Staffbase allows you to create OAuth client access directly from the Staffbase Studio. OAuth 2.0 is the industry standard for secure authorization. OAuth client access allows external applications to interact with the Staffbase platform in a streamlined and secure way.
By creating an OAuth client in the Staffbase Studio, you enable seamless, standards-based authentication flows that generate scoped access tokens on behalf of users. This setup ensures secure data exchange while allowing your integration to access only the necessary Staffbase data.
When creating an OAuth client in the Staffbase platform, you can choose from three types of clients based on your integration use case.
SPA (Single Page Application)
Use this for your JavaScript front-end applications that run entirely in the browser and communicate with Staffbase APIs. These apps typically use frameworks such as Angular, React, or Vue.
Example use cases for SPA
A custom Staffbase dashboard built in React that visualizes employee engagement data A front-end portal that displays personalized employee information using Staffbase APIs
OAuth flow for SPA
This client type uses Authorization Code Flow with PKCE (Proof Key for Code Exchange). This flow provides token security without storing a client secret in the browser.
WEB (Web Applications)
Use this for traditional web applications that run on a server and rely on redirects for user authentication. These apps handle tokens securely on the backend and can store client secrets.
Example use cases for WEB
A Node.js Express or ASP.NET app where users sign in with their Staffbase credentials A corporate intranet built with PHP or Java that fetches data from the Staffbase API after user login
OAuth flow for WEB
This client type uses Authorization Code Flow, where tokens are exchanged and stored securely on the server. This approach ensures a high level of security for confidential applications that manage sensitive user data or backend integrations.
DAEMON (Machine-to-Machine Application)
Use this for server-side services or automation scripts that run without user interaction. This type is ideal for system-to-system communication or background processes.
Example use cases for DAEMON
Automated user imports via CLI tools or scheduled scripts Synchronizing user data between Staffbase and an HR system like SailPoint Server-side monitoring or reporting tools
OAuth flow for DAEMON
This client type uses Client Credentials Flow, where tokens are issued directly to the application using its client ID and authentication method. No user login is required, making it ideal for trusted server-to-server integrations..
Comparison overview
| Client type | Where it runs | OAuth flow | Use cases | User login requirement |
|---|---|---|---|---|
| SPA | Browser (front end) | Auth Code + PKCE | React, Angular, Vue apps | ✅ |
| WEB | Server (backend) | Auth Code | Node.js, ASP.NET, Java, PHP | ✅ |
| DAEMON | Server or background process | Client Credentials | CLI tools, automation, SailPoint | ❌ |