OAuth is the open standard that lets you give an application access to your data in another system without sharing your password. Instead, the application receives a token with precisely defined permissions that you can revoke at any moment. The familiar 'App X wants access to your account' screen is OAuth in action.
OAuth in practice
For integrations, OAuth is the secure standard: the integration only gets the permissions it needs (for example 'read orders', not 'change settings') and tokens expire automatically. That limits the damage if something ever goes wrong — you don't have to rotate passwords, only revoke a token.
The thing to watch out for in practice: expired or revoked tokens are a classic cause of integrations that quietly stop working. Nobody notices until orders or candidates no longer come through. So agree who receives error notifications and monitor your integrations actively — see also API integration.
Related terms
- API — An API (Application Programming Interface) is a standardised way for software systems to make data and functions available to each other.
- SSO — SSO (single sign-on) means employees log in once — usually with their Microsoft or Google account — and automatically gain access to all connected applications.
- MFA — MFA (multi-factor authentication) is logging in with a second proof of identity alongside your password — usually an approval or code in an app on your phone.
- API integration — An API integration is a connection between two software systems that automatically exchange data via their APIs — for example orders from a webshop to the accounting system, or placements from an ATS to invoicing.