OAuth

OAuth (Open Authorization) is an open standard protocol that allows third-party applications to access a user's data on another service without requiring the user to hand over their password. Instead of sharing credentials directly, the user authenticates with the original service (such as Google or Stripe) and grants the requesting application a limited access token. That token specifies exactly what the application can do — read a specific spreadsheet, write to a particular folder, process payments — and the user can revoke it at any time. OAuth 2.0 is the current version used by virtually all major web services, and it underpins the "Sign in with Google" and "Connect your account" flows that are now standard across the web.

Without OAuth, connecting two services would require sharing your login credentials with the third-party application — a serious security risk that gives that application full, unrestricted access to your account. OAuth solves this by creating a controlled delegation model. The third-party application receives only the specific permissions it needs, for only as long as you allow it. If the application is compromised, attackers get a limited token rather than your password. For digital publishers who rely on multiple tools — analytics platforms, email marketing services, payment processors, spreadsheet integrations — OAuth is the mechanism that makes those connections safe and manageable without creating a web of shared passwords.

FlipLink uses OAuth-based authorization when connecting to third-party services through the [automation and integrations](/features/automation-and-integrations) feature. When you set up the [Google Sheets integration](/integrations/google-sheets), for example, you are redirected to Google's consent screen where you authorize FlipLink to write lead data to a specific spreadsheet. FlipLink receives a scoped access token — it can write to that spreadsheet but cannot read your email, access your Drive files, or perform any action outside the granted permission. The [Stripe integration](/integrations/stripe) works similarly: you authorize FlipLink to process payments on your behalf through Stripe's OAuth flow, and FlipLink never stores or sees your Stripe password. All tokens are stored securely and can be revoked from either the FlipLink dashboard or the third-party service's settings.