OAuth clients

Download AsyncAPI spec

Events emitted when OAuth clients are created, updated, deleted, published, or when their secrets and connection configurations are modified. These events enable monitoring of OAuth client lifecycle and security configurations.

These events are available for consumption via:

Audits (Events)

Published when a tenant admin approves an OAuth client.

Payload

object

idstring
Required

Identifies the event.

minLength = 1
timestring

Timestamp of when the occurrence happened. Must adhere to RFC 3339.

minLength = 1, format = "date-time"
typestring
Required

Unique identifier for the event type.

default = "com.qlik.v1.oauth-client.connection-config.approved"
sourcestring
Required

Identifies the context in which an event happened.

minLength = 1, format = "uri-reference"
specversionstring
Required

The version of the CloudEvents specification which the event uses.

minLength = 1
datacontenttypestring

Content type of the data value. Must adhere to RFC 2046 format.

minLength = 1
useridstring

Unique identifier for the user related to the event.
tenantidstring
Required

Unique identifier for the tenant related to the event.
dataobject

Full client connection config resource after the event was published.
Show data properties
- statusstring
  
  Status of the connection-config for the tenant.
  
  Can be one of: "approved"
- tenantIdstring
  Required
  
  Identifier of the tenant the connection-config relates to.
- createdAtstring
  Required
  
  Timestamp when the connection-config was created.
  
  format = "date-time"
- updatedAtstring
  Required
  
  Timestamp when the connection-config was updated.
  
  format = "date-time"
- consentMethodstring
  Required
  
  Consent method for the connection-config.
  
  Can be one of: "required""trusted"

com.qlik.v1.oauth-client.connection-config.approved

Example payload of the "OAuth client connection config approved" event

{
  "id": "A234-1234-1234",
  "time": "2026-04-05T17:31:00Z",
  "type": "com.qlik.v1.oauth-client.connection-config.approved",
  "source": "com.qlik/my-service",
  "specversion": "1.0",
  "datacontenttype": "application/json",
  "userid": "id123",
  "tenantid": "id123",
  "data": {
    "status": "approved",
    "tenantId": "00000000-0000-0000-0000-000000000000",
    "createdAt": "2026-10-30T07:06:22Z",
    "updatedAt": "2026-10-30T07:06:22Z",
    "consentMethod": "trusted"
  }
}

Published when a tenant admin revokes their access to another tenant's OAuth client by deleting the connection config.

Payload

object

idstring
Required

Identifies the event.

minLength = 1
timestring

Timestamp of when the occurrence happened. Must adhere to RFC 3339.

minLength = 1, format = "date-time"
typestring
Required

Unique identifier for the event type.

default = "com.qlik.v1.oauth-client.connection-config.deleted"
sourcestring
Required

Identifies the context in which an event happened.

minLength = 1, format = "uri-reference"
specversionstring
Required

The version of the CloudEvents specification which the event uses.

minLength = 1
datacontenttypestring

Content type of the data value. Must adhere to RFC 2046 format.

minLength = 1
useridstring

Unique identifier for the user related to the event.
tenantidstring
Required

Unique identifier for the tenant related to the event.
dataobject

Full client connection config resource after the event was published.
Show data properties
- statusstring
  
  Status of the connection-config for the tenant.
  
  Can be one of: "approved"
- tenantIdstring
  Required
  
  Identifier of the tenant the connection-config relates to.
- createdAtstring
  Required
  
  Timestamp when the connection-config was created.
  
  format = "date-time"
- updatedAtstring
  Required
  
  Timestamp when the connection-config was updated.
  
  format = "date-time"
- consentMethodstring
  Required
  
  Consent method for the connection-config.
  
  Can be one of: "required""trusted"

com.qlik.v1.oauth-client.connection-config.deleted

Example payload of the "OAuth client connection config deleted" event

{
  "id": "A234-1234-1234",
  "time": "2026-04-05T17:31:00Z",
  "type": "com.qlik.v1.oauth-client.connection-config.deleted",
  "source": "com.qlik/my-service",
  "specversion": "1.0",
  "datacontenttype": "application/json",
  "userid": "id123",
  "tenantid": "id123",
  "data": {
    "status": "approved",
    "tenantId": "00000000-0000-0000-0000-000000000000",
    "createdAt": "2026-10-30T07:06:22Z",
    "updatedAt": "2026-10-30T07:06:22Z",
    "consentMethod": "trusted"
  }
}

Published when a connection config is updated by a tenant admin.

Payload

object

idstring
Required

Identifies the event.

minLength = 1
timestring

Timestamp of when the occurrence happened. Must adhere to RFC 3339.

minLength = 1, format = "date-time"
typestring
Required

Unique identifier for the event type.

default = "com.qlik.v1.oauth-client.connection-config.updated"
sourcestring
Required

Identifies the context in which an event happened.

minLength = 1, format = "uri-reference"
specversionstring
Required

The version of the CloudEvents specification which the event uses.

minLength = 1
datacontenttypestring

Content type of the data value. Must adhere to RFC 2046 format.

minLength = 1
useridstring

Unique identifier for the user related to the event.
tenantidstring
Required

Unique identifier for the tenant related to the event.
dataobject

Full client connection config resource after the event was published.
Show data properties
- statusstring
  
  Status of the connection-config for the tenant.
  
  Can be one of: "approved"
- tenantIdstring
  Required
  
  Identifier of the tenant the connection-config relates to.
- createdAtstring
  Required
  
  Timestamp when the connection-config was created.
  
  format = "date-time"
- updatedAtstring
  Required
  
  Timestamp when the connection-config was updated.
  
  format = "date-time"
- consentMethodstring
  Required
  
  Consent method for the connection-config.
  
  Can be one of: "required""trusted"

com.qlik.v1.oauth-client.connection-config.updated

Example payload of the "OAuth client connection config updated" event

{
  "id": "A234-1234-1234",
  "time": "2026-04-05T17:31:00Z",
  "type": "com.qlik.v1.oauth-client.connection-config.updated",
  "source": "com.qlik/my-service",
  "specversion": "1.0",
  "datacontenttype": "application/json",
  "userid": "id123",
  "tenantid": "id123",
  "data": {
    "status": "approved",
    "tenantId": "00000000-0000-0000-0000-000000000000",
    "createdAt": "2026-10-30T07:06:22Z",
    "updatedAt": "2026-10-30T07:06:22Z",
    "consentMethod": "trusted"
  }
}

Published when an OAuth client is created.

Payload

object

idstring
Required

Identifies the event.

minLength = 1
timestring

Timestamp of when the occurrence happened. Must adhere to RFC 3339.

minLength = 1, format = "date-time"
typestring
Required

Unique identifier for the event type.

default = "com.qlik.v1.oauth-client.created"
sourcestring
Required

Identifies the context in which an event happened.

minLength = 1, format = "uri-reference"
specversionstring
Required

The version of the CloudEvents specification which the event uses.

minLength = 1
datacontenttypestring

Content type of the data value. Must adhere to RFC 2046 format.

minLength = 1
useridstring

Unique identifier for the user related to the event.
tenantidstring
Required

Unique identifier for the tenant related to the event.
dataobject

Full oauth-client resource after the event was published.
Show data properties
- appTypestring
  Required
  
  Application type for the client.
  
  Can be one of: "web""native""spa""anonymous-embed"
- logoUristring
  
  URI for the logo of the client.
  
  format = "uri"
- ownerIdstring
  Required
  
  Identifier of the owner that created the client.
- clientIdstring
  Required
  
  Identifier of the client.
- tenantIdstring
  Required
  
  Identifier of the tenant where the client was created.
- clientUristring
  
  URI for the homepage of the client.
  
  format = "uri"
- createdAtstring
  Required
  
  Timestamp when the client was created.
  
  format = "date-time"
- deletedAtstring
  
  Timestamp when the client was deleted.
  
  format = "date-time"
- ownerTypestring
  Required
  
  Type of owner that created the client.
- clientNamestring
  Required
  
  Name of the client.
- disableTagstring
  
  Indicates whether the client is disabled.
- createdByIdstring
  Required
  
  Identifier of the resource that created the client.
- publishedAtstring
  
  Timestamp when the client was published.
  
  format = "date-time"
- redirectUrisarray of strings
  
  List of allowed redirect URIs for logins with the client.
- allowedScopesarray of strings
  
  List of allowed scopes for the client.
- createdByTypestring
  Required
  
  Type of the resource that created the client.
- allowedOriginsarray of strings
  
  List of allowed origins for the client.
- connectionPolicyarray of objects
  
  Connection policies for the client.
  
  Show connectionPolicy properties
  
  tenantIdstring
  Required
  
  Identifier of the tenant allowed to use this OAuth client.

com.qlik.v1.oauth-client.created

Example payload of the "OAuth client created" event

{
  "id": "A234-1234-1234",
  "time": "2026-04-05T17:31:00Z",
  "type": "com.qlik.v1.oauth-client.created",
  "source": "com.qlik/my-service",
  "specversion": "1.0",
  "datacontenttype": "application/json",
  "userid": "id123",
  "tenantid": "id123",
  "data": {
    "appType": "web",
    "ownerId": "00000000-0000-0000-0000-000000000000",
    "clientId": "000000000000000000000000",
    "tenantId": "00000000-0000-0000-0000-000000000000",
    "createdAt": "2026-10-30T07:06:22Z",
    "ownerType": "tenant",
    "clientName": "New oauth client",
    "createdById": "00000000-0000-0000-0000-000000000000",
    "createdByType": "user"
  }
}

Published when an OAuth client is deleted.

Payload

object

idstring
Required

Identifies the event.

minLength = 1
timestring

Timestamp of when the occurrence happened. Must adhere to RFC 3339.

minLength = 1, format = "date-time"
typestring
Required

Unique identifier for the event type.

default = "com.qlik.v1.oauth-client.deleted"
sourcestring
Required

Identifies the context in which an event happened.

minLength = 1, format = "uri-reference"
specversionstring
Required

The version of the CloudEvents specification which the event uses.

minLength = 1
datacontenttypestring

Content type of the data value. Must adhere to RFC 2046 format.

minLength = 1
useridstring

Unique identifier for the user related to the event.
tenantidstring
Required

Unique identifier for the tenant related to the event.
dataobject

Full oauth-client resource after the event was published.
Show data properties
- appTypestring
  Required
  
  Application type for the client.
  
  Can be one of: "web""native""spa""anonymous-embed"
- logoUristring
  
  URI for the logo of the client.
  
  format = "uri"
- ownerIdstring
  Required
  
  Identifier of the owner that created the client.
- clientIdstring
  Required
  
  Identifier of the client.
- tenantIdstring
  Required
  
  Identifier of the tenant where the client was created.
- clientUristring
  
  URI for the homepage of the client.
  
  format = "uri"
- createdAtstring
  Required
  
  Timestamp when the client was created.
  
  format = "date-time"
- deletedAtstring
  
  Timestamp when the client was deleted.
  
  format = "date-time"
- ownerTypestring
  Required
  
  Type of owner that created the client.
- clientNamestring
  Required
  
  Name of the client.
- disableTagstring
  
  Indicates whether the client is disabled.
- createdByIdstring
  Required
  
  Identifier of the resource that created the client.
- publishedAtstring
  
  Timestamp when the client was published.
  
  format = "date-time"
- redirectUrisarray of strings
  
  List of allowed redirect URIs for logins with the client.
- allowedScopesarray of strings
  
  List of allowed scopes for the client.
- createdByTypestring
  Required
  
  Type of the resource that created the client.
- allowedOriginsarray of strings
  
  List of allowed origins for the client.
- connectionPolicyarray of objects
  
  Connection policies for the client.
  
  Show connectionPolicy properties
  
  tenantIdstring
  Required
  
  Identifier of the tenant allowed to use this OAuth client.

com.qlik.v1.oauth-client.deleted

Example payload of the "OAuth client deleted" event

{
  "id": "A234-1234-1234",
  "time": "2026-04-05T17:31:00Z",
  "type": "com.qlik.v1.oauth-client.deleted",
  "source": "com.qlik/my-service",
  "specversion": "1.0",
  "datacontenttype": "application/json",
  "userid": "id123",
  "tenantid": "id123",
  "data": {
    "appType": "web",
    "ownerId": "00000000-0000-0000-0000-000000000000",
    "clientId": "000000000000000000000000",
    "tenantId": "00000000-0000-0000-0000-000000000000",
    "createdAt": "2026-10-30T07:06:22Z",
    "ownerType": "tenant",
    "clientName": "New oauth client",
    "createdById": "00000000-0000-0000-0000-000000000000",
    "createdByType": "user"
  }
}

Published when an OAuth client is published.

Payload

object

idstring
Required

Identifies the event.

minLength = 1
timestring

Timestamp of when the occurrence happened. Must adhere to RFC 3339.

minLength = 1, format = "date-time"
typestring
Required

Unique identifier for the event type.

default = "com.qlik.v1.oauth-client.published"
sourcestring
Required

Identifies the context in which an event happened.

minLength = 1, format = "uri-reference"
specversionstring
Required

The version of the CloudEvents specification which the event uses.

minLength = 1
datacontenttypestring

Content type of the data value. Must adhere to RFC 2046 format.

minLength = 1
useridstring

Unique identifier for the user related to the event.
tenantidstring
Required

Unique identifier for the tenant related to the event.
dataobject

Full oauth-client resource after the event was published.
Show data properties
- appTypestring
  Required
  
  Application type for the client.
  
  Can be one of: "web""native""spa""anonymous-embed"
- logoUristring
  
  URI for the logo of the client.
  
  format = "uri"
- ownerIdstring
  Required
  
  Identifier of the owner that created the client.
- clientIdstring
  Required
  
  Identifier of the client.
- tenantIdstring
  Required
  
  Identifier of the tenant where the client was created.
- clientUristring
  
  URI for the homepage of the client.
  
  format = "uri"
- createdAtstring
  Required
  
  Timestamp when the client was created.
  
  format = "date-time"
- deletedAtstring
  
  Timestamp when the client was deleted.
  
  format = "date-time"
- ownerTypestring
  Required
  
  Type of owner that created the client.
- clientNamestring
  Required
  
  Name of the client.
- disableTagstring
  
  Indicates whether the client is disabled.
- createdByIdstring
  Required
  
  Identifier of the resource that created the client.
- publishedAtstring
  
  Timestamp when the client was published.
  
  format = "date-time"
- redirectUrisarray of strings
  
  List of allowed redirect URIs for logins with the client.
- allowedScopesarray of strings
  
  List of allowed scopes for the client.
- createdByTypestring
  Required
  
  Type of the resource that created the client.
- allowedOriginsarray of strings
  
  List of allowed origins for the client.
- connectionPolicyarray of objects
  
  Connection policies for the client.
  
  Show connectionPolicy properties
  
  tenantIdstring
  Required
  
  Identifier of the tenant allowed to use this OAuth client.

com.qlik.v1.oauth-client.published

Example payload of the "OAuth client published" event

{
  "id": "A234-1234-1234",
  "time": "2026-04-05T17:31:00Z",
  "type": "com.qlik.v1.oauth-client.published",
  "source": "com.qlik/my-service",
  "specversion": "1.0",
  "datacontenttype": "application/json",
  "userid": "id123",
  "tenantid": "id123",
  "data": {
    "appType": "web",
    "ownerId": "00000000-0000-0000-0000-000000000000",
    "clientId": "000000000000000000000000",
    "tenantId": "00000000-0000-0000-0000-000000000000",
    "createdAt": "2026-10-30T07:06:22Z",
    "ownerType": "tenant",
    "clientName": "New oauth client",
    "createdById": "00000000-0000-0000-0000-000000000000",
    "createdByType": "user"
  }
}

Published when an OAuth client secret is created.

Payload

object

idstring
Required

Identifies the event.

minLength = 1
timestring

Timestamp of when the occurrence happened. Must adhere to RFC 3339.

minLength = 1, format = "date-time"
typestring
Required

Unique identifier for the event type.

default = "com.qlik.v1.oauth-client.secret.created"
sourcestring
Required

Identifies the context in which an event happened.

minLength = 1, format = "uri-reference"
specversionstring
Required

The version of the CloudEvents specification which the event uses.

minLength = 1
datacontenttypestring

Content type of the data value. Must adhere to RFC 2046 format.

minLength = 1
useridstring

Unique identifier for the user related to the event.
tenantidstring
Required

Unique identifier for the tenant related to the event.
dataobject

OAuth client identifier and hint for the secret the event is related to.
Show data properties
- hintstring
  Required
  
  Hint for the client secret.
- clientIdstring
  Required
  
  Identifier of the client.

com.qlik.v1.oauth-client.secret.created

Example payload of the "OAuth client secret created" event

{
  "id": "A234-1234-1234",
  "time": "2026-04-05T17:31:00Z",
  "type": "com.qlik.v1.oauth-client.secret.created",
  "source": "com.qlik/my-service",
  "specversion": "1.0",
  "datacontenttype": "application/json",
  "userid": "id123",
  "tenantid": "id123",
  "data": {
    "hint": "00000",
    "clientId": "000000000000000000000000"
  }
}

Published when an OAuth client secret is deleted.

Payload

object

idstring
Required

Identifies the event.

minLength = 1
timestring

Timestamp of when the occurrence happened. Must adhere to RFC 3339.

minLength = 1, format = "date-time"
typestring
Required

Unique identifier for the event type.

default = "com.qlik.v1.oauth-client.secret.deleted"
sourcestring
Required

Identifies the context in which an event happened.

minLength = 1, format = "uri-reference"
specversionstring
Required

The version of the CloudEvents specification which the event uses.

minLength = 1
datacontenttypestring

Content type of the data value. Must adhere to RFC 2046 format.

minLength = 1
useridstring

Unique identifier for the user related to the event.
tenantidstring
Required

Unique identifier for the tenant related to the event.
dataobject

OAuth client identifier and hint for the secret the event is related to.
Show data properties
- hintstring
  Required
  
  Hint for the client secret.
- clientIdstring
  Required
  
  Identifier of the client.

com.qlik.v1.oauth-client.secret.deleted

Example payload of the "OAuth client secret deleted" event

{
  "id": "A234-1234-1234",
  "time": "2026-04-05T17:31:00Z",
  "type": "com.qlik.v1.oauth-client.secret.deleted",
  "source": "com.qlik/my-service",
  "specversion": "1.0",
  "datacontenttype": "application/json",
  "userid": "id123",
  "tenantid": "id123",
  "data": {
    "hint": "00000",
    "clientId": "000000000000000000000000"
  }
}

Published when an OAuth client is updated.

Payload

object

idstring
Required

Identifies the event.

minLength = 1
timestring

Timestamp of when the occurrence happened. Must adhere to RFC 3339.

minLength = 1, format = "date-time"
typestring
Required

Unique identifier for the event type.

default = "com.qlik.v1.oauth-client.updated"
sourcestring
Required

Identifies the context in which an event happened.

minLength = 1, format = "uri-reference"
specversionstring
Required

The version of the CloudEvents specification which the event uses.

minLength = 1
datacontenttypestring

Content type of the data value. Must adhere to RFC 2046 format.

minLength = 1
useridstring

Unique identifier for the user related to the event.
tenantidstring
Required

Unique identifier for the tenant related to the event.
dataobject

Full oauth-client resource after the event was published.
Show data properties
- appTypestring
  Required
  
  Application type for the client.
  
  Can be one of: "web""native""spa""anonymous-embed"
- logoUristring
  
  URI for the logo of the client.
  
  format = "uri"
- ownerIdstring
  Required
  
  Identifier of the owner that created the client.
- clientIdstring
  Required
  
  Identifier of the client.
- tenantIdstring
  Required
  
  Identifier of the tenant where the client was created.
- clientUristring
  
  URI for the homepage of the client.
  
  format = "uri"
- createdAtstring
  Required
  
  Timestamp when the client was created.
  
  format = "date-time"
- deletedAtstring
  
  Timestamp when the client was deleted.
  
  format = "date-time"
- ownerTypestring
  Required
  
  Type of owner that created the client.
- clientNamestring
  Required
  
  Name of the client.
- disableTagstring
  
  Indicates whether the client is disabled.
- createdByIdstring
  Required
  
  Identifier of the resource that created the client.
- publishedAtstring
  
  Timestamp when the client was published.
  
  format = "date-time"
- redirectUrisarray of strings
  
  List of allowed redirect URIs for logins with the client.
- allowedScopesarray of strings
  
  List of allowed scopes for the client.
- createdByTypestring
  Required
  
  Type of the resource that created the client.
- allowedOriginsarray of strings
  
  List of allowed origins for the client.
- connectionPolicyarray of objects
  
  Connection policies for the client.
  
  Show connectionPolicy properties
  
  tenantIdstring
  Required
  
  Identifier of the tenant allowed to use this OAuth client.

com.qlik.v1.oauth-client.updated

Example payload of the "OAuth client updated" event

{
  "id": "A234-1234-1234",
  "time": "2026-04-05T17:31:00Z",
  "type": "com.qlik.v1.oauth-client.updated",
  "source": "com.qlik/my-service",
  "specversion": "1.0",
  "datacontenttype": "application/json",
  "userid": "id123",
  "tenantid": "id123",
  "data": {
    "appType": "web",
    "ownerId": "00000000-0000-0000-0000-000000000000",
    "clientId": "000000000000000000000000",
    "tenantId": "00000000-0000-0000-0000-000000000000",
    "createdAt": "2026-10-30T07:06:22Z",
    "ownerType": "tenant",
    "clientName": "New oauth client",
    "createdById": "00000000-0000-0000-0000-000000000000",
    "createdByType": "user"
  }
}