Create OAuth Client
GACreate a new OAuth client for API access.
Configure the client with:
- Name and description
- Authorized redirect URIs for OAuth flows
- Supported grant types
- Client type (user or project)
Grant Types:
1. Client Credentials
- For server-to-server API access
- No user interaction required
- No redirect URIs needed
- Returns access token directly
- Best for automated processes and service accounts
2. Authorization Code
- For user-based access to the API
- Requires redirect URIs for OAuth flow
- Most secure for web applications
- Flow:
1. User is redirected to authorization server
2. After consent, redirects back to your app with auth code
3. Your app exchanges code for tokens
- Required for web applications accessing user data
3. Refresh Token
- Enables long-term API access
- Used with authorization code flow
- Allows getting new access tokens without user interaction
- No redirect URIs needed for refresh flow itself
- Best for maintaining persistent access
4. Implicit (Legacy)
- For browser-based applications
- Requires redirect URIs
- Returns token in URL fragment
- Less secure than authorization code
- Not recommended for new applications
Redirect URIs:
- Required for authorization code and implicit flows
- Must be exact match when used
- Common formats:
- Web apps: https://app.example.com/oauth/callback
- Local development: http://localhost:3000/callback
- Mobile apps: myapp://oauth/callback
- Security requirements:
- Must use HTTPS in production
- Cannot contain fragments (#)
- Should be specific paths, not generic domains
- Maximum length: 2048 characters
Client types:
- User: Standard OAuth client tied to the creating user's permissions
- Project: Service account OAuth client with project-level permissions
The response includes:
- Client ID and secret (shown only once)
- Configured redirect URIs
- Supported grant types
- Creation timestamp
Security note: Store the client secret securely as it cannot be retrieved later.
Authentication
AuthorizationBearer
Bearer authentication of the form Bearer <token>, where token is your auth token.
Path parameters
org_id
The unique identifier of the organization.
project_id
The unique identifier of the project.
Request
This endpoint expects an object.
name
Name for the new OAuth client.
description
Optional description of the client's purpose.
redirect_uris
List of authorized redirect URIs. Required if using authorization_code or implicit grant types.
grant_types
List of OAuth grant types to enable.
Allowed values:
type
Type of OAuth client to create:
- user: Standard client tied to creating user's permissions
- project: Service account client with project-level permissions
Allowed values:
Response
Successful Response
id
Unique identifier for the OAuth client.
name
Human-readable name for the OAuth client.
client_id
Unique identifier used to identify the client with the authorization server.
project_id
ID of the project this OAuth client belongs to.
created
Timestamp when the OAuth client was created.
modified
Timestamp when the OAuth client was last modified.
description
Optional description explaining the client's purpose and usage.
redirect_uris
List of authorized redirect URIs for OAuth flows requiring user interaction. Required for authorization code and implicit flows. Must be exact matches when used. Must use HTTPS in production (except for localhost).
grant_types
OAuth 2.0 grant types enabled for this client.
- client_credentials: For server-to-server API access
- authorization_code: For web and mobile apps
- refresh_token: For maintaining long-term access
- implicit: Legacy flow, not recommended for new applications
Allowed values:
client_secret
Secret key used to authenticate the client. Only shown once upon creation. Must be stored securely. Required for confidential clients (e.g., server applications).
