With Express accounts, you can quickly onboard users so they can be paid immediately. You can customize the branding of the Express onboarding flow and dashboard. Stripe hosts the dashboard; you can grant access through your platform so your users can access it.

Express demo

To see the complete Express onboarding flow in action, Stripe recommends trying our sample end-to-end Express integration before you start building your own. This demo includes an example of a user onboarding experience and account management for Rocket Rides, an on-demand marketplace.

You can find the demo’s complete source code on GitHub.

Prerequisites for using Express

To create Express accounts, you must meet all of these requirements:

• Minimum API version: Express requires the API version 2017-05-25 or later. Capabilities in Express require the API version 2019-02-19 or later.
• Users based in the United States and Canada: Express accounts are available only to individuals and businesses located in the United States and Canada. Contact us if you are interested in support for users outside these two countries.
• Phone number: Canada users need to have an SMS-enabled phone number in order to authenticate with Express. And, U.S. users need to have an SMS-enabled U.S. phone number.
• Risk management: Your platform is ultimately responsible for losses incurred by Express accounts. To protect against this, you need to scrutinize all accounts that sign up via your platform for potential fraud. Refer to our best practices guide for more information.
• Platform profile: You need to complete your platform’s profile.

Note there’s an additional cost for active Express accounts. An Express account is considered active if it has received at least one successful payout in a given month.

Step 1: Create the OAuth link

To start your integration, you need two pieces of information from your platform settings:

• Your client_id, a unique identifier for your platform that is generated by Stripe.
• Your redirect_uri, the URL which your user will be redirected to after connecting their account. If you do not include the redirect_uri parameter in your request, Stripe defaults to using the first address you have configured as the redirect destination in your Dashboard.

Stripe also provides a development client_id to make testing easier.

With these two pieces of information in hand, you’re ready to create the OAuth link. We recommend showing a Connect button that sends users to our Express OAuth endpoint:

https://connect.stripe.com/express/oauth/authorize?redirect_uri=https://stripe.com/connect/default/oauth/test&client_id=ca_32D88BD1qLklliziD7gYQvctJIhWBSQ7&state={STATE_VALUE}

To prevent CSRF attacks, add the state parameter with the value set to a unique token. Stripe includes this state value in the redirect URL that sends the user back to your site.

Here’s how the example URL can be presented:

Connect with Stripe

Customize Express with OAuth parameters

You can change the behavior of the Express onboarding flow by including additional URL parameters in your OAuth link. A complete list of available parameters is available in the OAuth Reference Guide.

Individual or company accounts

You can specify whether Stripe should present an Express onboarding form for individuals or companies by setting the stripe_user[business_type] parameter to either individual or company.

Stripe will collect the right information for each account type. For example, to onboard a company:

https://connect.stripe.com/express/oauth/authorize?redirect_uri=https://stripe.com/connect/default/oauth/test&client_id=ca_32D88BD1qLklliziD7gYQvctJIhWBSQ7&state={STATE_VALUE}&stripe_user[business_type]=company

Prefill form fields

You can prefill some form fields on the user’s Stripe application by including the relevant URL parameters in your OAuth link.

This example prefills the user’s email address with stripe_user[email]:

https://connect.stripe.com/express/oauth/authorize?redirect_uri=https://stripe.com/connect/default/oauth/test&client_id=ca_32D88BD1qLklliziD7gYQvctJIhWBSQ7&state={STATE_VALUE}&stripe_user[email]=user@example.com

Specify capabilities for an account

If your platform is designated for one capability (either card_payments or transfers), you won’t need to specify additional capabilities. However, if your platform supports both, you can add a capability to an individual Express account by including the suggested_capabilities[] parameter in your OAuth link.

An example with the transfers capability:

https://connect.stripe.com/express/oauth/authorize?redirect_uri=https://stripe.com/connect/default/oauth/test&client_id=ca_32D88BD1qLklliziD7gYQvctJIhWBSQ7&state={STATE_VALUE}&suggested_capabilities[]=transfers

Stripe adds the suggested capability to this Express account, unless one of the following conditions is met:

• If the user is in a country that doesn’t support transfers, Stripe attempts to designate the account as card_payments.
• If transfers and card_payments are both not supported for the user, the connected account is marked as having no capabilities.

You can verify that Stripe added the suggested capability by using the assert_capabilities[] parameter. This step is optional.

Step 2: User creates or connects their account

After the user clicks the link on your site, they are taken to Stripe’s website where they are prompted to provide contact and payout information.

To test the onboarding process, you can provide (000) 000-0000 as a phone number. Instead of sending you an SMS message or e-mail, Stripe lets you complete verification with the code 000-000.

Express displays your branding in the onboarding flow and the Express dashboard. You can provide your platform name, logo, and optional brand color in the Connect settings section of the Stripe Dashboard.

Step 3: User is redirected back to your site

After the user completes the onboarding process, they are redirected back to your site using the URL defined as your platform’s redirect_uri.

For successful connections, the following values are passed back in the redirect URL:

• The state value, if provided
• An authorization code

https://stripe.com/connect/default/oauth/test?code={AUTHORIZATION_CODE}

Step 4: Platform completes the Express account connection

Include the provided authorization code in a POST request to Stripe’s token endpoint to complete the connection and fetch the user’s account ID:

curl https://connect.stripe.com/oauth/token \
  -d client_secret=sk_test_4eC39HqLyjWDarjtT1zdp7dc \
  -d code="{AUTHORIZATION_CODE}" \
  -d grant_type=authorization_code

Stripe returns a response containing the account ID (stripe_user_id) and authentication credentials for the user:

{
  "access_token": "{ACCESS_TOKEN}",
  "livemode": false,
  "refresh_token": "{REFRESH_TOKEN}",
  "token_type": "bearer",
  "stripe_publishable_key": "{PUBLISHABLE_KEY}",
  "stripe_user_id": "{ACCOUNT_ID}",
  "scope": "express"
}

If there was a problem, a detailed error is returned:

{
  "error": "invalid_grant",
  "error_description": "Authorization code does not exist: {AUTHORIZATION_CODE}"
}

The user is now connected to your platform. The stripe_user_id is the Stripe account ID for the new account. Store this value in your database and use it to authenticate as the connected account by passing it into requests in the Stripe-Account header.

The refresh_token can be used to generate test access tokens for a production client_id or to roll your access token.

Verify the account’s capability

If you provide the suggested_capabilities[] parameter, you can add the assert_capabilities[] parameter to verify that the suggested capability was applied to the connected account. This step is optional, however. Stripe handles any failure to apply a capability silently. You might want to check if you’re particularly concerned about URL security.

curl https://connect.stripe.com/oauth/token \
  -d client_secret=sk_test_4eC39HqLyjWDarjtT1zdp7dc \
  -d code="{AUTHORIZATION_CODE}" \
  -d grant_type=authorization_code \
  -d assert_capabilities[]=transfers

A success response then looks like:

{
  "access_token": "{ACCESS_TOKEN}",
  "livemode": false,
  "refresh_token": "{REFRESH_TOKEN}",
  "token_type": "bearer",
  "stripe_publishable_key": "{PUBLISHABLE_KEY}",
  "stripe_user_id": "{ACCOUNT_ID}",
  "scope": "express",
  "capabilities": "transfers"
}

If the specified capabilities[] value doesn’t match, the error response looks like:

{
  "error": "invalid_request",
  "error_description": "assert_capabilities expects capability: card_payments"
}

The most common reason for this request failure is that the specified capability is not available in your user’s country. A less likely reason is a bad actor changing the URL.

Webhooks

After an account is created, all account change notifications can be delivered to your webhooks as account.updated events. You set your Connect webhook URL in your account settings. These events let you track connected account onboarding and verification status, which can be useful for providing user support and displaying relevant notices in your platform’s user interface. This isn’t necessary, though, because Stripe takes your users through the steps of the onboarding and verification process and handles any issues that arise. Your platform doesn’t need to do any additional work.

Next steps

• Integrating with the Express Dashboard
• Creating Charges
• OAuth Reference
• Scheduling Payouts