Use googleoauth2 instead of integration/API credentials

pmb

Hi guys,

I'm pretty new to this and at the moment I'm writing an app with Google App Maker for handing in travel expenses.

Currently the user sends an mail with an attached receipt to [email protected] and Expensify does the rest of the job. However this means that the user usually has to correct the created expense. The new app shall avoid this issue by making an explicit API call.

Right now I'm wondering about the security concept regarding the credentials.

One solution might be to store the (encrypted) user credentials (or the ones of an Domain Admin whose in charge to create expenses on behalf of the user) somewhere in the app/database but this could become really messy.

The easiest solution for me would be to use Google OAuth/SSO. To use the app the user is singing in with their Google account anyways so I wouldn't have to bother with the security issues then. And as mentioned before the Google account is linked the user's Expensify profile already.

So long story short; is there a way to use the Google credentials instead of the integration/API credentials?

And otherwise do you have any best practice advice for handling/storing the Expensify credentials?

Thanks in advance

Ted Harris

Hi @pmb - thanks so much for posting in the Community! Right now, you're correct. There's no way to use any other credentials other than the partnerUserID and partnerUserSecret , but we're definitely aware that some form of OAuth connection would serve many prospective partners well.

I'm definitely intrigued as to the problem statement your app solves:

However this means that the user usually has to correct the created expense. The new app shall avoid this issue by making an explicit API call.

Will this simply act as a receipt integration like our many others here, adding an expense for your specific provider to an Expensify account? If so, let me know and I'll see if we can get somebody to reach out to you.

I'll also leave a link to our Third-Party Integration Support Methodology in case that helps at all.

Nicole Trepanier

Hi @pmb! Right now there is no way to use Google OAuth/SSO with our API server. We recommend using a password management tool to store your credentials. We do have a great Third Party Integration post here that goes through our recommended best practices. Let me know if you have any questions!

pmb

Hi @Nicole Trepanier and @Ted Peeters,

thank you for your detailed answers. I guess I continue as recommended then.

https://community.expensify.com/discussion/comment/10220#Comment_10220

The use of the app is to calculate and hand in internal travel rates. Right now we use a webform for that which we then print as pdf and send it to [email protected]. So it kinda is a receipt integration.