{"templateId":"markdown","sharedDataIds":{"sidebar":"sidebar-sidebars.yaml"},"props":{"metadata":{"markdoc":{"tagList":[]},"type":"markdown"},"seo":{"title":"Create a Client Application","llmstxt":{"hide":false,"sections":[{"title":"Table of contents","includeFiles":["**/*"],"excludeFiles":[]}],"excludeFiles":[]}},"dynamicMarkdocComponents":[],"compilationErrors":[],"ast":{"$$mdtype":"Tag","name":"article","attributes":{},"children":[{"$$mdtype":"Tag","name":"Heading","attributes":{"level":1,"id":"create-a-client-application","__idx":0},"children":["Create a Client Application"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Before you can authenticate, you must register your application in the eGain Administration Console to generate a unique ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Client ID"]}," and ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Client Secret"]},"."]},{"$$mdtype":"Tag","name":"div","attributes":{"style":{"padding":"56.25% 0 0 0","position":"relative"}},"children":[{"$$mdtype":"Tag","name":"iframe","attributes":{"src":"https://player.vimeo.com/video/1136306322?h=bd02d0c3f6&badge=0&autopause=0&player_id=0&app_id=58479%22","frameBorder":"0","allow":"autoplay; fullscreen; picture-in-picture; clipboard-write; encrypted-media; web-share","referrerPolicy":"strict-origin-when-cross-origin","style":{"position":"absolute","top":"0","left":"0","width":"100%","height":"100%"},"title":"Client Application Creation"},"children":[]}]},{"$$mdtype":"Tag","name":"HtmlScript","attributes":{"src":"https://player.vimeo.com/api/player.js"},"children":[]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"to-create-a-client-application","__idx":1},"children":["To Create a Client Application:"]},{"$$mdtype":"Tag","name":"ol","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Log in to your Administrator Console with a Partition Administrator (PA) account."]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Navigate to ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["Department"]}," dropdown → ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["Partition"]}," → ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["Integration"]}," → ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["Client Application"]}," and click the ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["(+) Add"]}," button."]},{"$$mdtype":"Tag","name":"div","attributes":{"className":"md-table-wrapper"},"children":[{"$$mdtype":"Tag","name":"table","attributes":{"className":"md"},"children":[{"$$mdtype":"Tag","name":"thead","attributes":{},"children":[{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"th","attributes":{"align":"center","data-label":""},"children":[{"$$mdtype":"Tag","name":"img","attributes":{"src":"/assets/create_client_application.9040ff4bbacb6d879fc3fce4b37a557c3bfbfa81367e3d5a9106c726e6d94059.afe294b5.png","alt":"Create Client Application"},"children":[]}]}]}]}]}]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Provide the required information and click ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Save"]},":"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Name"]},": A unique name for your client application."]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Resource Type"]},": The resource type accessible by the client application. The only option available is Global."]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Global"]}]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Platform"]},": The platform of your client application. The platform you choose determines which OAuth 2.0 flows are available and how your application should handle its credentials."]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Web Application"]},": Select this for traditional server-side applications that can securely store secrets. These are considered ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["confidential clients"]}," and use standard authorization flows."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Single Page Application (SPA)"]},": Select this for browser-based JavaScript applications that run entirely on the client side. Since they cannot securely store secrets, they are considered ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["public clients"]}," and must use the Proof Key for Code Exchange (PKCE) flow for enhanced security."]}]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["The table below outlines key differences between these platform types:"]},{"$$mdtype":"Tag","name":"div","attributes":{"className":"md-table-wrapper"},"children":[{"$$mdtype":"Tag","name":"table","attributes":{"className":"md"},"children":[{"$$mdtype":"Tag","name":"thead","attributes":{},"children":[{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"th","attributes":{"align":"left","data-label":"Feature"},"children":["Feature"]},{"$$mdtype":"Tag","name":"th","attributes":{"align":"left","data-label":"Single Page Application (SPA)"},"children":["Single Page Application (SPA)"]},{"$$mdtype":"Tag","name":"th","attributes":{"align":"left","data-label":"Web Applications (Confidential)"},"children":["Web Applications (Confidential)"]}]}]},{"$$mdtype":"Tag","name":"tbody","attributes":{},"children":[{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{"align":"left"},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Environment"]}]},{"$$mdtype":"Tag","name":"td","attributes":{"align":"left"},"children":["Devices (browsers for SPAs)"]},{"$$mdtype":"Tag","name":"td","attributes":{"align":"left"},"children":["Servers"]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{"align":"left"},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Secret Storage"]}]},{"$$mdtype":"Tag","name":"td","attributes":{"align":"left"},"children":["Cannot securely store secrets"]},{"$$mdtype":"Tag","name":"td","attributes":{"align":"left"},"children":["Can securely store secrets"]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{"align":"left"},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["OAuth Flow"]}]},{"$$mdtype":"Tag","name":"td","attributes":{"align":"left"},"children":["Authorization Code with PKCE"]},{"$$mdtype":"Tag","name":"td","attributes":{"align":"left"},"children":["Authorization Code"]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{"align":"left"},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Example"]}]},{"$$mdtype":"Tag","name":"td","attributes":{"align":"left"},"children":["Mobile apps, browser-based apps"]},{"$$mdtype":"Tag","name":"td","attributes":{"align":"left"},"children":["Traditional web apps"]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{"align":"left"},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Security Focus"]}]},{"$$mdtype":"Tag","name":"td","attributes":{"align":"left"},"children":["Protecting authorization codes without secrets"]},{"$$mdtype":"Tag","name":"td","attributes":{"align":"left"},"children":["Protecting client secrets"]}]}]}]}]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Redirect URL(s)"]},": The URL(s) where users will be redirected after granting or denying permission. The pre-registered endpoint to which the authorization server directs the resource owner's user-agent back to the client. This URL is a critical component of the \"Authorization Code\" grant type.",{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Client Responsibility: As the client, you must provide and maintain this endpoint. After the resource owner grants authorization, the authorization server will issue an authorization_code by appending it as a query parameter to the redirect URL."]}]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Client ID"]},": The Client ID of this client application will be automatically generated after configuration for client application is saved."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Post Logout Redirect URL"]},": The URL where users are redirected after they sign out of the application."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Client On-Behalf-Of (OBO) Flow"]},": Enable this checkbox to allow the application to request tokens on behalf of a user. This enables the app to call APIs using the user's existing identity without prompting for additional authentication.",{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Configuration"]},": After enabling this flow, navigate to the ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Permissions"]}," tab to grant the necessary OBO delegated permissions to your client application."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Example"]},": To use the Knowledge Portal Manager APIs with On-Behalf-Of flow, you must enable at least one of the following depending on the scope requirement of the API, see Step 5a for more information:",{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["knowledge.portalmgr.onbehalfof.read"]},": Provides read On-Behalf-Of access to the Knowledge Portal manager."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["knowledge.portalmgr.onbehalfof.manage"]},": Provides write On-Behalf-Of access to the Knowledge Portal manager."]}]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Note"]},": Support for the On-Behalf-Of flow varies; verify that your target API supports this. See Step 5a for more information."]}]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Token Exchange Grant Type"]},": Select this checkbox to enable the ability to exchange an existing token from an external Identity Provider (e.g., Okta, Azure AD) for an eGain access token.",{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Access Token Expiry Time"]},": This setting becomes available when ",{"$$mdtype":"Tag","name":"em","attributes":{},"children":["Token Exchange"]}," is enabled. It allows you to define the validity period for the exchanged token. If left unconfigured, the default expiry is ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["1 hour"]},"."]}]}]}]}]}]},{"$$mdtype":"Tag","name":"div","attributes":{"className":"md-table-wrapper"},"children":[{"$$mdtype":"Tag","name":"table","attributes":{"className":"md"},"children":[{"$$mdtype":"Tag","name":"thead","attributes":{},"children":[{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"th","attributes":{"align":"center","data-label":""},"children":[{"$$mdtype":"Tag","name":"img","attributes":{"src":"/assets/client_app_details_form.9c4fba529227b0bd141168073ca88aea5587bce789aaea6d18ef51c2ab2ee61d.afe294b5.png","alt":"Client App Details Form"},"children":[]}]}]}]}]}]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Generate Credentials"]},":"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Client ID"]},": Automatically generated after saving."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Client Secret"]},": Generate by clicking ",{"$$mdtype":"Tag","name":"kbd","attributes":{},"children":[{"$$mdtype":"Tag","name":"img","attributes":{"src":"/assets/plus_button.c3367c39c740379e5c9f6f3377c354541decfacc952a21affefac08d9a98b1b8.afe294b5.png","alt":"Plus_Button"},"children":[]}]}," in the secret table. ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Important"]},": Copy it immediately; it is only displayed once.",{"$$mdtype":"Tag","name":"div","attributes":{"className":"md-table-wrapper"},"children":[{"$$mdtype":"Tag","name":"table","attributes":{"className":"md"},"children":[{"$$mdtype":"Tag","name":"thead","attributes":{},"children":[{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"th","attributes":{"align":"center","data-label":""},"children":[{"$$mdtype":"Tag","name":"img","attributes":{"src":"/assets/client_secret.e890bc61c9f03b8acb9be3732d63a0d29b71fe937ae87a299708f28e2f1aff00.afe294b5.png","alt":"Client Secret"},"children":[]}]}]}]}]}]}]}]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Grant Permissions (Scopes)"]},":"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["a. ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Determining Scopes"]},":"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["To determine which scopes are required, you will need to navigate to all the APIs you want to call and assign those scopes to the client application."]}]},{"$$mdtype":"Tag","name":"div","attributes":{"className":"md-table-wrapper"},"children":[{"$$mdtype":"Tag","name":"table","attributes":{"className":"md"},"children":[{"$$mdtype":"Tag","name":"thead","attributes":{},"children":[{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"th","attributes":{"align":"center","data-label":""},"children":[{"$$mdtype":"Tag","name":"img","attributes":{"src":"/assets/api_scope_1.6d08bddebc826dc81c627ded38ca9311eb4b810b3a52c9d1d4c9c4afcab9872d.afe294b5.png","alt":"API Security"},"children":[]}]}]}]},{"$$mdtype":"Tag","name":"tbody","attributes":{},"children":[{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{"align":"center"},"children":[{"$$mdtype":"Tag","name":"em","attributes":{},"children":["Navigate to your desired API and click on 'View Security Details'"]}]}]}]}]}]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["The following ",{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"/developer-portal/guides/authentication/flow_overview"},"children":["supported flows"]}," are available in the Security Details panel: ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["oAuthUser"]},", ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["oAuthCustomer"]},", ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["oAuthClient"]},", ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["oAuthOnBehalfOfUser"]},", ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["oAuthOnBehalfOfCustomer"]},", and ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["oAuthAnonymousCustomer"]},". Not all the flows will be available for all API. For each flow, the panel displays:",{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Flow type"]},": The grant type used for authentication (for example, authorizationCode)."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Authorization URL"]},": The endpoint used to initiate the authorization request."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Token URL"]},": The endpoint used to obtain the access token."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Required scopes"]},": The scope URLs that must be requested in your API call."]}]}]}]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["In the Security Details panel, switch between the supported authentication flows to view the required URLs and scopes for each flow."]},{"$$mdtype":"Tag","name":"div","attributes":{"className":"md-table-wrapper"},"children":[{"$$mdtype":"Tag","name":"table","attributes":{"className":"md"},"children":[{"$$mdtype":"Tag","name":"thead","attributes":{},"children":[{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"th","attributes":{"align":"center","data-label":""},"children":[{"$$mdtype":"Tag","name":"img","attributes":{"src":"/assets/api_scope_2.e12ebd8543ddacf407d318df54b22790844af81de10d0fa3d17b4fab2349dbe0.afe294b5.png","alt":"API Scope"},"children":[]}]}]}]},{"$$mdtype":"Tag","name":"tbody","attributes":{},"children":[{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{"align":"center"},"children":[{"$$mdtype":"Tag","name":"em","attributes":{},"children":["In the Security Details, you can switch between supported flows to see required URLs and Scopes. Hover over the scope URL to see the full required scope URL"]}]}]}]}]}]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["b. ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Assigning Scopes"]},":"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["In the Admin Console, navigate to ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Integration"]}," > ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Client Application"]},"."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Select your app and click the ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Permissions"]}," tab. Permissions are organized by Hub ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["(Core, Conversation Hub, and Knowledge)"]}," and divided into two types:",{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Delegated Permissions"]},": Used when the app acts on behalf of a user.",{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Interactive (User/Customer flows)"]},": Requires the user to manually log in to provide an authorization code via authorization flow. (e.g., ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["knowledge.portalmgr.read"]}," / ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["manage"]},")."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["On-Behalf-Of (OBO) flow"]},": Allows the app to act for a user without an authorization flow. (e.g., ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["knowledge.portalmgr.onbehalfof.read"]}," / ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["manage"]},").",{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["This flow allows a Client App to obtain a token that carries a user context. Because the token represents a specific user, you must assign and request Delegated Permissions for this flow to function correctly."]}]}]}]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Application Permissions (Client Credentials flow)"]},": Used for where no user is required; the application acts as its own identity."]}]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Select the permissions that correspond to the scopes identified earlier."]}]},{"$$mdtype":"Tag","name":"div","attributes":{"className":"md-table-wrapper"},"children":[{"$$mdtype":"Tag","name":"table","attributes":{"className":"md"},"children":[{"$$mdtype":"Tag","name":"thead","attributes":{},"children":[{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"th","attributes":{"align":"center","data-label":""},"children":[{"$$mdtype":"Tag","name":"img","attributes":{"src":"/assets/client_app_permissions.d53acc94717841a37d6065f3a8250f7da4bbba04a13515a92a25ce987a2af68d.afe294b5.png","alt":"Client App Permissions"},"children":[]}]}]}]},{"$$mdtype":"Tag","name":"tbody","attributes":{},"children":[{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{"align":"center"},"children":[{"$$mdtype":"Tag","name":"em","attributes":{},"children":["Scopes will be categorized based on Hubs and then Delegated or Application permissions"]}]}]}]}]}]}]}]},{"$$mdtype":"Tag","name":"blockquote","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Important: Assigning vs. Requesting Scopes"]}," ","Assigning permissions makes them available, but they are only included in your access token if explicitly requested in your authentication API call."]}]},{"$$mdtype":"Tag","name":"hr","attributes":{},"children":[]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Next Steps:"]}]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Step 2: ",{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"/developer-portal/guides/authentication/metadata"},"children":["Find your API Metadata"]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Step 3: ",{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"/developer-portal/guides/authentication/flow_overview"},"children":["Choose a specific flow based on your persona"]},":",{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"/developer-portal/guides/authentication/auth-code-flow"},"children":["Auth Code"]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"/developer-portal/guides/authentication/pkce-flow"},"children":["PKCE"]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"/developer-portal/guides/authentication/client-credentials-flow"},"children":["Client Credentials"]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"/developer-portal/guides/authentication/on-behalf-of-flow"},"children":["On-Behalf-Of"]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"/developer-portal/guides/authentication/token-exchange-flow"},"children":["Token Exchange"]}]}]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Step 4: ",{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"/developer-portal/guides/authentication/making-requests"},"children":["Make Authenticated Requests"]}]}]}]},"headings":[{"value":"Create a Client Application","id":"create-a-client-application","depth":1},{"value":"To Create a Client Application:","id":"to-create-a-client-application","depth":2}],"frontmatter":{"seo":{"title":"Create a Client Application"}},"lastModified":"2026-05-02T01:57:25.000Z","pagePropGetterError":{"message":"","name":""}},"slug":"/developer-portal/guides/authentication/app-registration","userData":{"isAuthenticated":false,"teams":["anonymous"]},"isPublic":true}