Client registration

All client software requiring access to Applixure APIs protected by Applixure Authentication Server OAuth2 authentication must be registered as valid clients. The only exception to this is the use of Client Credentials Grant flow for exchanging API keys to access tokens as API keys acts as their own clients.

Registration ensures that all API accesses are associated with a valid and authorized client application, and access can be revoked later on if need be.

For each registered client application, you will receive unique Application ID (used for client_id in OAuth2 protocol flows) as well as Client secret (used for client_secret in OAuth2 protocol flows).

Application registration ownership

Applixure support three ownership categories for client application registrations:

  • Client applications registered for Applixure Environment
  • Client applications registered for Applixure Account
  • Client applications registered for non-customers

Applixure Environment -owned

These registrations are tied to specific Applixure Environment. If Applixure Environment is deleted, all client applications registered to that Environment will cease to exist and cannot be used for API access regardless of authentication primitives used for actual authentication through that application.

Applixure Account -owned

These registrations are tied to specific Applixure Account. If Applixure Account is deleted, all client applications registered to that Account will cease to exist and cannot be used for API access regardless of authentication primitives used for actual authentication through that application.

Non-customer -owned

These registrations are primarily meant for 3rd parties that are not existing Applixure customers and therefore cannot register API clients under their respective Account or Environment, but want to add capabilities for their own applications to access Applixure APIs for any consumers of such application that then are Applixure customers.

Access boundaries associated with client applications

Each client application registration defines the boundaries within which all authentication and authorization operate in order to limit the privileges and capabilities that authenticated entity could have when operating in the name of that client.

It could be, for instance, that the user account doing logon through Authorization Code Grant flow actually has administrative privileges for Account or Environment in Applixure Feedback product, but the client registration is not associated with Feedback's API at all so user cannot obtain any scopes related to that API's usage.

Concretely client registration limits the following information:

  • APIs the client application can request scopes for - any API not listed cannot be authorized for and scopes specific for that API are not recognized, resulting an error
  • Set of scopes only allowed (if any defined) - any scope not listed cannot be granted, even if authenticated entity would otherwise have the right
  • OAuth2 grant types client can utilize

How to register your application

📘

Self-registration not yet supported

At the time of this writing, client applications cannot be self-registered but this capability will become available later as part of Applixure Authentication Server functionality.

If you wish to register new API client application, please send email to Applixure Support at [email protected] with the following necessary information to complete the registration:

  • Name of the application
  • Vendor name for the application (i.e. your organisation)
  • To whom the registration is done for as per ownership categories outlined above
  • Grant types that application is going to utilize
  • Applixure APIs for which access is requested
  • If any scope limitations are needed for application