Admins can register OAuth Applications in CRM so that external or first‑party apps can obtain access tokens for client portal users.

Register an OAuth Application

Admin can register a new OAuth Application in CRM Backoffice -> Dev Space -> OAuth Applications.

• For Public Client, only Authorization Code + PKCE flow is supported. You must register your allowed redirection URL(s)
• For Public and Confidential Client, you must register allowed IP(s) for your application(s).

After registering an OAuth Application, this page will be displayed.

• Client ID and Client Secret should be kept securely in your application.
• Client Secret is only displayed once, if you lose it, you can generate a new one by clicking the "Rotate" button.

Security Tips

• Rotate client_secret periodically for confidential clients.
• Remove stale redirect URIs.
• Revoke clients that are no longer in use.

Previous pageClient OAuth Flow

Next pageAuthorization Code + PKCE Introduction