OAuth Callback (Faire → SKU)

GET 
/faire/callback

OAuth callback hit by Faire after the user authorizes the app. Not called manually — Faire redirects the user's browser to this URL.

Flow:

1. Validates the state parameter against the value stored in the user's session (CSRF protection).
2. Calls Faire's token endpoint to exchange authorization_code for a long-lived access_token.
3. Persists the access token + granted scopes on the integration instance.
4. Redirects to /v2/integrations/faire/{id}/dashboard on success, or /v2/integrations/faire/{id}/settings?oauth_error=... on failure.

Query Parameters:

• state (required) - CSRF state, format {app.url}_{instance_id}
• authorization_code (required, alias code) - One-time auth code from Faire

Auth: Web session (no Bearer token). Faire redirects the user's browser, so the call lands on the web middleware group, not auth:sanctum.

Errors:

• 400 State mismatch - The state in the request doesn't match the session
• 404 Faire integration not found - Instance referenced by state has been deleted
• Redirect with ?oauth_error=... - Token exchange failed at Faire's side

Request

Responses

200

Successful response