Application Configuration in Coupa Portal for OAuth2 Account
In this Article
Overview
Snaps in the Coupa Snap Pack use the Coupa OAuth2, and Coupa Dynamic OAuth2 accounts to access the Coupa application. For the OAuth2 account to authorize successfully, create, and configure a connected application corresponding to the account as provided in the key steps.
OAuth2 Account: You must authorize the account to generate a token.
Prerequisites
Admin access to Coupa.
Log in to Coupa as an integrations-enabled administrator.
Key Steps in the Workflow
Create a Client application.
Define Scope.
Specify the Credentials and Validate the Snap Account.
Create a Client Application in the Coupa Portal
Log in to the Coupa Portal. The URL format for Coupa instances:
Customer instances:
https://{organization_name}.coupahost.com
Partner and demo instances:
https://{organization_name}.coupacloud.com
Navigate to Setup > Integrations > Oauth2/OpenID Connect Clients. You can also search for ‘OAuth’ in the Find it fast Use the Instant Filter search box.
Note: You must provide a unique login ID for the Client Credentials Grant type. If you do not, Coupa displays an error,Login has already been taken
.Click Create on Oauth2/OpenID Connect Clients page.
From the Grant type list, select Client credentials or Authorization Code and specify the details for the client, such as Name, Login, Contact First Name, Contact Last Name, and Contact Email, as shown in the image below. For more information, refer to the table in Scenario for Grant Type.
Select the Scopes you want to include in this API setup.
Click Save to save the client.
The client Identifier and Secret are generated. You can toggle the Show/Hide link to display and copy the Client secret. Learn more about creating an application at the Register a client application in Coupa Portal. You can use Client IDs and Client Secret values to gain access to the Coupa APIs. When you create a new Open Connect client, access is granted to a specific application or user client for specific areas of the product defined by the scopes.
To create a client app, you must select at least one scope and the scopes which provide access to specific APIs required for your functionaity.
To use an existing application, navigate to the Integrations > Oauth2/OpenID Connect Clients. page. In the search box, specify the application name you want to edit. The details of the searched application displays in the search list. Use the edit option provided under Actions to add more Scopes to the existing app as shown in the image.
Scenario for the Grant Type
Grant Type | Scenario when this Grant type is used | Does it require user consent? |
---|---|---|
Client credentials | This grant type is used when there are no users involved and for system-to-system integrations. The token is automatically accepted and generated. | No, if the Grant type selected is Client credentials, the user does not require consent, and an HTTPS POST request can be made directly to Coupa. SnapLogic supports only the Client Credentials Grant type. Using this Grant type, you can create a client app and generate a Client ID and Client Secret to request an access token. |
Define Scope
Coupa scopes take the form of service.object.right
. For example, core.accounting.read
or core.accounting.write
.
Navigate to the Scope Management page in the Coupa Portal to find the list of scopes and their underlying permissions. Learn more about Scopes available in Coupa.
Select the Scopes you want to include in this API setup.
Specify the Credentials and Validate the Snap Account
Navigate to the Coupa Snap of your choice and configure the Coupa OAuth2 Account. Refer to the Coupa OAuth2 Account for more account-related information.
Click Authorize. You will be redirected to the login page of Coupa.
Log in to Coupa and accept the permissions. The Access token is populated.
Click Apply after the authorization is successful.
Troubleshooting
Common Errors | Reason | Response |
---|---|---|
The Client ID is invalid or you must have provided multiple credentials. Failed authentication. | Details of the Client secret provided is incorrect. | Provide correct Client Secret value. |
Invalid Scope | The specified scopes are invalid. | Provide Scopes when creating a client app. |
Failed to validate Account | Details of the parameters provided for endpoint are incorrect. | Ensure that the Account is configured correctly. |