--- id: create-oauth-client sidebar_label: Create OAuth Client hide_title: true hide_table_of_contents: true api: {"operationId":"createOauthClient","security":[{"oauth2":["sp:oauth-client:manage"]}],"tags":["OAuth Clients"],"description":"This creates an OAuth client.","requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","properties":{"businessName":{"type":"string","nullable":true,"description":"The name of the business the API Client should belong to","example":"Acme-Solar"},"homepageUrl":{"type":"string","nullable":true,"description":"The homepage URL associated with the owner of the API Client","example":"http://localhost:12345"},"name":{"type":"string","nullable":true,"description":"A human-readable name for the API Client","example":"Demo API Client"},"description":{"type":"string","nullable":true,"description":"A description of the API Client","example":"An API client used for the authorization_code, refresh_token, and client_credentials flows"},"accessTokenValiditySeconds":{"type":"integer","format":"int32","description":"The number of seconds an access token generated for this API Client is valid for","example":750},"refreshTokenValiditySeconds":{"type":"integer","format":"int32","description":"The number of seconds a refresh token generated for this API Client is valid for","example":86400},"redirectUris":{"type":"array","nullable":true,"items":{"type":"string"},"description":"A list of the approved redirect URIs. Provide one or more URIs when assigning the AUTHORIZATION_CODE grant type to a new OAuth Client.","example":["http://localhost:12345","http://localhost:67890"]},"grantTypes":{"type":"array","nullable":true,"items":{"description":"OAuth2 Grant Type","type":"string","example":"CLIENT_CREDENTIALS","enum":["CLIENT_CREDENTIALS","AUTHORIZATION_CODE","REFRESH_TOKEN"]},"description":"A list of OAuth 2.0 grant types this API Client can be used with","example":["AUTHORIZATION_CODE","CLIENT_CREDENTIALS","REFRESH_TOKEN"]},"accessType":{"description":"The access type (online or offline) of this API Client","example":"OFFLINE","type":"string","enum":["ONLINE","OFFLINE"]},"type":{"description":"The type of the API Client (public or confidential)","example":"CONFIDENTIAL","type":"string","enum":["CONFIDENTIAL","PUBLIC"]},"internal":{"type":"boolean","description":"An indicator of whether the API Client can be used for requests internal within the product.","example":false},"enabled":{"type":"boolean","description":"An indicator of whether the API Client is enabled for use","example":true},"strongAuthSupported":{"type":"boolean","description":"An indicator of whether the API Client supports strong authentication","example":false},"claimsSupported":{"type":"boolean","description":"An indicator of whether the API Client supports the serialization of SAML claims when used with the authorization_code flow","example":false},"scope":{"type":"array","nullable":true,"items":{"type":"string","default":"sp:scopes:all"},"description":"Scopes of the API Client. If no scope is specified, the client will be created with the default scope \"sp:scopes:all\". This means the API Client will have all the rights of the owner who created it.","example":["demo:api-client-scope:first","demo:api-client-scope:second"]}},"required":["name","description","accessTokenValiditySeconds","grantTypes","accessType","enabled"]}}}},"responses":{"200":{"description":"Request succeeded.","content":{"application/json":{"schema":{"type":"object","properties":{"id":{"type":"string","description":"ID of the OAuth client","example":"2c9180835d2e5168015d32f890ca1581"},"secret":{"type":"string","description":"Secret of the OAuth client (This field is only returned on the intial create call.)","example":"5c32dd9b21adb51c77794d46e71de117a1d0ddb36a7ff941fa28014ab7de2cf3"},"businessName":{"type":"string","description":"The name of the business the API Client should belong to","example":"Acme-Solar"},"homepageUrl":{"type":"string","description":"The homepage URL associated with the owner of the API Client","example":"http://localhost:12345"},"name":{"type":"string","description":"A human-readable name for the API Client","example":"Demo API Client"},"description":{"type":"string","description":"A description of the API Client","example":"An API client used for the authorization_code, refresh_token, and client_credentials flows"},"accessTokenValiditySeconds":{"type":"integer","format":"int32","description":"The number of seconds an access token generated for this API Client is valid for","example":750},"refreshTokenValiditySeconds":{"type":"integer","format":"int32","description":"The number of seconds a refresh token generated for this API Client is valid for","example":86400},"redirectUris":{"type":"array","items":{"type":"string"},"description":"A list of the approved redirect URIs used with the authorization_code flow","example":["http://localhost:12345"]},"grantTypes":{"type":"array","items":{"description":"OAuth2 Grant Type","type":"string","example":"CLIENT_CREDENTIALS","enum":["CLIENT_CREDENTIALS","AUTHORIZATION_CODE","REFRESH_TOKEN"]},"description":"A list of OAuth 2.0 grant types this API Client can be used with","example":["AUTHORIZATION_CODE","CLIENT_CREDENTIALS","REFRESH_TOKEN"]},"accessType":{"description":"The access type (online or offline) of this API Client","example":"OFFLINE","type":"string","enum":["ONLINE","OFFLINE"]},"type":{"description":"The type of the API Client (public or confidential)","example":"CONFIDENTIAL","type":"string","enum":["CONFIDENTIAL","PUBLIC"]},"internal":{"type":"boolean","description":"An indicator of whether the API Client can be used for requests internal to IDN","example":false},"enabled":{"type":"boolean","description":"An indicator of whether the API Client is enabled for use","example":true},"strongAuthSupported":{"type":"boolean","description":"An indicator of whether the API Client supports strong authentication","example":false},"claimsSupported":{"type":"boolean","description":"An indicator of whether the API Client supports the serialization of SAML claims when used with the authorization_code flow","example":false},"created":{"type":"string","format":"date-time","description":"The date and time, down to the millisecond, when the API Client was created","example":"2017-07-11T18:45:37.098Z"},"modified":{"type":"string","format":"date-time","description":"The date and time, down to the millisecond, when the API Client was last updated","example":"2018-06-25T20:22:28.104Z"},"scope":{"type":"array","nullable":true,"items":{"type":"string","default":"sp:scopes:all"},"description":"Scopes of the API Client.","example":["demo:api-client-scope:first","demo:api-client-scope:second"]}},"required":["id","secret","businessName","homepageUrl","name","description","accessTokenValiditySeconds","refreshTokenValiditySeconds","redirectUris","grantTypes","accessType","type","internal","enabled","strongAuthSupported","claimsSupported","created","modified","scope"]}}}},"400":{"description":"Client Error - Returned if the request body is invalid.","content":{"application/json":{"schema":{"type":"object","properties":{"detailCode":{"type":"string","description":"Fine-grained error code providing more detail of the error.","example":"400.1 Bad Request Content"},"trackingId":{"type":"string","description":"Unique tracking id for the error.","example":"e7eab60924f64aa284175b9fa3309599"},"messages":{"type":"array","description":"Generic localized reason for error","items":{"type":"object","properties":{"locale":{"type":"string","description":"The locale for the message text, a BCP 47 language tag.","example":"en-US"},"localeOrigin":{"type":"string","enum":["DEFAULT","REQUEST"],"description":"An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.","example":"DEFAULT"},"text":{"type":"string","description":"Actual text of the error message in the indicated locale.","example":"The request was syntactically correct but its content is semantically invalid."}}}},"causes":{"type":"array","description":"Plain-text descriptive reasons to provide additional detail to the text provided in the messages field","items":{"type":"object","properties":{"locale":{"type":"string","description":"The locale for the message text, a BCP 47 language tag.","example":"en-US"},"localeOrigin":{"type":"string","enum":["DEFAULT","REQUEST"],"description":"An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.","example":"DEFAULT"},"text":{"type":"string","description":"Actual text of the error message in the indicated locale.","example":"The request was syntactically correct but its content is semantically invalid."}}}}}}}}},"401":{"description":"Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"description":"A message describing the error","example":"JWT validation failed: JWT is expired"}}}}}},"403":{"description":"Forbidden - Returned if the user you are running as, doesn't have access to this end-point.","content":{"application/json":{"schema":{"type":"object","properties":{"detailCode":{"type":"string","description":"Fine-grained error code providing more detail of the error.","example":"400.1 Bad Request Content"},"trackingId":{"type":"string","description":"Unique tracking id for the error.","example":"e7eab60924f64aa284175b9fa3309599"},"messages":{"type":"array","description":"Generic localized reason for error","items":{"type":"object","properties":{"locale":{"type":"string","description":"The locale for the message text, a BCP 47 language tag.","example":"en-US"},"localeOrigin":{"type":"string","enum":["DEFAULT","REQUEST"],"description":"An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.","example":"DEFAULT"},"text":{"type":"string","description":"Actual text of the error message in the indicated locale.","example":"The request was syntactically correct but its content is semantically invalid."}}}},"causes":{"type":"array","description":"Plain-text descriptive reasons to provide additional detail to the text provided in the messages field","items":{"type":"object","properties":{"locale":{"type":"string","description":"The locale for the message text, a BCP 47 language tag.","example":"en-US"},"localeOrigin":{"type":"string","enum":["DEFAULT","REQUEST"],"description":"An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.","example":"DEFAULT"},"text":{"type":"string","description":"Actual text of the error message in the indicated locale.","example":"The request was syntactically correct but its content is semantically invalid."}}}}}},"examples":{"403":{"summary":"An example of a 403 response object","value":{"detailCode":"403 Forbidden","trackingId":"b21b1f7ce4da4d639f2c62a57171b427","messages":[{"locale":"en-US","localeOrigin":"DEFAULT","text":"The server understood the request but refuses to authorize it."}]}}}}}},"429":{"description":"Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.","content":{"application/json":{"schema":{"type":"object","properties":{"message":{"description":"A message describing the error","example":" Rate Limit Exceeded "}}}}}},"500":{"description":"Internal Server Error - Returned if there is an unexpected error.","content":{"application/json":{"schema":{"type":"object","properties":{"detailCode":{"type":"string","description":"Fine-grained error code providing more detail of the error.","example":"400.1 Bad Request Content"},"trackingId":{"type":"string","description":"Unique tracking id for the error.","example":"e7eab60924f64aa284175b9fa3309599"},"messages":{"type":"array","description":"Generic localized reason for error","items":{"type":"object","properties":{"locale":{"type":"string","description":"The locale for the message text, a BCP 47 language tag.","example":"en-US"},"localeOrigin":{"type":"string","enum":["DEFAULT","REQUEST"],"description":"An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.","example":"DEFAULT"},"text":{"type":"string","description":"Actual text of the error message in the indicated locale.","example":"The request was syntactically correct but its content is semantically invalid."}}}},"causes":{"type":"array","description":"Plain-text descriptive reasons to provide additional detail to the text provided in the messages field","items":{"type":"object","properties":{"locale":{"type":"string","description":"The locale for the message text, a BCP 47 language tag.","example":"en-US"},"localeOrigin":{"type":"string","enum":["DEFAULT","REQUEST"],"description":"An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.","example":"DEFAULT"},"text":{"type":"string","description":"Actual text of the error message in the indicated locale.","example":"The request was syntactically correct but its content is semantically invalid."}}}}}},"examples":{"500":{"summary":"An example of a 500 response object","value":{"detailCode":"500.0 Internal Fault","trackingId":"b21b1f7ce4da4d639f2c62a57171b427","messages":[{"locale":"en-US","localeOrigin":"DEFAULT","text":"An internal fault occurred."}]}}}}}}},"method":"post","path":"/oauth-clients","servers":[{"url":"https://{tenant}.api.identitynow.com/beta","description":"This is the beta API server.","variables":{"tenant":{"default":"sailpoint","description":"This is the name of your tenant, typically your company's name."}}}],"securitySchemes":{"oauth2":{"type":"oauth2","description":"OAuth2 Bearer token (JWT). See [IdentityNow REST API Authentication](https://developer.sailpoint.com/idn/api/authentication) for more information.\n- Directions for generating a [personal access token](https://developer.sailpoint.com/idn/api/authentication#personal-access-tokens)\n- Directions using [client credentials flow](https://developer.sailpoint.com/idn/api/authentication#client-credentials-grant-flow)\n- Directions for using [authorization code flow](https://developer.sailpoint.com/idn/api/authentication#authorization-code-grant-flow)\n\nWhich authentication method should I choose? See our [guide](https://developer.sailpoint.com/idn/api/authentication#which-oauth-20-grant-flow-should-i-use)\n\nLearn more about how to find your `tokenUrl` and `authorizationUrl` [in our docs](https://developer.sailpoint.com/idn/api/authentication#find-your-tenants-oauth-details)\n","flows":{"clientCredentials":{"tokenUrl":"https://tenant.api.identitynow.com/oauth/token","scopes":{"sp:scopes:default":"default scope","sp:scopes:all":"access to all scopes"}},"authorizationCode":{"authorizationUrl":"https://tenant.identitynow.com/oauth/authorize","tokenUrl":"https://tenant.api.identitynow.com/oauth/token","scopes":{"sp:scopes:default":"default scope","sp:scopes:all":"access to all scopes"}}}}},"jsonRequestBodyExample":{"businessName":"Acme-Solar","homepageUrl":"http://localhost:12345","name":"Demo API Client","description":"An API client used for the authorization_code, refresh_token, and client_credentials flows","accessTokenValiditySeconds":750,"refreshTokenValiditySeconds":86400,"redirectUris":["http://localhost:12345","http://localhost:67890"],"grantTypes":["AUTHORIZATION_CODE","CLIENT_CREDENTIALS","REFRESH_TOKEN"],"accessType":"OFFLINE","type":"CONFIDENTIAL","internal":false,"enabled":true,"strongAuthSupported":false,"claimsSupported":false,"scope":["demo:api-client-scope:first","demo:api-client-scope:second"]},"info":{"title":"IdentityNow Beta API","description":"Use these APIs to interact with the IdentityNow platform to achieve repeatable, automated processes with greater scalability. These APIs are in beta and are subject to change. We encourage you to join the SailPoint Developer Community forum at https://developer.sailpoint.com/discuss to connect with other developers using our APIs.","termsOfService":"https://developer.sailpoint.com/discuss/tos","contact":{"name":"Developer Relations","url":"https://developer.sailpoint.com/discuss/api-help"},"license":{"name":"MIT","url":"https://opensource.org/licenses/MIT"},"version":"3.1.0-beta"},"postman":{"name":"Create OAuth Client","description":{"content":"This creates an OAuth client.","type":"text/plain"},"url":{"path":["oauth-clients"],"host":["{{baseUrl}}"],"query":[],"variable":[]},"header":[{"key":"Content-Type","value":"application/json"},{"key":"Accept","value":"application/json"}],"method":"POST","body":{"mode":"raw","raw":"\"\"","options":{"raw":{"language":"json"}}},"auth":{"type":"oauth2","oauth2":[]}}} sidebar_class_name: "post api-method" info_path: idn/api/beta/identitynow-beta-api custom_edit_url: "https://github.com/sailpoint-oss/developer.sailpoint.com/issues/new?assignees=&labels=&template=bug-report.md&title=%5BBug%5D+Your+Bug+Report+Here Requesting changes to 'Create OAuth Client' (create-oauth-client)" --- import ApiTabs from "@theme/ApiTabs"; import MimeTabs from "@theme/MimeTabs"; import ParamsItem from "@theme/ParamsItem"; import ResponseSamples from "@theme/ResponseSamples"; import SchemaItem from "@theme/SchemaItem"; import SchemaTabs from "@theme/SchemaTabs"; import DiscriminatorTabs from "@theme/DiscriminatorTabs"; import TabItem from "@theme/TabItem"; ## Create OAuth Client This creates an OAuth client.
Request Body required
Request succeeded.
Schema
Client Error - Returned if the request body is invalid.
Schema
    messages object[]
    Generic localized reason for error
    causes object[]
    Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.
Schema
Forbidden - Returned if the user you are running as, doesn't have access to this end-point.
Schema
    messages object[]
    Generic localized reason for error
    causes object[]
    Plain-text descriptive reasons to provide additional detail to the text provided in the messages field

An example of a 403 response object

Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
Schema
Internal Server Error - Returned if there is an unexpected error.
Schema
    messages object[]
    Generic localized reason for error
    causes object[]
    Plain-text descriptive reasons to provide additional detail to the text provided in the messages field

An example of a 500 response object