--- id: create-oauth-client sidebar_label: Create OAuth Client hide_title: true hide_table_of_contents: true api: {"operationId":"createOauthClient","tags":["OAuth Clients"],"description":"This creates an OAuth client.\nRequest will require the following security scope:\n- 'idn:oathkeeper-client:create' - 'idn:oathkeeper-internal-client:create'","requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","properties":{"businessName":{"type":"string","description":"The name of the business the API Client should belong to","example":"Acme-Solar"},"homepageUrl":{"type":"string","description":"The homepage URL associated with the owner of the API Client","example":"http://localhost:12345"},"name":{"type":"string","description":"A human-readable name for the API Client","example":"Demo API Client"},"description":{"type":"string","description":"A description of the API Client","example":"An API client used for the authorization_code, refresh_token, and client_credentials flows"},"accessTokenValiditySeconds":{"type":"string","description":"The number of seconds an access token generated for this API Client is valid for","example":750},"refreshTokenValiditySeconds":{"type":"string","description":"The number of seconds a refresh token generated for this API Client is valid for","example":86400},"redirectUris":{"type":"array","items":{"type":"string"},"description":"A list of the approved redirect URIs. Provide one or more URIs when assigning the AUTHORIZATION_CODE grant type to a new OAuth Client.","example":["http://localhost:12345"]},"grantTypes":{"type":"array","items":{"description":"OAuth2 Grant Type","type":"string","example":"CLIENT_CREDENTIALS","enum":["CLIENT_CREDENTIALS","AUTHORIZATION_CODE","REFRESH_TOKEN"]},"description":"A list of OAuth 2.0 grant types this API Client can be used with","example":["AUTHORIZATION_CODE","CLIENT_CREDENTIALS","REFRESH_TOKEN"]},"accessType":{"description":"The access type (online or offline) of this API Client","example":"OFFLINE","type":"string","enum":["ONLINE","OFFLINE"]},"type":{"description":"The type of the API Client (public or confidential)","example":"CONFIDENTIAL","type":"string","enum":["CONFIDENTIAL","PUBLIC"]},"internal":{"type":"boolean","description":"An indicator of whether the API Client can be used for requests internal within the product.","example":false},"enabled":{"type":"boolean","description":"An indicator of whether the API Client is enabled for use","example":true},"strongAuthSupported":{"type":"boolean","description":"An indicator of whether the API Client supports strong authentication","example":false},"claimsSupported":{"type":"boolean","description":"An indicator of whether the API Client supports the serialization of SAML claims when used with the authorization_code flow","example":false}},"required":["name","description","accessTokenValiditySeconds","grantTypes","accessType","enabled"]}}}},"responses":{"200":{"description":"Request succeeded.","content":{"application/json":{"schema":{"type":"object","properties":{"id":{"type":"string","description":"ID of the OAuth client","example":"2c9180835d2e5168015d32f890ca1581"},"secret":{"type":"string","description":"Secret of the OAuth client (This field is only returned on the intial create call.)","example":"5c32dd9b21adb51c77794d46e71de117a1d0ddb36a7ff941fa28014ab7de2cf3"},"businessName":{"type":"string","description":"The name of the business the API Client should belong to","example":"Acme-Solar"},"homepageUrl":{"type":"string","description":"The homepage URL associated with the owner of the API Client","example":"http://localhost:12345"},"name":{"type":"string","description":"A human-readable name for the API Client","example":"Demo API Client"},"description":{"type":"string","description":"A description of the API Client","example":"An API client used for the authorization_code, refresh_token, and client_credentials flows"},"accessTokenValiditySeconds":{"type":"string","description":"The number of seconds an access token generated for this API Client is valid for","example":750},"refreshTokenValiditySeconds":{"type":"string","description":"The number of seconds a refresh token generated for this API Client is valid for","example":86400},"redirectUris":{"type":"array","items":{"type":"string"},"description":"A list of the approved redirect URIs used with the authorization_code flow","example":["http://localhost:12345"]},"grantTypes":{"type":"array","items":{"description":"OAuth2 Grant Type","type":"string","example":"CLIENT_CREDENTIALS","enum":["CLIENT_CREDENTIALS","AUTHORIZATION_CODE","REFRESH_TOKEN"]},"description":"A list of OAuth 2.0 grant types this API Client can be used with","example":["AUTHORIZATION_CODE","CLIENT_CREDENTIALS","REFRESH_TOKEN"]},"accessType":{"description":"The access type (online or offline) of this API Client","example":"OFFLINE","type":"string","enum":["ONLINE","OFFLINE"]},"type":{"description":"The type of the API Client (public or confidential)","example":"CONFIDENTIAL","type":"string","enum":["CONFIDENTIAL","PUBLIC"]},"internal":{"type":"boolean","description":"An indicator of whether the API Client can be used for requests internal to IDN","example":false},"enabled":{"type":"boolean","description":"An indicator of whether the API Client is enabled for use","example":true},"strongAuthSupported":{"type":"boolean","description":"An indicator of whether the API Client supports strong authentication","example":false},"claimsSupported":{"type":"boolean","description":"An indicator of whether the API Client supports the serialization of SAML claims when used with the authorization_code flow","example":false},"created":{"type":"string","format":"date-time","description":"The date and time, down to the millisecond, when the API Client was created","example":"2017-07-11T18:45:37.098Z"},"modified":{"type":"string","format":"date-time","description":"The date and time, down to the millisecond, when the API Client was last updated","example":"2018-06-25T20:22:28.104Z"}},"required":["id","secret","businessName","homepageUrl","name","description","accessTokenValiditySeconds","refreshTokenValiditySeconds","redirectUris","grantTypes","accessType","type","internal","enabled","strongAuthSupported","claimsSupported","created","modified"]}}}},"400":{"description":"Client Error - Returned if the request body is invalid.","content":{"application/json":{"schema":{"type":"object","properties":{"detailCode":{"type":"string","description":"Fine-grained error code providing more detail of the error.","example":"400.1 Bad Request Content"},"trackingId":{"type":"string","description":"Unique tracking id for the error.","example":"e7eab60924f64aa284175b9fa3309599"},"messages":{"type":"array","description":"Generic localized reason for error","items":{"type":"object","properties":{"locale":{"type":"string","description":"The locale for the message text, a BCP 47 language tag.","example":"en-US"},"localeOrigin":{"type":"string","enum":["DEFAULT","REQUEST"],"description":"An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.","example":"DEFAULT"},"text":{"type":"string","description":"Actual text of the error message in the indicated locale.","example":"The request was syntactically correct but its content is semantically invalid."}}}},"causes":{"type":"array","description":"Plain-text descriptive reasons to provide additional detail to the text provided in the messages field","items":{"type":"object","properties":{"locale":{"type":"string","description":"The locale for the message text, a BCP 47 language tag.","example":"en-US"},"localeOrigin":{"type":"string","enum":["DEFAULT","REQUEST"],"description":"An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.","example":"DEFAULT"},"text":{"type":"string","description":"Actual text of the error message in the indicated locale.","example":"The request was syntactically correct but its content is semantically invalid."}}}}}}}}},"401":{"description":"Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"description":"A message describing the error","example":"JWT validation failed: JWT is expired"}}}}}},"403":{"description":"Forbidden - Returned if the user you are running as, doesn't have access to this end-point.","content":{"application/json":{"schema":{"type":"object","properties":{"detailCode":{"type":"string","description":"Fine-grained error code providing more detail of the error.","example":"400.1 Bad Request Content"},"trackingId":{"type":"string","description":"Unique tracking id for the error.","example":"e7eab60924f64aa284175b9fa3309599"},"messages":{"type":"array","description":"Generic localized reason for error","items":{"type":"object","properties":{"locale":{"type":"string","description":"The locale for the message text, a BCP 47 language tag.","example":"en-US"},"localeOrigin":{"type":"string","enum":["DEFAULT","REQUEST"],"description":"An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.","example":"DEFAULT"},"text":{"type":"string","description":"Actual text of the error message in the indicated locale.","example":"The request was syntactically correct but its content is semantically invalid."}}}},"causes":{"type":"array","description":"Plain-text descriptive reasons to provide additional detail to the text provided in the messages field","items":{"type":"object","properties":{"locale":{"type":"string","description":"The locale for the message text, a BCP 47 language tag.","example":"en-US"},"localeOrigin":{"type":"string","enum":["DEFAULT","REQUEST"],"description":"An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.","example":"DEFAULT"},"text":{"type":"string","description":"Actual text of the error message in the indicated locale.","example":"The request was syntactically correct but its content is semantically invalid."}}}}}},"examples":{"403":{"summary":"An example of a 403 response object","value":{"detailCode":"403 Forbidden","trackingId":"b21b1f7ce4da4d639f2c62a57171b427","messages":[{"locale":"en-US","localeOrigin":"DEFAULT","text":"The server understood the request but refuses to authorize it."}]}}}}}},"429":{"description":"Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.","content":{"application/json":{"schema":{"type":"object","properties":{"message":{"description":"A message describing the error","example":" Rate Limit Exceeded "}}}}}},"500":{"description":"Internal Server Error - Returned if there is an unexpected error.","content":{"application/json":{"schema":{"type":"object","properties":{"detailCode":{"type":"string","description":"Fine-grained error code providing more detail of the error.","example":"400.1 Bad Request Content"},"trackingId":{"type":"string","description":"Unique tracking id for the error.","example":"e7eab60924f64aa284175b9fa3309599"},"messages":{"type":"array","description":"Generic localized reason for error","items":{"type":"object","properties":{"locale":{"type":"string","description":"The locale for the message text, a BCP 47 language tag.","example":"en-US"},"localeOrigin":{"type":"string","enum":["DEFAULT","REQUEST"],"description":"An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.","example":"DEFAULT"},"text":{"type":"string","description":"Actual text of the error message in the indicated locale.","example":"The request was syntactically correct but its content is semantically invalid."}}}},"causes":{"type":"array","description":"Plain-text descriptive reasons to provide additional detail to the text provided in the messages field","items":{"type":"object","properties":{"locale":{"type":"string","description":"The locale for the message text, a BCP 47 language tag.","example":"en-US"},"localeOrigin":{"type":"string","enum":["DEFAULT","REQUEST"],"description":"An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.","example":"DEFAULT"},"text":{"type":"string","description":"Actual text of the error message in the indicated locale.","example":"The request was syntactically correct but its content is semantically invalid."}}}}}},"examples":{"500":{"summary":"An example of a 500 response object","value":{"detailCode":"500.0 Internal Fault","trackingId":"b21b1f7ce4da4d639f2c62a57171b427","messages":[{"locale":"en-US","localeOrigin":"DEFAULT","text":"An internal fault occurred."}]}}}}}}},"method":"post","path":"/oauth-clients","servers":[{"url":"https://{tenant}.api.identitynow.com/v3","description":"This is the production API server.","variables":{"tenant":{"default":"sailpoint","description":"This is the name of your tenant, typically your company's name."}}}],"security":[{"oauth2":[]}],"securitySchemes":{"oauth2":{"type":"oauth2","description":"OAuth2 Bearer token (JWT). See [IdentityNow REST API Authentication](https://developer.sailpoint.com/docs/authentication.html) for more information.\n- Directions for generating a [personal access token](https://developer.sailpoint.com/docs/authentication.html#personal-access-tokens)\n- Directions using [client credentials flow](https://developer.sailpoint.com/docs/authentication.html#client-credentials-grant-flow)\n- Directions for using [authorization code flow](https://developer.sailpoint.com/docs/authentication.html#authorization-code-grant-flow)\n\nWhich authentication method should I choose? See our [guide](https://developer.sailpoint.com/docs/authentication.html#which-oauth-2-0-grant-flow-should-i-use)\n\nLearn more about how to find your `tokenUrl` and `authorizationUrl` [in our docs](https://developer.sailpoint.com/docs/authentication.html#finding-your-tenant-s-oauth-details)\n","flows":{"clientCredentials":{"tokenUrl":"https://tenant.api.identitynow.com/oauth/token","scopes":{"sp:scopes:default":"default scope","sp:scopes:all":"access to all scopes"}},"authorizationCode":{"authorizationUrl":"https://tenant.identitynow.com/oauth/authorize","tokenUrl":"https://tenant.api.identitynow.com/oauth/token","scopes":{"sp:scopes:default":"default scope","sp:scopes:all":"access to all scopes"}}}}},"jsonRequestBodyExample":{"businessName":"Acme-Solar","homepageUrl":"http://localhost:12345","name":"Demo API Client","description":"An API client used for the authorization_code, refresh_token, and client_credentials flows","accessTokenValiditySeconds":750,"refreshTokenValiditySeconds":86400,"redirectUris":["http://localhost:12345"],"grantTypes":["AUTHORIZATION_CODE","CLIENT_CREDENTIALS","REFRESH_TOKEN"],"accessType":"OFFLINE","type":"CONFIDENTIAL","internal":false,"enabled":true,"strongAuthSupported":false,"claimsSupported":false},"info":{"contact":{"email":"developers@sailpoint.com","name":"Developer Relations","url":"https://developer.sailpoint.com/discuss"},"description":"These are the public APIs for SailPoint's SaaS services. We encourage you to join the SailPoint Developer Community forum at https://developer.sailpoint.com/discuss to connect with other developers using our APIs.","title":"SailPoint - SaaS API","version":"3.0.0"},"postman":{"name":"Create OAuth Client","description":{"content":"This creates an OAuth client.\nRequest will require the following security scope:\n- 'idn:oathkeeper-client:create' - 'idn:oathkeeper-internal-client:create'","type":"text/plain"},"url":{"path":["oauth-clients"],"host":["{{baseUrl}}"],"query":[],"variable":[]},"header":[{"key":"Content-Type","value":"application/json"},{"key":"Accept","value":"application/json"}],"method":"POST","body":{"mode":"raw","raw":"\"\"","options":{"raw":{"language":"json"}}}}} sidebar_class_name: "post api-method" info_path: docs/sailpoint-api-v3/sail-point-saa-s-api --- import ApiTabs from "@theme/ApiTabs"; import MimeTabs from "@theme/MimeTabs"; import ParamsItem from "@theme/ParamsItem"; import ResponseSamples from "@theme/ResponseSamples"; import SchemaItem from "@theme/SchemaItem" import SchemaTabs from "@theme/SchemaTabs"; import DiscriminatorTabs from "@theme/DiscriminatorTabs"; import TabItem from "@theme/TabItem"; ## Create OAuth Client This creates an OAuth client. Request will require the following security scope: - 'idn:oathkeeper-client:create' - 'idn:oathkeeper-internal-client:create'
Request Body required
Request succeeded.
Schema
Client Error - Returned if the request body is invalid.
Schema
    messages object[]
    Generic localized reason for error
    causes object[]
    Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.
Schema
Forbidden - Returned if the user you are running as, doesn't have access to this end-point.
Schema
    messages object[]
    Generic localized reason for error
    causes object[]
    Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
Schema
Internal Server Error - Returned if there is an unexpected error.
Schema
    messages object[]
    Generic localized reason for error
    causes object[]
    Plain-text descriptive reasons to provide additional detail to the text provided in the messages field