Create a customer client
Learn about creating one or more clients as specified in the request body for a customer.
Use this API to create one or more clients as specified in the request body. Only customer administrators and users with customer client management permissions can use this API. To work with the client after it is created, see topic Obtaining an Access Token with Password Grant Type.
Request
POST https://auth.reltio.com/oauth/customers/{customerId}/clientsYou need either of the following role and permission to use this API:
- ROLE_ADMIN_CUSTOMER
- Auth.Customer.Clients CREATE
| Name | Required | Description | |
|---|---|---|---|
| Headers | Authorization | Yes | Information about the authentication access token should be in the format: "Bearer {accessToken}". For more information, see topic Authentication API. |
| URL Parameters | customerId
| Yes | A valid customer ID. The created client ID is automatically associated with your customer ID. |
| Body Parameters | accessTokenValidity
| No | The validity time for the issued token. If you don’t specify a time, the default time is 3600 seconds (one hour). |
authorizedGrantTypes
| Yes | This specifies the grant type, which must be the client_credentials grant type. | |
clientAuthenticationMethods
| Yes | This parameter contains the client_secret_basic and client_secret_post sub-parameters. Use the client_secret_basic sub-parameter to pass the secret via the Authorization Basic header. Use the client_secret_post sub-parameter to pass the secret in the request body of the token request. | |
clientDescription
| No | The description of the client system. | |
clientId
| Yes | The client identifier that is unique across all customers. | |
clientName
| No | The name of the client. | |
clientEmail
| No | The email address of the user who’s responsible for client management in your organization. | |
clientSecret
| No | The secret that is assigned to a client. If you don’t specify a secret, a random secret is generated. | |
scope
| Yes | The list of roles that are associated with the client. After generating a token, the token has the roles for all tenants associated with the customer. | |
| enabled | No | If the value is not specified, then it is true by default. If the value is set to false, then the client is disabled and cannot create tokens. | |
defaultRolesAssignmentEnabled
| No | If true, ROLE_API is automatically added to the list of roles for this client credentials (even if it is not part of the scope parameter). If this parameter is not included in the request, the value is considered to be true. | |
Note: All other parameters such as "authorities", "resourceIds", "redirectUri" are no longer in use and can be ignored.
Response
The response body contains the list of clients that have been created and associated with the customer.Example
RequestPOST https://auth.reltio.com/oauth/customers/ABC/clients
Headers: Authorization: Bearer <Access-Token>
Body:
[
{
"clientId": "test_client",
"scope": [
"ROLE_DATALOADER_TEST"
],
"authorities": [],
"resourceIds": [],
"authorizedGrantTypes": [
"client_credentials"
],
"clientDescription": null,
"clientName": null,
"clientEmail": null,
"redirectUri": [],
"accessTokenValidity": null,
"refreshTokenValidity": null,
"defaultRolesAssignmentEnabled": false,
"clientAuthenticationMethods": [
"client_secret_post",
"client_secret_basic"
]
}
]
{
"clientId": "test_client",
"clientSecret": "YZze8&7EU%xqH3%8",
"scope": [
"ROLE_DATALOADER_TEST"
],
"authorities": [],
"resourceIds": [],
"authorizedGrantTypes": [
"client_credentials"
],
"clientDescription": null,
"clientName": null,
"clientEmail": null,
"redirectUri": [
"http://localhost"
],
"clientSecret": "generated_secret",
"accessTokenValidity": null,
"refreshTokenValidity": null,
"defaultRolesAssignmentEnabled": false,
"clientAuthenticationMethods": [
"client_secret_post",
"client_secret_basic"
],
"enabled" : true
}