Skip to content

Create an OAuth/OIDC client.

POST
/api/admin/clients
Code sample: Shell / cURL
curl --request POST \
--url https://auth.example.com/api/admin/clients \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '{ "client_name": "example", "description": "example", "redirect_uris": [ "https://example.com" ], "grant_types": [ "authorization_code" ], "response_types": [ "code" ], "scope": "example", "logo_uri": "https://example.com", "client_uri": "https://example.com", "policy_uri": "https://example.com", "tos_uri": "https://example.com", "contacts": [ "example" ], "token_endpoint_auth_method": "none", "subject_type": "public", "sector_identifier_uri": "https://example.com", "is_trusted": true, "skip_consent": true, "allow_claims_without_scope": true, "allowed_redirect_origins": [ "example" ], "web_origin_registry": "example", "require_pkce": true, "application_type": "web", "trust_group": "example", "browser_public_client_mode": "disabled", "browser_refresh_token_policy": "disabled", "native_sso_enabled": true, "native_channel_allowed": true, "allowed_channels": [ "example" ], "token_exchange_allowed": true, "allowed_subject_token_clients": [ "example" ], "allowed_token_exchange_resources": [ "example" ], "delegation_mode": "none", "client_credentials_allowed": true, "allowed_scopes": [ "example" ], "default_scope": "example", "default_audience": "example", "default_resource": "example" }'

Create Client in the Clients area. The request body is JSON unless the detailed schema for this operation states otherwise.

X-Tenant-Id
string

Tenant selector for multi-tenant admin requests.

Idempotency-Key
string

Idempotency key for state-changing operations that support replay protection.

Media type application/json
object
client_name
required
string
>= 1 characters
description
string | null
redirect_uris
required
Array<string>
>= 1 items
grant_types
Array<string>
Allowed values: authorization_code refresh_token client_credentials urn:ietf:params:oauth:grant-type:device_code urn:openid:params:grant-type:ciba urn:ietf:params:oauth:grant-type:token-exchange
response_types
Array<string>
Allowed values: code id_token token
scope
string
logo_uri
string format: uri
client_uri
string format: uri
policy_uri
string format: uri
tos_uri
string format: uri
contacts
Array<string>
token_endpoint_auth_method
string
Allowed values: none client_secret_basic client_secret_post client_secret_jwt private_key_jwt
subject_type
string
Allowed values: public pairwise
sector_identifier_uri
string format: uri
is_trusted
boolean
skip_consent
boolean
allow_claims_without_scope
boolean
allowed_redirect_origins
Array<string>
web_origin_registry
object | null
require_pkce
boolean
application_type
string
Allowed values: web native service
trust_group
string | null
browser_public_client_mode
string | null
Allowed values: disabled enabled required
browser_refresh_token_policy
string | null
Allowed values: disabled rotation persistent
native_sso_enabled
boolean | null
native_channel_allowed
boolean | null
allowed_channels
Array<string> | null
token_exchange_allowed
boolean
allowed_subject_token_clients
Array<string> | null
allowed_token_exchange_resources
Array<string> | null
delegation_mode
string
Allowed values: none delegation impersonation
client_credentials_allowed
boolean
allowed_scopes
Array<string> | null
default_scope
string | null
default_audience
string | null
default_resource
string | null

OAuth/OIDC client response.

Media type application/json
object
client
required
object
client_name
required
string
>= 1 characters
description
string | null
redirect_uris
required
Array<string>
>= 1 items
grant_types
required
Array<string>
Allowed values: authorization_code refresh_token client_credentials urn:ietf:params:oauth:grant-type:device_code urn:openid:params:grant-type:ciba urn:ietf:params:oauth:grant-type:token-exchange
response_types
required
Array<string>
Allowed values: code id_token token
scope
string
logo_uri
string format: uri
client_uri
string format: uri
policy_uri
string format: uri
tos_uri
string format: uri
contacts
Array<string>
token_endpoint_auth_method
string
Allowed values: none client_secret_basic client_secret_post client_secret_jwt private_key_jwt
subject_type
string
Allowed values: public pairwise
sector_identifier_uri
string format: uri
is_trusted
boolean
skip_consent
boolean
allow_claims_without_scope
boolean
allowed_redirect_origins
Array<string>
web_origin_registry
object | null
require_pkce
boolean
application_type
string
Allowed values: web native service
trust_group
string | null
browser_public_client_mode
string | null
Allowed values: disabled enabled required
browser_refresh_token_policy
string | null
Allowed values: disabled rotation persistent
native_sso_enabled
boolean | null
native_channel_allowed
boolean | null
allowed_channels
Array<string> | null
token_exchange_allowed
boolean
allowed_subject_token_clients
Array<string> | null
allowed_token_exchange_resources
Array<string> | null
delegation_mode
string
Allowed values: none delegation impersonation
client_credentials_allowed
boolean
allowed_scopes
Array<string> | null
default_scope
string | null
default_audience
string | null
default_resource
string | null
client_id
required
string
client_secret

Returned only on secret-issuing operations such as client creation or regeneration.

string
tenant_id
string
created_at
One of:
integer
updated_at
One of:
integer
Example
{
"client": {
"grant_types": [
"authorization_code"
],
"response_types": [
"code"
],
"token_endpoint_auth_method": "none",
"subject_type": "public",
"application_type": "web",
"browser_public_client_mode": "disabled",
"browser_refresh_token_policy": "disabled",
"delegation_mode": "none"
}
}

Error response.

Media type application/json
object
error
string
message
string
error_description
string
key
additional properties
Example generated
{
"error": "example",
"message": "example",
"error_description": "example"
}