OAuth 2.0 and OIDC

Coupa uses OAuth 2.0 and OIDC to authenticate API requests. API Keys are no longer supported.

Improving API Security with OIDC/OAuth 2.0

The foundation of Coupa's cloud-based service is our ability to deliver a secure and scalable service that's available to you anytime, from anywhere. To do this, Coupa has transitioned to OpenID Connect (OIDC), an open authentication protocol that extends OAuth 2.0 for an improved level of security for API integrations with Coupa. API Keys are now deprecated.


API key sunsetting and transition only affects customer-created API integrations to the Coupa core platform, and does not not affect applications such as Treasury, CSO, and Supply Chain Design & Planning.