Prerequisites

This document explains what you have to do before integrating Business Authentication APIs.

Business Authentication

Business consent items

You can configure the usage and Consent level of each consent item by clicking [Set] under [My Application] > [Business Authentication] > [Consent Items]. For Business Authentication, only the [Email] consent item can be configured.

🅐 Consent level 🅑 Purpose of consent: Reference information regarding the purpose of the Business Authentication consent item, which is not displayed on the business consent screen.

The consent item settings of the app are reflected on the Business consent screen.

Set Business redirect URI

You can register a Business redirect URI under [My Application] > [Business Authentication] > [Redirect URI]. In the Business Authentication process, the Business redirect URI is used to issue the authorization code.

If you request a business authorization code with an incorrect or unregistered redirect URI, an error will occur.

Register the Business redirect URI according to the following rules.

• Up to 10 redirect URIs can be registered.
• Only HTTP and HTTPS protocols are supported.
• Since HTTP and HTTPS protocols are distinguished, each must be registered separately.

Note: Guide to using the redirect URI

• Multiple Business redirect URIs can be registered to redirect to appropriate service pages, such as a landing page or additional information entry page, after Business Authentication.
• Business redirect URIs cannot contain arbitrary parameters in the path. To maintain or transmit specific information during the Business Authentication process, use the state parameter. For more information on the state parameter, refer to Get business authorization code.
• Wildcard characters can be included in the domain of the Business redirect URI. For more details, refer to Wildcard subdomains.
• If you need to register more than 10 Business redirect URIs, contact DevTalk.

Transfer personal information overseas

You can register the transfer personal information overseas in [My Application] > [Business authentication] > [Transfer of Personal Information Overseas].

🅐 Country where personal information is stored: Enter the country where personal information is transferred to. 🅑 Corporation name (company): Enter the name of a corporation to which the personal information is transferred. 🅒 Contact: Enter the contact information such as email or phone number of the person responsible for the management of information, or customer center URL.

After registering the information above, the 'Consent to the Transfer of Personal Information to Foreign Parties' item is included as a Required item in the Consent screen. Users can see the detailed information which is registered in [Transfer of Personal Information Overseas] by selecting [view more] and consent to the transfer of personal information overseas.

Security

Client Secret

You can generate a Client Secret code by navigating to [My Applications] > [Business Authentication] > [Security] and selecting [Generate Code].

The issued client secret code must be applied by changing the [Activation state] under [Set] to [Enabled]. To disable the use of the client secret, change the [Activation state] to [Disabled].

Select [Reissue] under [Code] to issue a new client secret code. This can be used for code renewal or in situations where a leak is suspected. Be cautious when reissuing the code, as all token issuance requests using the previous code will fail for active services.

Note: How to change Client Secret for service in operation

1. Change [Activation state] to [Disabled].
2. Click [Reissue] to get a new Client Secret code.
3. Apply the new Client Secret code to the service.
4. Change [Activation state] to [Enable].