SaaS & Engineering

OAuth 2.0

Industry-standard protocol for delegated access — lets users grant apps limited access to their data without sharing passwords.

OAuth 2.0 flows: user clicks 'Login with Google' → Google asks 'allow X to access your email?' → user approves → Google issues a token to app X → app X uses token to call Google APIs on user's behalf.

Key concepts: access token (short-lived, ~1 hour), refresh token (long-lived, used to get new access tokens), scope (what permissions the token grants), client ID + secret (your app's identity).

For Indian SaaS, OAuth handles: Google Calendar integration, Gmail send-as, Facebook Business Manager access, WhatsApp Business signup, Razorpay account connect. Most modern integrations use OAuth.

India context

Indian SaaS founders sometimes still ask for username+password (legacy). This is bad for security + user trust + compliance. Modern SaaS use OAuth — user grants access without revealing credentials.

Examples

  • Doggu uses OAuth to access user's Google Calendar — refresh token stored encrypted, access token rotated hourly.
  • WhatsApp Embedded Signup is essentially OAuth into Facebook Business Manager.

FAQ

What's the difference between OAuth 1.0 and 2.0?

OAuth 2.0 is the standard now. OAuth 1.0 is legacy (Twitter old API). 2.0 is simpler to implement, supports more flows (web, mobile, server-to-server).

Are OAuth tokens secure?

Access tokens are short-lived (1 hour typical) and revoked when user logs out. Refresh tokens are stored encrypted server-side. Following standard practices, very secure.

What's an OAuth scope?

Specific permission: 'read calendar', 'send email', 'view profile'. User sees scopes during authorization. Apps should request minimum scopes needed.

Related concepts

APIJWTAPI keyscoperefresh token

Doggu handles OAuth 2.0 compliance for you.

Whether it's automating the workflow above, Doggu was built specifically for the Indian SMB regulatory environment. One platform, all the requirements.

Try Doggu free for 14 days

Related glossary entries

WhatsApp Cloud APIMeta-hosted, direct API access to WhatsApp Business — alternative to using a BSP.API (Application Programming Interface)Standard way for one application to communicate with another — the foundation of modern SaaS integrations.JWT (JSON Web Token)Compact, self-contained way to securely transmit information between parties as a JSON object — used widely in SaaS authentication.

More in SaaS & Engineering

API (Application Programming Interface)WebhookJWT (JSON Web Token)SDK (Software Development Kit)Shopify (India)
← All glossary entriesBlogWhatsApp TemplatesFree tools