> ## Documentation Index
> Fetch the complete documentation index at: https://docs.runalloy.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Create OAuth Link

> This endpoint can be used to generate an OAuth link if you want to completely white label your authentication experience. You can use this endpoint to generate a link which your users can click to redirect to the specified application without rendering the Alloy Embedded Modal.

Note: this endpoint **only** works with OAuth enabled integrations. To add a credential manually, please use the [POST Create Credential API](/reference/embedded/create-a-credential).

This endpoint takes a `userId`, `integrationId`, and `connectorName` as inputs. It should be used in conjunction with the [GET Credential Metadata API](/reference/embedded/get-credential-metadata). `credentialName` represents the name of the integration you want to call.

If the credential metadata endpoint returns any `properties,` you must pass them as query string parameters at the end of this call.
For example, to generate a `oAuthURL` for Shopify, you'll need to add the specify `shopifySubdomain` in the query paramter of the URI. Your URI may look like `/oauthUrl?userId=YOUR_USER_ID&app=shopify&shopSubdomain=YOUR_STORE_NAME`



## OpenAPI

````yaml get /headless/oauthUrl
openapi: 3.0.1
info:
  title: Embedded 2025-09
  version: '5.0'
servers:
  - url: https://production.runalloy.com
security: []
paths:
  /headless/oauthUrl:
    get:
      summary: Create OAuth Link
      description: >-
        This endpoint can be used to generate an OAuth link if you want to
        completely white label your authentication experience. You can use this
        endpoint to generate a link which your users can click to redirect to
        the specified application without rendering the Alloy Embedded Modal.


        Note: this endpoint **only** works with OAuth enabled integrations. To
        add a credential manually, please use the [POST Create Credential
        API](/reference/embedded/create-a-credential).


        This endpoint takes a `userId`, `integrationId`, and `connectorName` as
        inputs. It should be used in conjunction with the [GET Credential
        Metadata API](/reference/embedded/get-credential-metadata).
        `credentialName` represents the name of the integration you want to
        call.


        If the credential metadata endpoint returns any `properties,` you must
        pass them as query string parameters at the end of this call.

        For example, to generate a `oAuthURL` for Shopify, you'll need to add
        the specify `shopifySubdomain` in the query paramter of the URI. Your
        URI may look like
        `/oauthUrl?userId=YOUR_USER_ID&app=shopify&shopSubdomain=YOUR_STORE_NAME`
      operationId: generate-oauth-link
      parameters:
        - name: Authorization
          in: header
          required: true
          schema:
            type: string
            default: bearer YOUR_API_KEY
        - $ref: '#/components/parameters/xApiVersion'
        - name: userId
          in: query
          description: The id of the user to generate this link for
          required: true
          schema:
            type: string
        - name: app
          in: query
          description: The name of the app you want the user to authorize access to
          required: true
          schema:
            type: string
      responses:
        '200':
          description: '200'
          content:
            application/json:
              examples:
                Result:
                  value:
                    oauthUrl: >-
                      https://api.runalloy.com/api/strategy/shopify/authorize?userId=xyz123abc098754&shopSubdomain=my-shoe-store
              schema:
                type: object
                properties:
                  oauthUrl:
                    type: string
                    example: >-
                      https://api.runalloy.com/api/strategy/shopify/authorize?userId=xyz123abc098754&shopSubdomain=my-shoe-store
      deprecated: false
      security: []
      x-code-samples:
        - lang: cURL
          source: >
            curl -X GET
            "https://production.runalloy.com/oauthUrl?userId={{userId}}&app=shopify"
            \
              -H "Authorization: bearer YOUR_API_KEY" \
              -H "x-api-version: 2025-09"
        - lang: Python
          source: |
            import requests

            url = "https://production.runalloy.com/oauthUrl"
            params = {"userId": "{{userId}}", "app": "shopify"}
            headers = {
                "Authorization": "bearer YOUR_API_KEY",
                "x-api-version": "2025-09"
            }

            response = requests.get(url, params=params, headers=headers)
            print(response.json())
        - lang: JavaScript
          source: >
            const userId = "{{userId}}";

            const app = "shopify";

            const url =
            `https://production.runalloy.com/oauthUrl?userId=${userId}&app=${app}`;


            fetch(url, {
              method: "GET",
              headers: {
                "Authorization": "bearer YOUR_API_KEY",
                "x-api-version": "2025-09"
              }
            })
              .then(response => response.json())
              .then(data => console.log(data))
              .catch(error => console.error("Error:", error));
        - lang: PHP
          source: >
            <?php

            $userId = "{{userId}}";

            $app = "shopify";

            $url = "https://production.runalloy.com/oauthUrl?userId=" .
            urlencode($userId) . "&app=" . urlencode($app);


            $ch = curl_init($url);

            curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

            curl_setopt($ch, CURLOPT_HTTPHEADER, [
                "Authorization: bearer YOUR_API_KEY",
                "x-api-version: 2025-09"
            ]);


            $response = curl_exec($ch);

            curl_close($ch);

            $data = json_decode($response, true);

            print_r($data);

            ?>
        - lang: Go
          source: |
            package main

            import (
                "encoding/json"
                "fmt"
                "io"
                "net/http"
                "net/url"
            )

            func main() {
                userId := "{{userId}}"
                app := "shopify"
                baseURL := "https://production.runalloy.com/oauthUrl"
                params := url.Values{}
                params.Add("userId", userId)
                params.Add("app", app)
                fullURL := baseURL + "?" + params.Encode()

                req, _ := http.NewRequest("GET", fullURL, nil)
                req.Header.Set("Authorization", "bearer YOUR_API_KEY")
                req.Header.Set("x-api-version", "2025-09")

                client := &http.Client{}
                resp, _ := client.Do(req)
                defer resp.Body.Close()

                body, _ := io.ReadAll(resp.Body)
                var data map[string]interface{}
                json.Unmarshal(body, &data)
                fmt.Println(data)
            }
        - lang: Java
          source: |
            import java.net.HttpURLConnection;
            import java.net.URL;
            import java.io.BufferedReader;
            import java.io.InputStreamReader;
            import com.google.gson.Gson;
            import java.util.Map;

            public class Example {
                public static void main(String[] args) throws Exception {
                    String userId = "{{userId}}";
                    String app = "shopify";
                    String urlString = "https://production.runalloy.com/oauthUrl?userId=" + java.net.URLEncoder.encode(userId, "UTF-8") + "&app=" + java.net.URLEncoder.encode(app, "UTF-8");
                    
                    URL url = new URL(urlString);
                    HttpURLConnection conn = (HttpURLConnection) url.openConnection();
                    conn.setRequestMethod("GET");
                    conn.setRequestProperty("Authorization", "bearer YOUR_API_KEY");
                    conn.setRequestProperty("x-api-version", "2025-09");
                    
                    BufferedReader in = new BufferedReader(new InputStreamReader(conn.getInputStream()));
                    String inputLine;
                    StringBuilder response = new StringBuilder();
                    while ((inputLine = in.readLine()) != null) {
                        response.append(inputLine);
                    }
                    in.close();
                    
                    Gson gson = new Gson();
                    Map<String, Object> data = gson.fromJson(response.toString(), Map.class);
                    System.out.println(data);
                }
            }
        - lang: Ruby
          source: |
            require 'net/http'
            require 'json'
            require 'uri'

            userId = "{{userId}}"
            app = "shopify"
            uri = URI("https://production.runalloy.com/oauthUrl")
            params = { userId: userId, app: app }
            uri.query = URI.encode_www_form(params)

            http = Net::HTTP.new(uri.host, uri.port)
            http.use_ssl = true

            request = Net::HTTP::Get.new(uri)
            request['Authorization'] = 'bearer YOUR_API_KEY'
            request['x-api-version'] = '2025-09'

            response = http.request(request)
            data = JSON.parse(response.body)
            puts data
components:
  parameters:
    xApiVersion:
      name: x-api-version
      in: header
      required: true
      description: The version of the API to use. The current API version is **2025-09**.
      schema:
        type: string
        default: 2025-09

````