Unify and manage your data

Create a customer client

Learn about creating one or more clients as specified in the request body for a customer.

Use this API to create one or more clients as specified in the request body. Only customer administrators and users with customer client management permissions can use this API. To work with the client after it is created, see topic Obtaining an Access Token with Password Grant Type.
Note: We recommend you to create one client per each tenant access

Request

POST https://auth.reltio.com/oauth/customers/{customerId}/clients
You need either of the following role and permission to use this API:
  • ROLE_ADMIN_CUSTOMER
  • Auth.Customer.Clients CREATE
Table 1. Parameters
Name Required Description
HeadersAuthorization YesInformation about the authentication access token should be in the format: "Bearer {accessToken}". For more information, see topic Authentication API.
URL ParameterscustomerId YesA valid customer ID. The created client ID is automatically associated with your customer ID.
Body Parameters accessTokenValidity NoThe validity time for the issued token. If you don’t specify a time, the default time is 3600 seconds (one hour).
authorizedGrantTypes YesThis specifies the grant type, which must be the client_credentials grant type.
clientAuthenticationMethods YesThis parameter contains the client_secret_basic and client_secret_post sub-parameters. Use the client_secret_basic sub-parameter to pass the secret via the Authorization Basic header. Use the client_secret_post sub-parameter to pass the secret in the request body of the token request.
clientDescription NoThe description of the client system.
clientId YesThe client identifier that is unique across all customers.
clientName NoThe name of the client.
clientEmail NoThe email address of the user who’s responsible for client management in your organization.
clientSecret NoThe secret that is assigned to a client. If you don’t specify a secret, a random secret is generated.
enabledNoIf the value is not specified, then it is true by default. If the value is set to false, then the client is disabled and cannot create tokens.
defaultRolesAssignmentEnabled NoIf true, ROLE_API is automatically added to the list of roles for this client credentials (even if it is not part of the scope parameter). If this parameter is not included in the request, the value is considered to be true.
clientPermissionsNoThis parameter contains the roles sub-parameters. Use the roles sub-parameter to chose a list of roles that are associated with the client and the tenants associated with each role.
Note: All other parameters such as "authorities", "resourceIds", "redirectUri" are no longer in use and can be ignored.

Response

The response body contains the list of clients that have been created and associated with the customer.

Example 1

This example shows a request to provide tenant specific access to the client.

Request
POST https://auth.reltio.com/oauth/customers/ABC/clients
Headers: Authorization: Bearer <Access-Token>
Body:
[
    {
        "clientId": "test_client",  
        "clientPermissions": 
	{
        "roles":{
            "ROLE_ADMIN_TENANT": ["tenant1"],
            "ROLE_API": ["tenant1"]
        	}
    	},
        "authorities": [],
        "resourceIds": [],
        "authorizedGrantTypes": [
            "client_credentials" 
        ],
        "clientDescription": null,
        "clientName": null,
        "clientEmail": null, 
        "redirectUri": [],
        "accessTokenValidity": null, 
        "refreshTokenValidity": null, 
        "defaultRolesAssignmentEnabled": false,
        "clientAuthenticationMethods": [ 
            "client_secret_post", 
            "client_secret_basic" 
        ]
    }
]
       
Response
{
    "clientId": "test_client",
    "clientSecret": "YZze8&7EU%xqH3%8",
    "scope":[],
    "clientPermissions": 
	{
        "roles":{
            "ROLE_ADMIN_TENANT": ["tenant1"],
            "ROLE_API": ["tenant1"]
        	}
    	},
    "authorities": [],
    "resourceIds": [],
    "authorizedGrantTypes": [
        "client_credentials"
    ],
    "clientDescription": null,
    "clientName": null,
    "clientEmail": null,
    "redirectUri": [
        "http://localhost"
    ],
    "clientSecret": "generated_secret",
    "accessTokenValidity": null,
    "refreshTokenValidity": null,
    "defaultRolesAssignmentEnabled": false,
    "clientAuthenticationMethods": [
        "client_secret_post",
        "client_secret_basic"
    ],
   "enabled" : true
}