Oauth clients
Endpoints
Retrieve all OAuth clients.
Facts
| Rate limit | Tier 1 (1000 requests per minute) |
Query Parameters
- filterstring
The filter query that should be used to filter the list of oauth clients. The filter syntax is defined in RFC 7644. Valid attributes for filtering are
clientId,clientName, andappType. - limitnumber
The number of OAuth client entries to retrieve.
- nextstring
The next page cursor
- prevstring
The previous page cursor
- sortstring
The attribute to sort by, beginning with + for ascending and - for descending. Valid attributes for sorting are clientId, clientName, appType, createdAt, updatedAt.
Can be one of: "+clientId""-clientId""+clientName""-clientName""+appType""-appType""+createdAt""-createdAt""+updatedAt""-updatedAt"
- totalResultsboolean
Boolean query parameter that determines if the total count of results should be included in the response. If true, the response includes the total number of results in the
totalResultsfield. If false or not included in the query,totalResultswill be excluded from the response.
Responses
200
OK
- application/jsonobject
Response schema for listing OAuth clients
application/json properties
- dataarray of objectsRequired
Schema for an OAuth client item in a list response
data properties
- clientIdstringRequired
Client application id
- publicKeysarray of objects
List of public keys for JWT authentication
publicKeys properties
- estring
Exponent for RSA keys
- nstring
Modulus for RSA keys
- xstring
X coordinate for EC keys
- ystring
Y coordinate for EC keys
- algstringRequired
Algorithm intended for use with the key
Can be one of: "RS256""RS512""ES384"
- crvstring
Curve for EC keys
- kidstringRequired
Key ID
- ktystringRequired
Key type (e.g., RSA, EC)
Can be one of: "RSA""EC"
- usestringRequired
Intended use of the key (typically "sig" for signature)
Can be one of: "sig"
-
- redirectUrisarray of strings
List of allowed redirect URIs for login
- allowedOriginsarray of strings
List of allowed origins for client
- connectionConfigobject
Optional settings for configuring the client connection.
connectionConfig properties
- statusstring
Status
- consentMethodstringRequired
Specifies the consent method for the connection.
Can be one of: "required""trusted"
- deletedByOwnerboolean
OAuth client has been deleted by owner, only applies for published clients.
-
- allowedAuthMethodsarray of strings
List of allowed authentication methods for the client
Values may be any of: "client_secret""private_key_jwt"
- appTypestringRequired
Application type
Can be one of: "web""native""spa""anonymous-embed"
- logoUristring
URI for logo of client
- clientUristring
URI for homepage of client
- createdAtstringRequired
The timestamp for when the oauth-clients record was created.
- deletedAtstring
The timestamp for when the oauth-clients record was deleted.
- updatedAtstring
The timestamp for when the oauth-clients record was updated.
- clientNamestringRequired
Client application name
- disableTagstring
Is set if client disabled
- descriptionstring
Client description
- publishedAtstring
The timestamp which is set, if the client is published.
- allowedScopesarray of strings
List of allowed scopes for this client.
- clientSecretsarray of objects
Hints of any client application secrets
clientSecrets properties
- hintstringRequired
Hint of a client application secret
- createdAtstring
The timestamp for when the client-secret record was created.
- createdBystring
The identifier for the user that created the client-secret record.
-
- allowedGrantTypesarray of strings
Allowed grant types, only for use with appType: 'web'
Values may be any of: "client_credentials""urn:qlik:oauth:user-impersonation"
-
- linksobjectRequired
links properties
- nextobject
next properties
- hrefstringRequired
URL that defines the resource
-
- prevobject
prev properties
- hrefstringRequired
URL that defines the resource
-
- selfobject
self properties
- hrefstringRequired
URL that defines the resource
-
-
- totalResultsinteger
Total number of oauth clients, included only if
totalResultsquery parameter is set to true.
-
400
Bad Request
- application/jsonobject
application/json properties
- errorsarray of objects
errors properties
- codestringRequired
The unique code for the error
- titlestringRequired
A summary of the error
- detailstring
Additional details about the error
-
-
401
Unauthorized
- application/jsonobject
application/json properties
- errorsarray of objects
errors properties
- codestringRequired
The unique code for the error
- titlestringRequired
A summary of the error
- detailstring
Additional details about the error
-
-
403
Forbidden
- application/jsonobject
application/json properties
- errorsarray of objects
errors properties
- codestringRequired
The unique code for the error
- titlestringRequired
A summary of the error
- detailstring
Additional details about the error
-
-
500
Internal Server Error
- application/jsonobject
application/json properties
- errorsarray of objects
errors properties
- codestringRequired
The unique code for the error
- titlestringRequired
A summary of the error
- detailstring
Additional details about the error
-
-
503
Service Unavailable
- application/jsonobject
application/json properties
- errorsarray of objects
errors properties
- codestringRequired
The unique code for the error
- titlestringRequired
A summary of the error
- detailstring
Additional details about the error
-
-
This API is not included yet in qlik-clicurl "https://console.qlikcloud.com/api/core/oauth-clients" \-H "Authorization: Bearer <access_token>"const https = require('https')
const options = { hostname: 'console.qlikcloud.com', port: 443, path: '/api/core/oauth-clients', method: 'GET', headers: { Authorization: 'Bearer <access_token>', },}
const req = https.request(options)Example Response
{ "data": [ { "appType": "web", "logoUri": "string", "clientUri": "string", "createdAt": "2025-11-06T14:30:00.123456Z", "deletedAt": "2025-11-06T15:45:30.789012Z", "updatedAt": "2025-11-06T16:20:15.456789Z", "clientName": "string", "disableTag": "string", "publicKeys": [ { "e": "AQAB", "n": "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx", "x": "WKn-ZIGevcwGIyyrzFoZNBdaq9_TsqzGl96oc0CWuis", "y": "y77t-RvAHRKTsSGdIYUfweuOvwrvDD-Q3Hv5J0fSKbE", "alg": "RS256", "crv": "P-384", "kid": "key-1", "kty": "RSA", "use": "sig" } ], "description": "string", "publishedAt": "2025-11-06T17:00:00.321654Z", "allowedScopes": [ "string" ], "clientSecrets": [ { "hint": "string", "createdAt": "2025-12-03T14:59:46.331Z", "createdBy": "string" } ], "connectionConfig": { "status": "string", "consentMethod": "string", "deletedByOwner": true }, "allowedGrantTypes": [ "client_credentials" ], "allowedAuthMethods": [ "client_secret" ], "clientId": "string", "redirectUris": [ "string" ], "allowedOrigins": [ "string" ] } ], "links": { "next": { "href": "string" }, "prev": { "href": "string" }, "self": { "href": "string" } }, "totalResults": 42}Create a new OAuth client. appType cannot be changed after creation. Consent method and published state can be changed after creation.
Facts
| Rate limit | Tier 2 (100 requests per minute) |
Request Body
Required- application/jsonobject
Request schema for OAuth client creation
application/json properties
- appTypestringRequired
Application type
Can be one of: "web""native""spa""anonymous-embed"
- logoUristring
URI for logo of client
- clientUristring
URI for homepage of client
- clientNamestringRequired
Client application name
- publicKeysarray of objects
List of public keys for JWT authentication (required when using private_key_jwt)
publicKeys properties
- estring
Exponent for RSA keys
- nstring
Modulus for RSA keys
- xstring
X coordinate for EC keys
- ystring
Y coordinate for EC keys
- algstringRequired
Algorithm intended for use with the key
Can be one of: "RS256""RS512""ES384"
- crvstring
Curve for EC keys
- kidstringRequired
Key ID
- ktystringRequired
Key type (e.g., RSA, EC)
Can be one of: "RSA""EC"
- usestringRequired
Intended use of the key (typically "sig" for signature)
Can be one of: "sig"
-
- descriptionstring
Client description
- redirectUrisarray of strings
List of allowed redirect URIs for login
- allowedScopesarray of strings
List of allowed scopes for this client.
- allowedOriginsarray of strings
List of allowed origins for this client, only available with SPA application type
- connectionConfigobject
Optional settings for configuring the client connection.
connectionConfig properties
- consentMethodstring
Specifies the consent method for the connection. The only allowed value is "trusted."
Can be one of: "trusted"
-
- allowedGrantTypesarray of strings
Allowed grant types, only for use with appType: 'web'
Values may be any of: "client_credentials""urn:qlik:oauth:user-impersonation"
- allowedAuthMethodsarray of strings
List of allowed authentication methods for the client
Values may be any of: "client_secret""private_key_jwt"
-
Responses
201
Created
- application/jsonobject
Response schema for OAuth client creation
application/json properties
- clientIdstringRequired
Client application id
- publicKeysarray of objects
List of public keys for JWT authentication
publicKeys properties
- estring
Exponent for RSA keys
- nstring
Modulus for RSA keys
- xstring
X coordinate for EC keys
- ystring
Y coordinate for EC keys
- algstringRequired
Algorithm intended for use with the key
Can be one of: "RS256""RS512""ES384"
- crvstring
Curve for EC keys
- kidstringRequired
Key ID
- ktystringRequired
Key type (e.g., RSA, EC)
Can be one of: "RSA""EC"
- usestringRequired
Intended use of the key (typically "sig" for signature)
Can be one of: "sig"
-
- clientSecretstringRequired
Client application secret
- redirectUrisarray of strings
List of allowed redirect URIs for login
- allowedOriginsarray of strings
List of allowed origins for this client
- allowedAuthMethodsarray of strings
List of allowed authentication methods for the client
Values may be any of: "client_secret""private_key_jwt"
- appTypestringRequired
Application type
Can be one of: "web""native""spa""anonymous-embed"
- logoUristring
URI for logo of client
- clientUristring
URI for homepage of client
- createdAtstringRequired
The timestamp for when the oauth-clients record was created.
- deletedAtstring
The timestamp for when the oauth-clients record was deleted.
- updatedAtstring
The timestamp for when the oauth-clients record was updated.
- clientNamestringRequired
Client application name
- disableTagstring
Is set if client disabled
- descriptionstring
Client description
- publishedAtstring
The timestamp which is set, if the client is published.
- allowedScopesarray of strings
List of allowed scopes for this client.
- clientSecretsarray of objects
Hints of any client application secrets
clientSecrets properties
- hintstringRequired
Hint of a client application secret
- createdAtstring
The timestamp for when the client-secret record was created.
- createdBystring
The identifier for the user that created the client-secret record.
-
- connectionConfigobject
Optional settings for configuring the client connection.
connectionConfig properties
- consentMethodstring
Specifies the consent method for the connection.
Can be one of: "required""trusted"
-
- allowedGrantTypesarray of strings
Allowed grant types, only for use with appType: 'web'
Values may be any of: "client_credentials""urn:qlik:oauth:user-impersonation"
-
400
Bad Request
- application/jsonobject
application/json properties
- errorsarray of objects
errors properties
- codestringRequired
The unique code for the error
- titlestringRequired
A summary of the error
- detailstring
Additional details about the error
-
-
401
Unauthorized
- application/jsonobject
application/json properties
- errorsarray of objects
errors properties
- codestringRequired
The unique code for the error
- titlestringRequired
A summary of the error
- detailstring
Additional details about the error
-
-
403
Forbidden
- application/jsonobject
application/json properties
- errorsarray of objects
errors properties
- codestringRequired
The unique code for the error
- titlestringRequired
A summary of the error
- detailstring
Additional details about the error
-
-
500
Internal Server Error
- application/jsonobject
application/json properties
- errorsarray of objects
errors properties
- codestringRequired
The unique code for the error
- titlestringRequired
A summary of the error
- detailstring
Additional details about the error
-
-
503
Service Unavailable
- application/jsonobject
application/json properties
- errorsarray of objects
errors properties
- codestringRequired
The unique code for the error
- titlestringRequired
A summary of the error
- detailstring
Additional details about the error
-
-
This API is not included yet in qlik-clicurl "https://console.qlikcloud.com/api/core/oauth-clients" \-X POST \-H "Content-type: application/json" \-H "Authorization: Bearer <access_token>" \-d '{"appType":"web","logoUri":"https://org.us.qlik.com/logo.png","clientUri":"https://org.us.qlik.com/","clientName":"My_test_application","publicKeys":[{"e":"AQAB","n":"0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx","x":"WKn-ZIGevcwGIyyrzFoZNBdaq9_TsqzGl96oc0CWuis","y":"y77t-RvAHRKTsSGdIYUfweuOvwrvDD-Q3Hv5J0fSKbE","alg":"RS256","crv":"P-384","kid":"key-1","kty":"RSA","use":"sig"}],"description":"A test application client","redirectUris":["https://org.us.qlik.com/home"],"allowedScopes":["automations"],"allowedOrigins":["https://qlik.com"],"connectionConfig":{"consentMethod":"trusted"},"allowedGrantTypes":["client_credentials"],"allowedAuthMethods":["client_secret"]}'const https = require('https')
const data = JSON.stringify({ appType: 'web', logoUri: 'https://org.us.qlik.com/logo.png', clientUri: 'https://org.us.qlik.com/', clientName: 'My_test_application', publicKeys: [ { e: 'AQAB', n: '0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx', x: 'WKn-ZIGevcwGIyyrzFoZNBdaq9_TsqzGl96oc0CWuis', y: 'y77t-RvAHRKTsSGdIYUfweuOvwrvDD-Q3Hv5J0fSKbE', alg: 'RS256', crv: 'P-384', kid: 'key-1', kty: 'RSA', use: 'sig', }, ], description: 'A test application client', redirectUris: ['https://org.us.qlik.com/home'], allowedScopes: ['automations'], allowedOrigins: ['https://qlik.com'], connectionConfig: { consentMethod: 'trusted' }, allowedGrantTypes: ['client_credentials'], allowedAuthMethods: ['client_secret'],})const options = { hostname: 'console.qlikcloud.com', port: 443, path: '/api/core/oauth-clients', method: 'POST', headers: { 'Content-type': 'application/json', Authorization: 'Bearer <access_token>', },}
const req = https.request(options)req.write(data)Example Response
{ "appType": "web", "logoUri": "string", "clientUri": "string", "createdAt": "2025-11-06T14:30:00.123456Z", "deletedAt": "2025-11-06T15:45:30.789012Z", "updatedAt": "2025-11-06T16:20:15.456789Z", "clientName": "string", "disableTag": "string", "publicKeys": [ { "e": "AQAB", "n": "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx", "x": "WKn-ZIGevcwGIyyrzFoZNBdaq9_TsqzGl96oc0CWuis", "y": "y77t-RvAHRKTsSGdIYUfweuOvwrvDD-Q3Hv5J0fSKbE", "alg": "RS256", "crv": "P-384", "kid": "key-1", "kty": "RSA", "use": "sig" } ], "description": "string", "publishedAt": "2025-11-06T17:00:00.321654Z", "allowedScopes": [ "string" ], "clientSecrets": [ { "hint": "string", "createdAt": "2025-12-03T14:59:46.331Z", "createdBy": "string" } ], "connectionConfig": { "consentMethod": "required" }, "allowedGrantTypes": [ "client_credentials" ], "allowedAuthMethods": [ "client_secret" ], "clientId": "string", "clientSecret": "string", "redirectUris": [ "string" ], "allowedOrigins": [ "string" ]}Retrieves the specified OAuth client.
Facts
| Rate limit | Tier 1 (1000 requests per minute) |
Path Parameters
- idstringRequired
The unique identifier for the OAuth client
Responses
200
OK
- application/jsonobject
Response schema for reading an OAuth client
application/json properties
- clientIdstringRequired
Client application id
- publicKeysarray of objects
List of public keys for JWT authentication
publicKeys properties
- estring
Exponent for RSA keys
- nstring
Modulus for RSA keys
- xstring
X coordinate for EC keys
- ystring
Y coordinate for EC keys
- algstringRequired
Algorithm intended for use with the key
Can be one of: "RS256""RS512""ES384"
- crvstring
Curve for EC keys
- kidstringRequired
Key ID
- ktystringRequired
Key type (e.g., RSA, EC)
Can be one of: "RSA""EC"
- usestringRequired
Intended use of the key (typically "sig" for signature)
Can be one of: "sig"
-
- redirectUrisarray of strings
List of allowed redirect URIs for login
- clientSecretsarray of objects
Hints of any client application secrets
clientSecrets properties
- hintstringRequired
Hint of a client application secret
- createdAtstring
The timestamp for when the client-secret record was created.
- createdBystring
The identifier for the user that created the client-secret record.
-
- allowedOriginsarray of strings
List of allowed origins for client
- allowedAuthMethodsarray of strings
List of allowed authentication methods for the client
Values may be any of: "client_secret""private_key_jwt"
- appTypestringRequired
Application type
Can be one of: "web""native""spa""anonymous-embed"
- logoUristring
URI for logo of client
- clientUristring
URI for homepage of client
- createdAtstringRequired
The timestamp for when the oauth-clients record was created.
- deletedAtstring
The timestamp for when the oauth-clients record was deleted.
- updatedAtstring
The timestamp for when the oauth-clients record was updated.
- clientNamestringRequired
Client application name
- disableTagstring
Is set if client disabled
- descriptionstring
Client description
- publishedAtstring
The timestamp which is set, if the client is published.
- allowedScopesarray of strings
List of allowed scopes for this client.
- connectionConfigobject
Optional settings for configuring the client connection.
connectionConfig properties
- consentMethodstring
Specifies the consent method for the connection.
Can be one of: "required""trusted"
-
- allowedGrantTypesarray of strings
Allowed grant types, only for use with appType: 'web'
Values may be any of: "client_credentials""urn:qlik:oauth:user-impersonation"
-
400
Bad Request
- application/jsonobject
application/json properties
- errorsarray of objects
errors properties
- codestringRequired
The unique code for the error
- titlestringRequired
A summary of the error
- detailstring
Additional details about the error
-
-
401
Unauthorized
- application/jsonobject
application/json properties
- errorsarray of objects
errors properties
- codestringRequired
The unique code for the error
- titlestringRequired
A summary of the error
- detailstring
Additional details about the error
-
-
403
Forbidden
- application/jsonobject
application/json properties
- errorsarray of objects
errors properties
- codestringRequired
The unique code for the error
- titlestringRequired
A summary of the error
- detailstring
Additional details about the error
-
-
404
Not Found
- application/jsonobject
application/json properties
- errorsarray of objects
errors properties
- codestringRequired
The unique code for the error
- titlestringRequired
A summary of the error
- detailstring
Additional details about the error
-
-
500
Internal Server Error
- application/jsonobject
application/json properties
- errorsarray of objects
errors properties
- codestringRequired
The unique code for the error
- titlestringRequired
A summary of the error
- detailstring
Additional details about the error
-
-
503
Service Unavailable
- application/jsonobject
application/json properties
- errorsarray of objects
errors properties
- codestringRequired
The unique code for the error
- titlestringRequired
A summary of the error
- detailstring
Additional details about the error
-
-
This API is not included yet in qlik-clicurl "https://console.qlikcloud.com/api/core/oauth-clients/{id}" \-H "Authorization: Bearer <access_token>"const https = require('https')
const options = { hostname: 'console.qlikcloud.com', port: 443, path: '/api/core/oauth-clients/{id}', method: 'GET', headers: { Authorization: 'Bearer <access_token>', },}
const req = https.request(options)Example Response
{ "appType": "web", "logoUri": "string", "clientUri": "string", "createdAt": "2025-11-06T14:30:00.123456Z", "deletedAt": "2025-11-06T15:45:30.789012Z", "updatedAt": "2025-11-06T16:20:15.456789Z", "clientName": "string", "disableTag": "string", "publicKeys": [ { "e": "AQAB", "n": "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx", "x": "WKn-ZIGevcwGIyyrzFoZNBdaq9_TsqzGl96oc0CWuis", "y": "y77t-RvAHRKTsSGdIYUfweuOvwrvDD-Q3Hv5J0fSKbE", "alg": "RS256", "crv": "P-384", "kid": "key-1", "kty": "RSA", "use": "sig" } ], "description": "string", "publishedAt": "2025-11-06T17:00:00.321654Z", "allowedScopes": [ "string" ], "clientSecrets": [ { "hint": "string", "createdAt": "2025-11-06T14:30:00.123456Z", "createdBy": "string" } ], "connectionConfig": { "consentMethod": "required" }, "allowedGrantTypes": [ "client_credentials" ], "allowedAuthMethods": [ "client_secret" ], "clientId": "string", "redirectUris": [ "string" ], "allowedOrigins": [ "string" ]}Updates the specified OAuth client. Returns 204 No Content on success.
Facts
| Rate limit | Tier 2 (100 requests per minute) |
Path Parameters
- idstringRequired
The unique identifier for the OAuth client
Request Body
Required- application/jsonarray of objects
A JSON Patch document as defined in http://tools.ietf.org/html/rfc6902
application/json properties
- opstringRequired
The operation to be performed
Can be one of: "add""remove""replace"
- pathstringRequired
The path for the given resource field to patch
Can be one of: "/clientName""/description"
- valuestring|array
The value to be used for this operation.
One of:- string
- array of strings
-
-
Responses
202
Accepted - Client secret was generated
- application/jsonobject
Response schema for PATCH /oauth-clients when a client secret is generated
application/json properties
- clientSecretstringRequired
The generated client application secret
-
204
No Content
400
Bad Request
- application/jsonobject
application/json properties
- errorsarray of objects
errors properties
- codestringRequired
The unique code for the error
- titlestringRequired
A summary of the error
- detailstring
Additional details about the error
-
-
401
Unauthorized
- application/jsonobject
application/json properties
- errorsarray of objects
errors properties
- codestringRequired
The unique code for the error
- titlestringRequired
A summary of the error
- detailstring
Additional details about the error
-
-
403
Forbidden
- application/jsonobject
application/json properties
- errorsarray of objects
errors properties
- codestringRequired
The unique code for the error
- titlestringRequired
A summary of the error
- detailstring
Additional details about the error
-
-
404
Not Found
- application/jsonobject
application/json properties
- errorsarray of objects
errors properties
- codestringRequired
The unique code for the error
- titlestringRequired
A summary of the error
- detailstring
Additional details about the error
-
-
500
Internal Server Error
- application/jsonobject
application/json properties
- errorsarray of objects
errors properties
- codestringRequired
The unique code for the error
- titlestringRequired
A summary of the error
- detailstring
Additional details about the error
-
-
503
Service Unavailable
- application/jsonobject
application/json properties
- errorsarray of objects
errors properties
- codestringRequired
The unique code for the error
- titlestringRequired
A summary of the error
- detailstring
Additional details about the error
-
-
This API is not included yet in qlik-clicurl "https://console.qlikcloud.com/api/core/oauth-clients/{id}" \-X PATCH \-H "Content-type: application/json" \-H "Authorization: Bearer <access_token>" \-d '[{"op":"add","path":"/clientName","value":"string"}]'const https = require('https')
const data = JSON.stringify([ { op: 'add', path: '/clientName', value: 'string', },])const options = { hostname: 'console.qlikcloud.com', port: 443, path: '/api/core/oauth-clients/{id}', method: 'PATCH', headers: { 'Content-type': 'application/json', Authorization: 'Bearer <access_token>', },}
const req = https.request(options)req.write(data)Example Response
{ "clientSecret": "a1b2c3d4e5f6..."}Delete the specified OAuth client.
Facts
| Rate limit | Tier 2 (100 requests per minute) |
Header Parameters
- qlik-confirm-deletestringRequired
A confirmation string that should match the id of the oauth-client resource to be deleted
Path Parameters
- idstringRequired
The unique identifier for the OAuth client
Responses
204
No Content
400
Bad Request
- application/jsonobject
application/json properties
- errorsarray of objects
errors properties
- codestringRequired
The unique code for the error
- titlestringRequired
A summary of the error
- detailstring
Additional details about the error
-
-
401
Unauthorized
- application/jsonobject
application/json properties
- errorsarray of objects
errors properties
- codestringRequired
The unique code for the error
- titlestringRequired
A summary of the error
- detailstring
Additional details about the error
-
-
403
Forbidden
- application/jsonobject
application/json properties
- errorsarray of objects
errors properties
- codestringRequired
The unique code for the error
- titlestringRequired
A summary of the error
- detailstring
Additional details about the error
-
-
404
Not Found
- application/jsonobject
application/json properties
- errorsarray of objects
errors properties
- codestringRequired
The unique code for the error
- titlestringRequired
A summary of the error
- detailstring
Additional details about the error
-
-
500
Internal Server Error
- application/jsonobject
application/json properties
- errorsarray of objects
errors properties
- codestringRequired
The unique code for the error
- titlestringRequired
A summary of the error
- detailstring
Additional details about the error
-
-
503
Service Unavailable
- application/jsonobject
application/json properties
- errorsarray of objects
errors properties
- codestringRequired
The unique code for the error
- titlestringRequired
A summary of the error
- detailstring
Additional details about the error
-
-
This API is not included yet in qlik-clicurl "https://console.qlikcloud.com/api/core/oauth-clients/{id}" \-X DELETE \-H "qlik-confirm-delete: string" \-H "Authorization: Bearer <access_token>"const https = require('https')
const options = { hostname: 'console.qlikcloud.com', port: 443, path: '/api/core/oauth-clients/{id}', method: 'DELETE', headers: { 'qlik-confirm-delete': 'string', Authorization: 'Bearer <access_token>', },}
const req = https.request(options)Create a new client secret for the specified OAuth client. An OAuth client can have a maximum of 5 client secrets at one time.
Facts
| Rate limit | Tier 2 (100 requests per minute) |
Path Parameters
- idstringRequired
The unique identifier for the OAuth client
Responses
201
Created
- application/jsonobject
Response schema for creating an OAuth client application secret
application/json properties
- hintstringRequired
Client application hint
- clientIdstringRequired
Client application id
- createdAtstring
The timestamp for when the client-secret record was created.
- createdBystring
The identifier for the user that created the client-secret record.
- clientSecretstringRequired
Client application secret
-
400
Bad Request
- application/jsonobject
application/json properties
- errorsarray of objects
errors properties
- codestringRequired
The unique code for the error
- titlestringRequired
A summary of the error
- detailstring
Additional details about the error
-
-
401
Unauthorized
- application/jsonobject
application/json properties
- errorsarray of objects
errors properties
- codestringRequired
The unique code for the error
- titlestringRequired
A summary of the error
- detailstring
Additional details about the error
-
-
403
Forbidden
- application/jsonobject
application/json properties
- errorsarray of objects
errors properties
- codestringRequired
The unique code for the error
- titlestringRequired
A summary of the error
- detailstring
Additional details about the error
-
-
404
Not Found
- application/jsonobject
application/json properties
- errorsarray of objects
errors properties
- codestringRequired
The unique code for the error
- titlestringRequired
A summary of the error
- detailstring
Additional details about the error
-
-
409
The max number of client secrets is 5
- application/jsonobject
application/json properties
- errorsarray of objects
errors properties
- codestringRequired
The unique code for the error
- titlestringRequired
A summary of the error
- detailstring
Additional details about the error
-
-
500
Internal Server Error
- application/jsonobject
application/json properties
- errorsarray of objects
errors properties
- codestringRequired
The unique code for the error
- titlestringRequired
A summary of the error
- detailstring
Additional details about the error
-
-
503
Service Unavailable
- application/jsonobject
application/json properties
- errorsarray of objects
errors properties
- codestringRequired
The unique code for the error
- titlestringRequired
A summary of the error
- detailstring
Additional details about the error
-
-
This API is not included yet in qlik-clicurl "https://console.qlikcloud.com/api/core/oauth-clients/{id}/client-secrets" \-X POST \-H "Authorization: Bearer <access_token>"const https = require('https')
const options = { hostname: 'console.qlikcloud.com', port: 443, path: '/api/core/oauth-clients/{id}/client-secrets', method: 'POST', headers: { Authorization: 'Bearer <access_token>', },}
const req = https.request(options)Example Response
{ "hint": "string", "clientId": "string", "createdAt": "2025-11-06T14:30:00.123456Z", "createdBy": "string", "clientSecret": "string"}Deletes a specific client secret for an OAuth client.
Facts
| Rate limit | Tier 2 (100 requests per minute) |
Path Parameters
- hintstringRequired
The unique identifier for the OAuth secret
- idstringRequired
The unique identifier for the OAuth client
Responses
204
No Content
400
Bad Request
- application/jsonobject
application/json properties
- errorsarray of objects
errors properties
- codestringRequired
The unique code for the error
- titlestringRequired
A summary of the error
- detailstring
Additional details about the error
-
-
401
Unauthorized
- application/jsonobject
application/json properties
- errorsarray of objects
errors properties
- codestringRequired
The unique code for the error
- titlestringRequired
A summary of the error
- detailstring
Additional details about the error
-
-
403
Forbidden
- application/jsonobject
application/json properties
- errorsarray of objects
errors properties
- codestringRequired
The unique code for the error
- titlestringRequired
A summary of the error
- detailstring
Additional details about the error
-
-
404
Not Found
- application/jsonobject
application/json properties
- errorsarray of objects
errors properties
- codestringRequired
The unique code for the error
- titlestringRequired
A summary of the error
- detailstring
Additional details about the error
-
-
500
Internal Server Error
- application/jsonobject
application/json properties
- errorsarray of objects
errors properties
- codestringRequired
The unique code for the error
- titlestringRequired
A summary of the error
- detailstring
Additional details about the error
-
-
503
Service Unavailable
- application/jsonobject
application/json properties
- errorsarray of objects
errors properties
- codestringRequired
The unique code for the error
- titlestringRequired
A summary of the error
- detailstring
Additional details about the error
-
-
This API is not included yet in qlik-clicurl "https://console.qlikcloud.com/api/core/oauth-clients/{id}/client-secrets/{hint}" \-X DELETE \-H "Authorization: Bearer <access_token>"const https = require('https')
const options = { hostname: 'console.qlikcloud.com', port: 443, path: '/api/core/oauth-clients/{id}/client-secrets/{hint}', method: 'DELETE', headers: { Authorization: 'Bearer <access_token>', },}
const req = https.request(options)