POST /v1/oauth/clients
POST /v1/oauth/clients
POST
/v1/oauth/clients
Authorizations
Section titled “Authorizations ”Request Body required
Section titled “Request Body required ”object
allowed_ips
IP/CIDR allowlist; null or empty = unrestricted
array | null
client_name
required
User-friendly name for the service account
string
expires_at
Optional expiration
string | null format: date-time
roles
required
Role names to assign to the service-account user. Case-insensitive; must be non-empty.
Array<string>
Responses
Section titled “ Responses ”OAuth client created successfully
object
allowed_ips
array | null
client_id
required
string
client_name
required
string
client_secret
string | null
created_by
string | null format: uuid
created_date
required
string format: date-time
expires_at
string | null format: date-time
id
required
string format: uuid
last_used
string | null format: date-time
org_id
required
string format: uuid
revoked_at
string | null format: date-time
roles
required
Array<string>
user
required
The service-account user this key authenticates as. 1:1 with the key; used by the UI to render a user chip alongside each row.
object
email
required
string
first_name
required
string
icon
Relative path to the user’s avatar endpoint, e.g.
"users/{id}/avatar?v={hash}". None when the user has no avatar.
string | null
id
required
string format: uuid
last_name
required
string
user_id
required
string format: uuid
Invalid request
Unauthorized
Forbidden