Set up Sign in with Queye on your website

Use Queye for Partners to create an OAuth app for your team. The OAuth app gives your website a client ID, a client secret, and a redirect allowlist.

1. Open Queye for Partners.
2. Select your team, then open OAuth in the right sidebar.
3. Create an app name and enter every redirect URI your website will use. Redirect URIs must use https://, except localhost may use http:// for local development.
4. Save the client secret when it is shown. Queye only shows the full secret once.

Endpoints

• Authorize: https://api.queye.co/oauth/authorize/
• Token: https://api.queye.co/oauth/token/
• Profile: https://api.queye.co/oauth/profile/
• Revoke: https://api.queye.co/oauth/revoke/

The OAuth API is served from api.queye.co. If the person is not signed in yet, Queye will redirect them to accounts.queye.co and then return them to the authorize flow.

Required flow

Use the Authorization Code flow with PKCE.

1. Send the person to the authorize endpoint with response_type=code, your client_id, your redirect_uri, a space-separated scope, a PKCE code_challenge, and code_challenge_method=S256.
2. After Queye redirects back to your website with a code, exchange it at the token endpoint.
3. When calling the token endpoint, send your client_id, your client_secret, the returned code, the same redirect_uri, and the PKCE code_verifier.
4. Use the access token with the profile endpoint to read the signed-in Queye account.

Scopes

• openid identifies the request as OAuth sign-in.
• profile lets your website read the Queye profile object.
• offline_access issues a refresh token.
• web_session is available for Queye web session flows.

Profile response

The profile endpoint returns a JSON object with fields including user_id, username, display_name, first_name, last_name, and profile_image_url.

Notes

• Keep the client secret on your server. Do not ship it in frontend JavaScript.
• Every redirect URI must match exactly.
• Use the trailing-slash endpoint forms shown above.