OAuth · Etsy Open API

OAuth Callback

This is the OAuth 2.0 redirect URI declared by Pantry Suite for the Etsy Open API. It is reachable only as part of the operator’s authorization flow.

What happens here

• The operator initiates an Etsy authorization request from the local application.
• Etsy returns the operator to this URL with an authorization code and the original state parameter.
• Pantry Suite verifies the state parameter, exchanges the code for an access token + refresh token using PKCE (S256), and persists the tokens in a permission-restricted file on the operator workstation.
• Pantry Suite then closes this window and returns the operator to the application.

What never happens here

• No tokens are written to a remote server.
• No buyer or third-party data is requested.
• No bulk-creation flow is triggered automatically — every write is a deliberate operator action initiated from the application UI.

See Security & Vulnerability Disclosure for the full OAuth posture and operational controls.