System Settings – API Clients

Overview

Registers and manages clients to be allowed OAuth2 authorization access to Questetra APIs.

OAuth2 Clients

OAuth2 Clients: List
  • add Add OAuth2 Client
    • mode_edit_outline Name *
    • mode_edit_outline Redirect URL *
  • format_list_bulleted
    • search close / Name / Client ID / State / Create Time
OAuth2 Clients: Details
  • format_list_bulleted
    • Name
    • Client ID
    • Consumer Secret
    • Scope
    • Redirect URL
    • Client Authentication Method
    • Require Proof Key (PKCE)
    • Authorization Endpoint URL
    • Token Endpoint URL
    • State
    • Create Time
  • mode_edit_outline Edit OAuth2 Client
    • mode_edit_outline Name *
    • mode_edit_outline Redirect URL *
    • radio_button_checkedClient Authentication Method
      • client_secret_post
      • none
    • check_boxRequire Proof Key (PKCE)
    • check_boxScope
      • All API Access
      • Read-only API Access
  • close Delete OAuth2 Client
  • pause Deactivate/Activate OAuth2 Client

photo_library Capture

notification_important Notes

  • Name can be anything you choose to identify the client being given API access
  • In Redirect URL, set the redirect URL (callback URL) of the client you want to authorize
  • When you add a new client, a Client ID and Client Secret will be issued
    • Enter them along with the Authorization Endpoint URL and the Token Endpoint URL when setting up OAuth communication on the client system
  • The supported authorization method is the Authorization Code Flow
  • You can configure the client to require PKCE (Proof Key for Code Exchange)
    • Enabling [Require Proof Key (PKCE)] makes the configuration compliant with OAuth 2.1.
  • For the client authentication method, you can select none in addition to client_secret_post
    • However, it is not permitted to set the client authentication method to none while disabling [Require Proof Key (PKCE)]
  • You can configure the client to have either full API access or read-only access
    • Select this in the Scope section on the [Edit OAuth2 Client] screen
  • Access tokens are valid for 12 hours, and refresh tokens are valid for 30 days
  • For a single client ID, a user can hold up to 10 authorized API sessions (refresh tokens)
    • If the number exceeds 10, the older refresh tokens are discarded
  • Delete Client will remove that client record from your system
  • Deactivate Client disables API access but keeps the client details so that it can be reactivated in the future if required

balance See also

Discover more from Questetra Support

Subscribe now to keep reading and get access to the full archive.

Continue reading