# Wave OAuth Credentials Setup

## Prerequisites

- A Wave account (sign up at [waveapps.com](https://www.waveapps.com))

## Steps

1. Go to the [Wave Developer Portal](https://developer.waveapps.com/hc/en-us)
2. Navigate to **My Apps** and click **Create an application**
3. Fill in the application details:
   - **Application Name**: Your application name (e.g., "Your Company - Unify")
   - **Redirect URI**: `https://unify.apideck.com/vault/callback`
   - **Description**: Brief description of your integration
4. Click **Create**
5. Copy the **Client ID** and **Client Secret**

## Important Notes

- **Wave Pro required**: As of May 26, 2025, end users must have an active Wave Pro Plan or Wave Advisors subscription to authorize third-party OAuth applications
- Wave OAuth tokens expire and are refreshed automatically via the refresh token flow
- The redirect URI must match exactly
- For local development, register a separate app with redirect URI `https://localhost:3050/vault/callback`

## Scopes

Wave uses granular scopes in `resource:operation` format. The integration requests:

| Scope | Access |
|-------|--------|
| `account:read` | Read chart of accounts |
| `account:write` | Create/update accounts |
| `business:read` | Read business information |
| `customer:read` | Read customers |
| `customer:write` | Create/update/delete customers |
| `invoice:read` | Read invoices |
| `invoice:write` | Create/delete invoices |
| `product:read` | Read products/services |
| `product:write` | Create/update products |
| `transaction:read` | Read bank transactions |
| `user:read` | Read user profile |
| `vendor:read` | Read vendors/suppliers |
| `offline_access` | Required for refresh token flow |

The `offline_access` scope is essential — without it, no refresh token is issued and the connection expires after ~2 hours.

## Rate Limits

- ~60 requests per minute per access token
- ~5,000 requests per day per application