated with your account. You can create the client ID as advised by your application provider. An example and its meaning can be found here.

Default Value: N/A

Client secret*String

 The client secret associated with your account. You can create the client secret as advised by your application provider. An example and its meaning can be found here.

Default Value: N/A

Access tokenString

Auto-generated after authorization. Specify the token that SnapLogic uses to make API requests on behalf of the user associated with the client ID.

Default Value: N/A

Refresh tokenString

Auto-generated after authorization. Specify the refresh token associated with your account. If the refresh token is stored, then the access token can be refreshed automatically before it expires.

You should retrieve the Refresh token when setting up the account for the endpoint, where the OAuth2 flow is executed and the resulting refresh token is stored in this field. If the refresh token is stored, then the access token can be refreshed automatically before it expires. 


Users who run Pipelines with REST Snaps using OAuth2 authentication should have read/write/execute permissions. If the user has only Execute permissions, a refresh of the OAuth2 token might prompt the user's credentials. For a workaround, you can give the user running the Pipeline Write access to the Assets referenced in the Pipeline.


In some REST endpoints, such as Google and Microsoft, the refresh token is not returned by the default parameters/scopes. For example, in an endpoint such as Google, to get the refresh token you need to set access_type=offline and prompt=consent.

Default Value: N/A

Access token expirationInteger

Auto-generated after authorization. Specify the access token expiration value, in seconds.

Default ValueCurrent Time + 3600 seconds

Header authenticated


Select this checkbox to indicate that the endpoint uses bearer header authentication.

Default Value: Deselected

OAuth2 Endpoint*


Specify the URL of the endpoint that authorizes the application. 

Default Value: N/A

OAuth2 Token


Specify the URL of the endpoint that retrieves the token for an authenticated account.


If you are using a REST OAuth2 Account, access the account token through account.access_token explicitly. The property must be marked as an expression. An example URL for LinkedIn is: "" + account.access_token.

Default Value: N/A

Grant Type

Select one of the following methods for authorization:

  • Authorization Code: The user is authenticated using credentials (username and password), which return to the client through a redirect URL. The application then receives the authorization code from the URL and uses it to request an access token.
  • Client Credentials: Obtains an access token to the client ID and client secret through the token endpoint URL.
  • password: Obtains access token using your login credentials (username and password). When selected, it populates the following fields:
    • Username: Enter the username of the account type.
    • Password: Enter the password of the account type.

Default ValueAuthorization Code

Token endpoint config

Use this field set to provide custom properties for the OAuth2 token endpoint. Click the + or - icons to respectively add or remove configuration rows.

This field set comprises the following fields:

  • Token endpoint parameter
  • Token endpoint parameter value

Token endpoint parameter


Define an optional token endpoint parameter.

Default Value: N/A

Token endpoint parameter valueString

Specify the value associated with the optional endpoint parameter defined above.

Default Value: N/A

Auth endpoint config

Use this field set to provide custom properties for the OAuth2 auth endpoint. Click the + or - icons to respectively add or remove configuration rows.

This field set comprises the following fields:

  • Auth endpoint parameter
  • Auth endpoint value


Default Value: N/A
Example: /snaplogic/shared/cloud


Specify the Snaplex path to be used for OAuth2 operations.

  • By default, SnapLogic automatically selects an available Snaplex. So, use this field only to handle specific scenarios, such as a network limitation.

  • If the specified Snaplex is not available or does not exist, the execution fails.

Authentication parameterString

Define an optional authorization endpoint parameter.

Default ValueN/A

Authentication parameter value

Default Value: N/A


Specify the value associated with the optional authorization endpoint parameter defined above.Default Value: N/A

Auto-refresh token

Default ValueDeselected


Select this checkbox to refresh the token automatically using the refresh token, if the property is enabled. If this property is deselected, the token expires and is not refreshed automatically.Default ValueDeselectedExample: N/A



Click this button to authorize the REST OAuth2 account using the credentials provided in the Client ID, Client Secret, OAuth2 Endpoint, and OAuth2 Token fields.

Default Value: N/A
Example: N/A

Send Client Data as Basic Auth Header

Default Value


Select this checkbox to send the client information as a header to the OAuth endpoint.Default Value: DeselectedExample: N/A


Call-back DomainThe redirect URI must be set differently in the app that is created in the endpoint: https://<SnapLogic_POD_Name>/api/1/rest/admin/oauth2callback/rest

For example: "" in the screenshot below:

When After you click Authorize, SnapLogic sends your account details to the OAuth2 endpoint specified and populates the Access token, Refresh token, and Access token expiration fields using the details received from that endpoint.

REST In-memory OAuth2 Account Vs. REST OAuth2 Account

REST In-memory OAuth2 Account

REST OAuth2 Account

The REST In-memory OAuth2 Account supports only client_credentials Grant type.

The REST OAuth2 Account supports the following authorization Grant types:

  • client_credentials

  • password

  • authorization_code

The REST In-memory OAuth2 Account is suitable for scenarios where the access token expiration time is less than 30 minutes. This account type efficiently manages tokens within the pipeline and Snap, ensuring a more localized token handling approach.

The REST OAuth2 Account is suited for scenarios when access token expirations are 1 hour or longer. If the OAuth2 service supports refresh tokens, enabling the Auto Refresh token checkbox allows Snaplogic to pre-emptively refresh tokens automatically beforetheir official expiration.


One or more required field is blank

You click Authorize in the account dialog window, but one or more of the following fields is blank:

  • Label
  • Client ID
  • Client Secret
  • OAuth2 Endpoint
  • OAuth2 Token

Insert valid details into the following fields and click Authorize.

  • Label
  • Client ID
  • Client Secret
  • OAuth2 Endpoint
  • OAuth2 Token

You attempted to authorize your account, but authorization failed, because the following fields are empty:

  • Access token
  • Refresh token
  • Access expiration token

