Partner OAuth is the install flow that connects a Flint merchant to your partner app. Send the merchant's browser to the hosted authorize endpoint with your client_id, redirect_uri, and requested permission IDs. Flint handles sign-in, merchant selection, and permission review, then redirects back to you with an authorization code. That browser request is unauthenticated on your side; only the token exchange uses your app credentials.
Exchange the code at the token endpoint, passing your client_id and client_secret in the request body, to receive a partner install access token scoped to the granting merchant. The same endpoint rotates refresh tokens. Use the preview endpoint to validate an install request and see the normalized permission set Flint will show the merchant before you send them through.
See the Partner app installs guide for the full flow, and the partner apps reference for registering apps and managing installs.
