Oauth clients

Endpoints

GET

/api/core/oauth-clients
POST

/api/core/oauth-clients
GET

/api/core/oauth-clients/{id}
PATCH

/api/core/oauth-clients/{id}
DELETE

/api/core/oauth-clients/{id}
POST

/api/core/oauth-clients/{id}/client-secrets
DELETE

/api/core/oauth-clients/{id}/client-secrets/{hint}

Retrieves all OAuth clients registered. Results are paginated using cursor-based pagination; use the next and prev parameters to navigate between pages. Use the filter and sort parameters to narrow or order the results.

Facts

Rate limit

Tier 1 (1000 requests per minute)

Query Parameters

filterstring

A filter expression used to narrow the list of OAuth clients. The filter syntax follows RFC 7644. Valid filter attributes are clientId, clientName, and appType.
limitnumber

The maximum number of OAuth clients to return per page.

minimum = 1, maximum = 100, default = 20, default = 20
nextstring

The cursor for the next page of results.
prevstring

The cursor for the previous page of results.
sortstring

The field to sort by, prefixed with + for ascending or - for descending order. Valid fields for sorting are clientId, clientName, appType, createdAt, updatedAt.

Can be one of: "+clientId""-clientId""+clientName""-clientName""+appType""-appType""+createdAt""-createdAt""+updatedAt""-updatedAt"
totalResultsboolean

When true, the response includes the total number of matching OAuth clients in the totalResults field. When false or omitted, totalResults is excluded from the response.

default = false

Responses

200

OAuth clients retrieved successfully.

application/jsonobject

A paginated list of OAuth clients registered in the tenant.
Show application/json properties
- dataarray of objects
  Required
  
  An OAuth client entry returned in a list response.
  
  Show data properties
  
  clientIdstring
  Required
  
  The unique identifier of the OAuth client application.
  
  maxLength = 512
  
  publicKeysarray of objects
  
  List of public keys for JWT authentication
  
  Show publicKeys properties
  
  estring
  
  The RSA key public exponent, Base64URL-encoded.
  
  nstring
  
  The RSA key modulus, Base64URL-encoded.
  
  xstring
  
  The X coordinate of the EC public key, Base64URL-encoded.
  
  ystring
  
  The Y coordinate of the EC public key, Base64URL-encoded.
  
  algstring
  Required
  
  The algorithm intended for use with the key.
  
  Can be one of: "RS256""RS512""ES384"
  
  crvstring
  
  The elliptic curve used with this key.
  
  kidstring
  Required
  
  A unique identifier for this key.
  
  ktystring
  Required
  
  The cryptographic key type.
  
  Can be one of: "RSA""EC"
  
  usestring
  Required
  
  Intended use of the key. The only accepted value is sig (signature verification).
  
  Can be one of: "sig"
  
  redirectUrisarray of strings
  
  List of allowed redirect URIs for login.
  
  allowedOriginsarray of strings
  
  List of allowed origins for the client.
  
  connectionConfigobject
  
  Optional settings for configuring the client connection.
  
  Show connectionConfig properties
  
  statusstring
  
  The current status of the client connection configuration.
  
  consentMethodstring
  Required
  
  Specifies the consent method for the connection.
  
  Can be one of: "required""trusted"
  
  deletedByOwnerboolean
  
  OAuth client has been deleted by owner, only applies for published clients.
  
  allowedAuthMethodsarray of strings
  
  List of allowed authentication methods for the client.
  
  Values may be any of: "client_secret""private_key_jwt"
  
  appTypestring
  Required
  
  The type of application the OAuth client represents.
  
  Can be one of: "web""native""spa""anonymous-embed"
  
  maxLength = 64
  
  logoUristring
  
  The URI for the client application's logo image.
  
  maxLength = 2048
  
  clientUristring
  
  The URI for the client application's homepage.
  
  maxLength = 2048
  
  createdAtstring
  Required
  
  The timestamp for when the oauth-clients record was created.
  
  format = "date-time"
  
  deletedAtstring
  
  The timestamp for when the oauth-clients record was deleted.
  
  format = "date-time"
  
  updatedAtstring
  
  The timestamp for when the oauth-clients record was updated.
  
  format = "date-time"
  
  clientNamestring
  Required
  
  The display name of the OAuth client application.
  
  maxLength = 512
  
  disableTagstring
  
  Indicates the reason the client is disabled. Present only when the client has been disabled.
  
  descriptionstring
  
  A text description of the OAuth client.
  
  maxLength = 4096
  
  publishedAtstring
  
  The timestamp when the client was published. Present only for published clients.
  
  format = "date-time"
  
  allowedScopesarray of strings
  
  List of allowed scopes for this client.
  
  clientSecretsarray of objects
  
  Partial identifiers (hints) for the client secrets associated with this OAuth client.
  
  Show clientSecrets properties
  
  hintstring
  Required
  
  Hint of a client application secret
  
  maxLength = 5
  
  createdAtstring
  
  The timestamp for when the client-secret record was created.
  
  format = "date-time"
  
  createdBystring
  
  The identifier for the user that created the client-secret record.
  
  allowedGrantTypesarray of strings
  
  Allowed grant types. Only applicable when appType is web.
  
  Values may be any of: "client_credentials""urn:qlik:oauth:user-impersonation"
- linksobject
  Required
  
  Pagination links for navigating between pages of results.
  
  Show links properties
  
  nextobject
  
  A navigational link containing an absolute URL.
  
  Show next properties
  
  hrefstring
  Required
  
  The absolute URL of the linked resource.
  
  format = "uri"
  
  prevobject
  
  A navigational link containing an absolute URL.
  
  Show prev properties
  
  hrefstring
  Required
  
  The absolute URL of the linked resource.
  
  format = "uri"
  
  selfobject
  
  A navigational link containing an absolute URL.
  
  Show self properties
  
  hrefstring
  Required
  
  The absolute URL of the linked resource.
  
  format = "uri"
- totalResultsinteger
  
  Total number of OAuth clients. Included only when the totalResults query parameter is set to true.

400

The request is invalid. Check the request body or parameters for errors.

application/jsonobject

The error response returned when an API request fails.
Show application/json properties
- errorsarray of objects
  
  A single error object describing what went wrong with the request.
  
  Show errors properties
  
  codestring
  Required
  
  A machine-readable error code.
  
  titlestring
  Required
  
  A summary of the error.
  
  detailstring
  
  Additional context about the error to help with debugging.

401

Unauthorized.

application/jsonobject

The error response returned when an API request fails.
Show application/json properties
- errorsarray of objects
  
  A single error object describing what went wrong with the request.
  
  Show errors properties
  
  codestring
  Required
  
  A machine-readable error code.
  
  titlestring
  Required
  
  A summary of the error.
  
  detailstring
  
  Additional context about the error to help with debugging.

403

Access denied. You lack the required permissions to perform this operation.

application/jsonobject

The error response returned when an API request fails.
Show application/json properties
- errorsarray of objects
  
  A single error object describing what went wrong with the request.
  
  Show errors properties
  
  codestring
  Required
  
  A machine-readable error code.
  
  titlestring
  Required
  
  A summary of the error.
  
  detailstring
  
  Additional context about the error to help with debugging.

500

An unexpected error occurred on the server. Try again later.

application/jsonobject

The error response returned when an API request fails.
Show application/json properties
- errorsarray of objects
  
  A single error object describing what went wrong with the request.
  
  Show errors properties
  
  codestring
  Required
  
  A machine-readable error code.
  
  titlestring
  Required
  
  A summary of the error.
  
  detailstring
  
  Additional context about the error to help with debugging.

503

The service is temporarily unavailable. Try again later.

application/jsonobject

The error response returned when an API request fails.
Show application/json properties
- errorsarray of objects
  
  A single error object describing what went wrong with the request.
  
  Show errors properties
  
  codestring
  Required
  
  A machine-readable error code.
  
  titlestring
  Required
  
  A summary of the error.
  
  detailstring
  
  Additional context about the error to help with debugging.

GET /api/core/oauth-clients

This API is not included yet in qlik-cli

curl "https://console.qlikcloud.com/api/core/oauth-clients" \
-H "Authorization: Bearer <access_token>"

const https = require('https')

const options = {
  hostname: 'console.qlikcloud.com',
  port: 443,
  path: '/api/core/oauth-clients',
  method: 'GET',
  headers: {
    Authorization: 'Bearer <access_token>',
  },
}

const req = https.request(options)

Example Response

{
  "data": [
    {
      "appType": "web",
      "logoUri": "string",
      "clientUri": "string",
      "createdAt": "2025-11-06T14:30:00.123456Z",
      "deletedAt": "2025-11-06T15:45:30.789012Z",
      "updatedAt": "2025-11-06T16:20:15.456789Z",
      "clientName": "string",
      "disableTag": "string",
      "publicKeys": [
        {
          "e": "AQAB",
          "n": "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx",
          "x": "WKn-ZIGevcwGIyyrzFoZNBdaq9_TsqzGl96oc0CWuis",
          "y": "y77t-RvAHRKTsSGdIYUfweuOvwrvDD-Q3Hv5J0fSKbE",
          "alg": "RS256",
          "crv": "P-384",
          "kid": "key-1",
          "kty": "RSA",
          "use": "sig"
        }
      ],
      "description": "string",
      "publishedAt": "2025-11-06T17:00:00.321654Z",
      "allowedScopes": [
        "string"
      ],
      "clientSecrets": [
        {
          "hint": "string",
          "createdAt": "2025-12-03T14:59:46.331Z",
          "createdBy": "string"
        }
      ],
      "connectionConfig": {
        "status": "string",
        "consentMethod": "string",
        "deletedByOwner": true
      },
      "allowedGrantTypes": [
        "client_credentials"
      ],
      "allowedAuthMethods": [
        "client_secret"
      ],
      "clientId": "string",
      "redirectUris": [
        "string"
      ],
      "allowedOrigins": [
        "string"
      ]
    }
  ],
  "links": {
    "next": {
      "href": "string"
    },
    "prev": {
      "href": "string"
    },
    "self": {
      "href": "string"
    }
  },
  "totalResults": 42
}

Registers a new OAuth client in the tenant. The appType field determines the client type and cannot be changed after creation. The consent method and published state can be updated after creation using the PATCH operation.

Facts

Rate limit

Tier 2 (100 requests per minute)

Request Body

Required

application/jsonobject

Request body for creating a new OAuth client.
Show application/json properties
- appTypestring
  Required
  
  The type of application the OAuth client represents.
  
  Can be one of: "web""native""spa""anonymous-embed"
  
  maxLength = 64
- logoUristring
  
  The URI for the client application's logo image.
  
  maxLength = 2048
- clientUristring
  
  The URI for the client application's homepage.
  
  maxLength = 2048
- clientNamestring
  Required
  
  The display name of the OAuth client application.
  
  maxLength = 512
- publicKeysarray of objects
  
  List of public keys for JWT authentication. Required when private_key_jwt is listed in allowedAuthMethods.
  
  Show publicKeys properties
  
  estring
  
  The RSA key public exponent, Base64URL-encoded.
  
  nstring
  
  The RSA key modulus, Base64URL-encoded.
  
  xstring
  
  The X coordinate of the EC public key, Base64URL-encoded.
  
  ystring
  
  The Y coordinate of the EC public key, Base64URL-encoded.
  
  algstring
  Required
  
  The algorithm intended for use with the key.
  
  Can be one of: "RS256""RS512""ES384"
  
  crvstring
  
  The elliptic curve used with this key.
  
  kidstring
  Required
  
  A unique identifier for this key.
  
  ktystring
  Required
  
  The cryptographic key type.
  
  Can be one of: "RSA""EC"
  
  usestring
  Required
  
  Intended use of the key. The only accepted value is sig (signature verification).
  
  Can be one of: "sig"
- descriptionstring
  
  A text description of the OAuth client.
  
  maxLength = 4096
- redirectUrisarray of strings
  
  List of allowed redirect URIs for login.
- allowedScopesarray of strings
  
  List of allowed scopes for this client.
- allowedOriginsarray of strings
  
  List of allowed origins for this client. Only applicable when appType is spa.
- connectionConfigobject
  
  Optional settings for configuring the client connection.
  
  Show connectionConfig properties
  
  consentMethodstring
  
  Specifies the consent method for the connection. The only allowed value is trusted.
  
  Can be one of: "trusted"
- allowedGrantTypesarray of strings
  
  Allowed grant types. Only applicable when appType is web.
  
  Values may be any of: "client_credentials""urn:qlik:oauth:user-impersonation"
- allowedAuthMethodsarray of strings
  
  List of allowed authentication methods for the client.
  
  Values may be any of: "client_secret""private_key_jwt"

Responses

201

OAuth client created successfully.

application/jsonobject

The created OAuth client, including the generated clientId and initial clientSecret.
Show application/json properties
- clientIdstring
  Required
  
  The unique identifier of the OAuth client application.
  
  maxLength = 512
- publicKeysarray of objects
  
  List of public keys for JWT authentication
  
  Show publicKeys properties
  
  estring
  
  The RSA key public exponent, Base64URL-encoded.
  
  nstring
  
  The RSA key modulus, Base64URL-encoded.
  
  xstring
  
  The X coordinate of the EC public key, Base64URL-encoded.
  
  ystring
  
  The Y coordinate of the EC public key, Base64URL-encoded.
  
  algstring
  Required
  
  The algorithm intended for use with the key.
  
  Can be one of: "RS256""RS512""ES384"
  
  crvstring
  
  The elliptic curve used with this key.
  
  kidstring
  Required
  
  A unique identifier for this key.
  
  ktystring
  Required
  
  The cryptographic key type.
  
  Can be one of: "RSA""EC"
  
  usestring
  Required
  
  Intended use of the key. The only accepted value is sig (signature verification).
  
  Can be one of: "sig"
- clientSecretstring
  Required
  
  The initial client secret. Returned only at creation time; store it securely.
  
  maxLength = 64
- redirectUrisarray of strings
  
  List of allowed redirect URIs for login.
- allowedOriginsarray of strings
  
  List of allowed origins for the client.
- allowedAuthMethodsarray of strings
  
  List of allowed authentication methods for the client.
  
  Values may be any of: "client_secret""private_key_jwt"
- appTypestring
  Required
  
  The type of application the OAuth client represents.
  
  Can be one of: "web""native""spa""anonymous-embed"
  
  maxLength = 64
- logoUristring
  
  The URI for the client application's logo image.
  
  maxLength = 2048
- clientUristring
  
  The URI for the client application's homepage.
  
  maxLength = 2048
- createdAtstring
  Required
  
  The timestamp for when the oauth-clients record was created.
  
  format = "date-time"
- deletedAtstring
  
  The timestamp for when the oauth-clients record was deleted.
  
  format = "date-time"
- updatedAtstring
  
  The timestamp for when the oauth-clients record was updated.
  
  format = "date-time"
- clientNamestring
  Required
  
  The display name of the OAuth client application.
  
  maxLength = 512
- disableTagstring
  
  Indicates the reason the client is disabled. Present only when the client has been disabled.
- descriptionstring
  
  A text description of the OAuth client.
  
  maxLength = 4096
- publishedAtstring
  
  The timestamp when the client was published. Present only for published clients.
  
  format = "date-time"
- allowedScopesarray of strings
  
  List of allowed scopes for this client.
- clientSecretsarray of objects
  
  Partial identifiers (hints) for the client secrets associated with this OAuth client.
  
  Show clientSecrets properties
  
  hintstring
  Required
  
  Hint of a client application secret
  
  maxLength = 5
  
  createdAtstring
  
  The timestamp for when the client-secret record was created.
  
  format = "date-time"
  
  createdBystring
  
  The identifier for the user that created the client-secret record.
- connectionConfigobject
  
  Optional settings for configuring the client connection.
  
  Show connectionConfig properties
  
  consentMethodstring
  
  Specifies the consent method for the connection.
  
  Can be one of: "required""trusted"
- allowedGrantTypesarray of strings
  
  Allowed grant types. Only applicable when appType is web.
  
  Values may be any of: "client_credentials""urn:qlik:oauth:user-impersonation"

400

The request is invalid. Check the request body or parameters for errors.

application/jsonobject

The error response returned when an API request fails.
Show application/json properties
- errorsarray of objects
  
  A single error object describing what went wrong with the request.
  
  Show errors properties
  
  codestring
  Required
  
  A machine-readable error code.
  
  titlestring
  Required
  
  A summary of the error.
  
  detailstring
  
  Additional context about the error to help with debugging.

401

Unauthorized.

application/jsonobject

The error response returned when an API request fails.
Show application/json properties
- errorsarray of objects
  
  A single error object describing what went wrong with the request.
  
  Show errors properties
  
  codestring
  Required
  
  A machine-readable error code.
  
  titlestring
  Required
  
  A summary of the error.
  
  detailstring
  
  Additional context about the error to help with debugging.

403

Access denied. You lack the required permissions to perform this operation.

application/jsonobject

The error response returned when an API request fails.
Show application/json properties
- errorsarray of objects
  
  A single error object describing what went wrong with the request.
  
  Show errors properties
  
  codestring
  Required
  
  A machine-readable error code.
  
  titlestring
  Required
  
  A summary of the error.
  
  detailstring
  
  Additional context about the error to help with debugging.

500

An unexpected error occurred on the server. Try again later.

application/jsonobject

The error response returned when an API request fails.
Show application/json properties
- errorsarray of objects
  
  A single error object describing what went wrong with the request.
  
  Show errors properties
  
  codestring
  Required
  
  A machine-readable error code.
  
  titlestring
  Required
  
  A summary of the error.
  
  detailstring
  
  Additional context about the error to help with debugging.

503

The service is temporarily unavailable. Try again later.

application/jsonobject

The error response returned when an API request fails.
Show application/json properties
- errorsarray of objects
  
  A single error object describing what went wrong with the request.
  
  Show errors properties
  
  codestring
  Required
  
  A machine-readable error code.
  
  titlestring
  Required
  
  A summary of the error.
  
  detailstring
  
  Additional context about the error to help with debugging.

POST /api/core/oauth-clients

This API is not included yet in qlik-cli

curl "https://console.qlikcloud.com/api/core/oauth-clients" \
-X POST \
-H "Content-type: application/json" \
-H "Authorization: Bearer <access_token>" \
-d '{"appType":"web","logoUri":"https://org.us.qlik.com/logo.png","clientUri":"https://org.us.qlik.com/","clientName":"My_test_application","publicKeys":[{"e":"AQAB","n":"0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx","x":"WKn-ZIGevcwGIyyrzFoZNBdaq9_TsqzGl96oc0CWuis","y":"y77t-RvAHRKTsSGdIYUfweuOvwrvDD-Q3Hv5J0fSKbE","alg":"RS256","crv":"P-384","kid":"key-1","kty":"RSA","use":"sig"}],"description":"A test application client","redirectUris":["https://org.us.qlik.com/home"],"allowedScopes":["automations"],"allowedOrigins":["https://qlik.com"],"connectionConfig":{"consentMethod":"trusted"},"allowedGrantTypes":["client_credentials"],"allowedAuthMethods":["client_secret"]}'

const https = require('https')

const data = JSON.stringify({
  appType: 'web',
  logoUri: 'https://org.us.qlik.com/logo.png',
  clientUri: 'https://org.us.qlik.com/',
  clientName: 'My_test_application',
  publicKeys: [
    {
      e: 'AQAB',
      n: '0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx',
      x: 'WKn-ZIGevcwGIyyrzFoZNBdaq9_TsqzGl96oc0CWuis',
      y: 'y77t-RvAHRKTsSGdIYUfweuOvwrvDD-Q3Hv5J0fSKbE',
      alg: 'RS256',
      crv: 'P-384',
      kid: 'key-1',
      kty: 'RSA',
      use: 'sig',
    },
  ],
  description: 'A test application client',
  redirectUris: ['https://org.us.qlik.com/home'],
  allowedScopes: ['automations'],
  allowedOrigins: ['https://qlik.com'],
  connectionConfig: { consentMethod: 'trusted' },
  allowedGrantTypes: ['client_credentials'],
  allowedAuthMethods: ['client_secret'],
})
const options = {
  hostname: 'console.qlikcloud.com',
  port: 443,
  path: '/api/core/oauth-clients',
  method: 'POST',
  headers: {
    'Content-type': 'application/json',
    Authorization: 'Bearer <access_token>',
  },
}

const req = https.request(options)
req.write(data)

Example Response

{
  "appType": "web",
  "logoUri": "string",
  "clientUri": "string",
  "createdAt": "2025-11-06T14:30:00.123456Z",
  "deletedAt": "2025-11-06T15:45:30.789012Z",
  "updatedAt": "2025-11-06T16:20:15.456789Z",
  "clientName": "string",
  "disableTag": "string",
  "publicKeys": [
    {
      "e": "AQAB",
      "n": "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx",
      "x": "WKn-ZIGevcwGIyyrzFoZNBdaq9_TsqzGl96oc0CWuis",
      "y": "y77t-RvAHRKTsSGdIYUfweuOvwrvDD-Q3Hv5J0fSKbE",
      "alg": "RS256",
      "crv": "P-384",
      "kid": "key-1",
      "kty": "RSA",
      "use": "sig"
    }
  ],
  "description": "string",
  "publishedAt": "2025-11-06T17:00:00.321654Z",
  "allowedScopes": [
    "string"
  ],
  "clientSecrets": [
    {
      "hint": "string",
      "createdAt": "2025-12-03T14:59:46.331Z",
      "createdBy": "string"
    }
  ],
  "connectionConfig": {
    "consentMethod": "required"
  },
  "allowedGrantTypes": [
    "client_credentials"
  ],
  "allowedAuthMethods": [
    "client_secret"
  ],
  "clientId": "string",
  "clientSecret": "string",
  "redirectUris": [
    "string"
  ],
  "allowedOrigins": [
    "string"
  ]
}

Retrieves a single OAuth client by its unique identifier. The response includes the client's configuration, allowed scopes, authentication methods, and public keys.

Facts

Rate limit

Tier 1 (1000 requests per minute)

Path Parameters

idstring
Required

The unique identifier for the OAuth client.

Responses

200

OAuth client retrieved successfully.

application/jsonobject

Detailed properties for a single OAuth client, including configuration, secrets, and public keys.
Show application/json properties
- clientIdstring
  Required
  
  The unique identifier of the OAuth client application.
  
  maxLength = 512
- publicKeysarray of objects
  
  List of public keys for JWT authentication
  
  Show publicKeys properties
  
  estring
  
  The RSA key public exponent, Base64URL-encoded.
  
  nstring
  
  The RSA key modulus, Base64URL-encoded.
  
  xstring
  
  The X coordinate of the EC public key, Base64URL-encoded.
  
  ystring
  
  The Y coordinate of the EC public key, Base64URL-encoded.
  
  algstring
  Required
  
  The algorithm intended for use with the key.
  
  Can be one of: "RS256""RS512""ES384"
  
  crvstring
  
  The elliptic curve used with this key.
  
  kidstring
  Required
  
  A unique identifier for this key.
  
  ktystring
  Required
  
  The cryptographic key type.
  
  Can be one of: "RSA""EC"
  
  usestring
  Required
  
  Intended use of the key. The only accepted value is sig (signature verification).
  
  Can be one of: "sig"
- redirectUrisarray of strings
  
  List of allowed redirect URIs for login
- clientSecretsarray of objects
  
  Partial identifiers (hints) for the client secrets associated with this OAuth client.
  
  Show clientSecrets properties
  
  hintstring
  Required
  
  Hint of a client application secret
  
  maxLength = 5
  
  createdAtstring
  
  The timestamp for when the client-secret record was created.
  
  format = "date-time"
  
  createdBystring
  
  The identifier for the user that created the client-secret record.
- allowedOriginsarray of strings
  
  List of allowed origins for the client.
- allowedAuthMethodsarray of strings
  
  List of allowed authentication methods for the client.
  
  Values may be any of: "client_secret""private_key_jwt"
- appTypestring
  Required
  
  The type of application the OAuth client represents.
  
  Can be one of: "web""native""spa""anonymous-embed"
  
  maxLength = 64
- logoUristring
  
  The URI for the client application's logo image.
  
  maxLength = 2048
- clientUristring
  
  The URI for the client application's homepage.
  
  maxLength = 2048
- createdAtstring
  Required
  
  The timestamp for when the oauth-clients record was created.
  
  format = "date-time"
- deletedAtstring
  
  The timestamp for when the oauth-clients record was deleted.
  
  format = "date-time"
- updatedAtstring
  
  The timestamp for when the oauth-clients record was updated.
  
  format = "date-time"
- clientNamestring
  Required
  
  The display name of the OAuth client application.
  
  maxLength = 512
- disableTagstring
  
  Indicates the reason the client is disabled. Present only when the client has been disabled.
- descriptionstring
  
  A text description of the OAuth client.
  
  maxLength = 4096
- publishedAtstring
  
  The timestamp when the client was published. Present only for published clients.
  
  format = "date-time"
- allowedScopesarray of strings
  
  List of allowed scopes for this client.
- connectionConfigobject
  
  Optional settings for configuring the client connection.
  
  Show connectionConfig properties
  
  consentMethodstring
  
  Specifies the consent method for the connection.
  
  Can be one of: "required""trusted"
- allowedGrantTypesarray of strings
  
  Allowed grant types. Only applicable when appType is web.
  
  Values may be any of: "client_credentials""urn:qlik:oauth:user-impersonation"

400

The request is invalid. Check the request body or parameters for errors.

application/jsonobject

The error response returned when an API request fails.
Show application/json properties
- errorsarray of objects
  
  A single error object describing what went wrong with the request.
  
  Show errors properties
  
  codestring
  Required
  
  A machine-readable error code.
  
  titlestring
  Required
  
  A summary of the error.
  
  detailstring
  
  Additional context about the error to help with debugging.

401

Unauthorized.

application/jsonobject

The error response returned when an API request fails.
Show application/json properties
- errorsarray of objects
  
  A single error object describing what went wrong with the request.
  
  Show errors properties
  
  codestring
  Required
  
  A machine-readable error code.
  
  titlestring
  Required
  
  A summary of the error.
  
  detailstring
  
  Additional context about the error to help with debugging.

403

Access denied. You lack the required permissions to perform this operation.

application/jsonobject

The error response returned when an API request fails.
Show application/json properties
- errorsarray of objects
  
  A single error object describing what went wrong with the request.
  
  Show errors properties
  
  codestring
  Required
  
  A machine-readable error code.
  
  titlestring
  Required
  
  A summary of the error.
  
  detailstring
  
  Additional context about the error to help with debugging.

404

The requested resource was not found.

application/jsonobject

The error response returned when an API request fails.
Show application/json properties
- errorsarray of objects
  
  A single error object describing what went wrong with the request.
  
  Show errors properties
  
  codestring
  Required
  
  A machine-readable error code.
  
  titlestring
  Required
  
  A summary of the error.
  
  detailstring
  
  Additional context about the error to help with debugging.

500

An unexpected error occurred on the server. Try again later.

application/jsonobject

The error response returned when an API request fails.
Show application/json properties
- errorsarray of objects
  
  A single error object describing what went wrong with the request.
  
  Show errors properties
  
  codestring
  Required
  
  A machine-readable error code.
  
  titlestring
  Required
  
  A summary of the error.
  
  detailstring
  
  Additional context about the error to help with debugging.

503

The service is temporarily unavailable. Try again later.

application/jsonobject

The error response returned when an API request fails.
Show application/json properties
- errorsarray of objects
  
  A single error object describing what went wrong with the request.
  
  Show errors properties
  
  codestring
  Required
  
  A machine-readable error code.
  
  titlestring
  Required
  
  A summary of the error.
  
  detailstring
  
  Additional context about the error to help with debugging.

GET /api/core/oauth-clients/{id}

This API is not included yet in qlik-cli

curl "https://console.qlikcloud.com/api/core/oauth-clients/{id}" \
-H "Authorization: Bearer <access_token>"

const https = require('https')

const options = {
  hostname: 'console.qlikcloud.com',
  port: 443,
  path: '/api/core/oauth-clients/{id}',
  method: 'GET',
  headers: {
    Authorization: 'Bearer <access_token>',
  },
}

const req = https.request(options)

Example Response

{
  "appType": "web",
  "logoUri": "string",
  "clientUri": "string",
  "createdAt": "2025-11-06T14:30:00.123456Z",
  "deletedAt": "2025-11-06T15:45:30.789012Z",
  "updatedAt": "2025-11-06T16:20:15.456789Z",
  "clientName": "string",
  "disableTag": "string",
  "publicKeys": [
    {
      "e": "AQAB",
      "n": "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx",
      "x": "WKn-ZIGevcwGIyyrzFoZNBdaq9_TsqzGl96oc0CWuis",
      "y": "y77t-RvAHRKTsSGdIYUfweuOvwrvDD-Q3Hv5J0fSKbE",
      "alg": "RS256",
      "crv": "P-384",
      "kid": "key-1",
      "kty": "RSA",
      "use": "sig"
    }
  ],
  "description": "string",
  "publishedAt": "2025-11-06T17:00:00.321654Z",
  "allowedScopes": [
    "string"
  ],
  "clientSecrets": [
    {
      "hint": "string",
      "createdAt": "2025-11-06T14:30:00.123456Z",
      "createdBy": "string"
    }
  ],
  "connectionConfig": {
    "consentMethod": "required"
  },
  "allowedGrantTypes": [
    "client_credentials"
  ],
  "allowedAuthMethods": [
    "client_secret"
  ],
  "clientId": "string",
  "redirectUris": [
    "string"
  ],
  "allowedOrigins": [
    "string"
  ]
}

Updates one or more properties of an OAuth client using JSON Patch (RFC 6902). Supply an array of patch operations targeting the fields you want to change. If the update results in a new client secret being generated, the response returns 202 Accepted with the new secret in the body; otherwise it returns 204 No Content.

Facts

Rate limit

Tier 2 (100 requests per minute)

Path Parameters

idstring
Required

The unique identifier for the OAuth client.

Request Body

Required

application/jsonarray of objects

A JSON Patch operation as defined in RFC 6902.
Show application/json properties
- opstring
  Required
  
  The patch operation to perform. Use add or replace to set a value, and remove to clear it.
  
  Can be one of: "add""remove""replace"
- pathstring
  Required
  
  The JSON pointer path of the field to patch.
  
  Can be one of: "/clientName""/description"
- valuestring|array
  
  The value to set for the targeted field. Required for add and replace operations.
  
  One of:
  
  string
  
  array of strings

Responses

202

A new client secret was generated. The response body contains the new secret value.

application/jsonobject

The response body returned when a PATCH operation generates a new client secret.
Show application/json properties
- clientSecretstring
  Required
  
  The generated client application secret.
  
  maxLength = 64

204

The OAuth client was updated successfully.

400

The request is invalid. Check the request body or parameters for errors.

application/jsonobject

The error response returned when an API request fails.
Show application/json properties
- errorsarray of objects
  
  A single error object describing what went wrong with the request.
  
  Show errors properties
  
  codestring
  Required
  
  A machine-readable error code.
  
  titlestring
  Required
  
  A summary of the error.
  
  detailstring
  
  Additional context about the error to help with debugging.

401

Unauthorized.

application/jsonobject

The error response returned when an API request fails.
Show application/json properties
- errorsarray of objects
  
  A single error object describing what went wrong with the request.
  
  Show errors properties
  
  codestring
  Required
  
  A machine-readable error code.
  
  titlestring
  Required
  
  A summary of the error.
  
  detailstring
  
  Additional context about the error to help with debugging.

403

Access denied. You lack the required permissions to perform this operation.

application/jsonobject

The error response returned when an API request fails.
Show application/json properties
- errorsarray of objects
  
  A single error object describing what went wrong with the request.
  
  Show errors properties
  
  codestring
  Required
  
  A machine-readable error code.
  
  titlestring
  Required
  
  A summary of the error.
  
  detailstring
  
  Additional context about the error to help with debugging.

404

The requested resource was not found.

application/jsonobject

The error response returned when an API request fails.
Show application/json properties
- errorsarray of objects
  
  A single error object describing what went wrong with the request.
  
  Show errors properties
  
  codestring
  Required
  
  A machine-readable error code.
  
  titlestring
  Required
  
  A summary of the error.
  
  detailstring
  
  Additional context about the error to help with debugging.

500

An unexpected error occurred on the server. Try again later.

application/jsonobject

The error response returned when an API request fails.
Show application/json properties
- errorsarray of objects
  
  A single error object describing what went wrong with the request.
  
  Show errors properties
  
  codestring
  Required
  
  A machine-readable error code.
  
  titlestring
  Required
  
  A summary of the error.
  
  detailstring
  
  Additional context about the error to help with debugging.

503

The service is temporarily unavailable. Try again later.

application/jsonobject

The error response returned when an API request fails.
Show application/json properties
- errorsarray of objects
  
  A single error object describing what went wrong with the request.
  
  Show errors properties
  
  codestring
  Required
  
  A machine-readable error code.
  
  titlestring
  Required
  
  A summary of the error.
  
  detailstring
  
  Additional context about the error to help with debugging.

PATCH /api/core/oauth-clients/{id}

This API is not included yet in qlik-cli

curl "https://console.qlikcloud.com/api/core/oauth-clients/{id}" \
-X PATCH \
-H "Content-type: application/json" \
-H "Authorization: Bearer <access_token>" \
-d '[{"op":"add","path":"/clientName","value":"string"}]'

const https = require('https')

const data = JSON.stringify([
  {
    op: 'add',
    path: '/clientName',
    value: 'string',
  },
])
const options = {
  hostname: 'console.qlikcloud.com',
  port: 443,
  path: '/api/core/oauth-clients/{id}',
  method: 'PATCH',
  headers: {
    'Content-type': 'application/json',
    Authorization: 'Bearer <access_token>',
  },
}

const req = https.request(options)
req.write(data)

Example Response

{
  "clientSecret": "a1b2c3d4e5f6..."
}

Deletes an OAuth client. After deletion, no new tokens can be issued for the client. Existing tokens may remain valid until they expire unless invalidated by a downstream revocation mechanism. Supply the qlik-confirm-delete header to confirm the deletion.

Facts

Rate limit

Tier 2 (100 requests per minute)

Header Parameters

qlik-confirm-deletestring
Required

A confirmation string that must equal the id of the OAuth client to delete.

Path Parameters

idstring
Required

The unique identifier for the OAuth client.

Responses

204

The OAuth client was deleted successfully.

400

The request is invalid. Check the request body or parameters for errors.

application/jsonobject

The error response returned when an API request fails.
Show application/json properties
- errorsarray of objects
  
  A single error object describing what went wrong with the request.
  
  Show errors properties
  
  codestring
  Required
  
  A machine-readable error code.
  
  titlestring
  Required
  
  A summary of the error.
  
  detailstring
  
  Additional context about the error to help with debugging.

401

Unauthorized.

application/jsonobject

The error response returned when an API request fails.
Show application/json properties
- errorsarray of objects
  
  A single error object describing what went wrong with the request.
  
  Show errors properties
  
  codestring
  Required
  
  A machine-readable error code.
  
  titlestring
  Required
  
  A summary of the error.
  
  detailstring
  
  Additional context about the error to help with debugging.

403

Access denied. You lack the required permissions to perform this operation.

application/jsonobject

The error response returned when an API request fails.
Show application/json properties
- errorsarray of objects
  
  A single error object describing what went wrong with the request.
  
  Show errors properties
  
  codestring
  Required
  
  A machine-readable error code.
  
  titlestring
  Required
  
  A summary of the error.
  
  detailstring
  
  Additional context about the error to help with debugging.

404

The requested resource was not found.

application/jsonobject

The error response returned when an API request fails.
Show application/json properties
- errorsarray of objects
  
  A single error object describing what went wrong with the request.
  
  Show errors properties
  
  codestring
  Required
  
  A machine-readable error code.
  
  titlestring
  Required
  
  A summary of the error.
  
  detailstring
  
  Additional context about the error to help with debugging.

500

An unexpected error occurred on the server. Try again later.

application/jsonobject

The error response returned when an API request fails.
Show application/json properties
- errorsarray of objects
  
  A single error object describing what went wrong with the request.
  
  Show errors properties
  
  codestring
  Required
  
  A machine-readable error code.
  
  titlestring
  Required
  
  A summary of the error.
  
  detailstring
  
  Additional context about the error to help with debugging.

503

The service is temporarily unavailable. Try again later.

application/jsonobject

The error response returned when an API request fails.
Show application/json properties
- errorsarray of objects
  
  A single error object describing what went wrong with the request.
  
  Show errors properties
  
  codestring
  Required
  
  A machine-readable error code.
  
  titlestring
  Required
  
  A summary of the error.
  
  detailstring
  
  Additional context about the error to help with debugging.

DELETE /api/core/oauth-clients/{id}

This API is not included yet in qlik-cli

curl "https://console.qlikcloud.com/api/core/oauth-clients/{id}" \
-X DELETE \
-H "qlik-confirm-delete: string" \
-H "Authorization: Bearer <access_token>"

const https = require('https')

const options = {
  hostname: 'console.qlikcloud.com',
  port: 443,
  path: '/api/core/oauth-clients/{id}',
  method: 'DELETE',
  headers: {
    'qlik-confirm-delete': 'string',
    Authorization: 'Bearer <access_token>',
  },
}

const req = https.request(options)

Generates a new client secret for the specified OAuth client. Client secrets are supported only for clients with appType set to web and client_secret listed in allowedAuthMethods. An OAuth client can have a maximum of 5 client secrets at one time. The secret value is returned only in the response and cannot be retrieved again.

Facts

Rate limit

Tier 2 (100 requests per minute)

Path Parameters

idstring
Required

The unique identifier for the OAuth client.

Responses

201

Client secret created successfully. The secret value is returned only once and cannot be retrieved again.

application/jsonobject

The newly created client secret. The secret value is returned only once and cannot be retrieved again.
Show application/json properties
- hintstring
  Required
  
  A short identifier for this client secret, used to distinguish it from other secrets.
- clientIdstring
  Required
  
  The unique identifier of the OAuth client.
- createdAtstring
  
  The timestamp for when the client-secret record was created.
  
  format = "date-time"
- createdBystring
  
  The identifier for the user that created the client-secret record.
- clientSecretstring
  Required
  
  The client secret value. Store this securely; it cannot be retrieved again.

400

The request is invalid. Check the request body or parameters for errors.

application/jsonobject

The error response returned when an API request fails.
Show application/json properties
- errorsarray of objects
  
  A single error object describing what went wrong with the request.
  
  Show errors properties
  
  codestring
  Required
  
  A machine-readable error code.
  
  titlestring
  Required
  
  A summary of the error.
  
  detailstring
  
  Additional context about the error to help with debugging.

401

Unauthorized.

application/jsonobject

The error response returned when an API request fails.
Show application/json properties
- errorsarray of objects
  
  A single error object describing what went wrong with the request.
  
  Show errors properties
  
  codestring
  Required
  
  A machine-readable error code.
  
  titlestring
  Required
  
  A summary of the error.
  
  detailstring
  
  Additional context about the error to help with debugging.

403

Access denied. You lack the required permissions to perform this operation.

application/jsonobject

The error response returned when an API request fails.
Show application/json properties
- errorsarray of objects
  
  A single error object describing what went wrong with the request.
  
  Show errors properties
  
  codestring
  Required
  
  A machine-readable error code.
  
  titlestring
  Required
  
  A summary of the error.
  
  detailstring
  
  Additional context about the error to help with debugging.

404

The requested resource was not found.

application/jsonobject

The error response returned when an API request fails.
Show application/json properties
- errorsarray of objects
  
  A single error object describing what went wrong with the request.
  
  Show errors properties
  
  codestring
  Required
  
  A machine-readable error code.
  
  titlestring
  Required
  
  A summary of the error.
  
  detailstring
  
  Additional context about the error to help with debugging.

409

The maximum number of client secrets is 5.

application/jsonobject

The error response returned when an API request fails.
Show application/json properties
- errorsarray of objects
  
  A single error object describing what went wrong with the request.
  
  Show errors properties
  
  codestring
  Required
  
  A machine-readable error code.
  
  titlestring
  Required
  
  A summary of the error.
  
  detailstring
  
  Additional context about the error to help with debugging.

500

An unexpected error occurred on the server. Try again later.

application/jsonobject

The error response returned when an API request fails.
Show application/json properties
- errorsarray of objects
  
  A single error object describing what went wrong with the request.
  
  Show errors properties
  
  codestring
  Required
  
  A machine-readable error code.
  
  titlestring
  Required
  
  A summary of the error.
  
  detailstring
  
  Additional context about the error to help with debugging.

503

The service is temporarily unavailable. Try again later.

application/jsonobject

The error response returned when an API request fails.
Show application/json properties
- errorsarray of objects
  
  A single error object describing what went wrong with the request.
  
  Show errors properties
  
  codestring
  Required
  
  A machine-readable error code.
  
  titlestring
  Required
  
  A summary of the error.
  
  detailstring
  
  Additional context about the error to help with debugging.

POST /api/core/oauth-clients/{id}/client-secrets

This API is not included yet in qlik-cli

curl "https://console.qlikcloud.com/api/core/oauth-clients/{id}/client-secrets" \
-X POST \
-H "Authorization: Bearer <access_token>"

const https = require('https')

const options = {
  hostname: 'console.qlikcloud.com',
  port: 443,
  path: '/api/core/oauth-clients/{id}/client-secrets',
  method: 'POST',
  headers: {
    Authorization: 'Bearer <access_token>',
  },
}

const req = https.request(options)

Example Response

{
  "hint": "string",
  "clientId": "string",
  "createdAt": "2025-11-06T14:30:00.123456Z",
  "createdBy": "string",
  "clientSecret": "string"
}

Deletes a specific client secret for an OAuth client. After deletion, the secret can no longer be used for future client authentication or token requests that require that secret.

Facts

Rate limit

Tier 2 (100 requests per minute)

Path Parameters

hintstring
Required

The hint identifying the client secret to delete.
idstring
Required

The unique identifier for the OAuth client.

Responses

204

The client secret was deleted successfully.

400

The request is invalid. Check the request body or parameters for errors.

application/jsonobject

The error response returned when an API request fails.
Show application/json properties
- errorsarray of objects
  
  A single error object describing what went wrong with the request.
  
  Show errors properties
  
  codestring
  Required
  
  A machine-readable error code.
  
  titlestring
  Required
  
  A summary of the error.
  
  detailstring
  
  Additional context about the error to help with debugging.

401

Unauthorized.

application/jsonobject

The error response returned when an API request fails.
Show application/json properties
- errorsarray of objects
  
  A single error object describing what went wrong with the request.
  
  Show errors properties
  
  codestring
  Required
  
  A machine-readable error code.
  
  titlestring
  Required
  
  A summary of the error.
  
  detailstring
  
  Additional context about the error to help with debugging.

403

Access denied. You lack the required permissions to perform this operation.

application/jsonobject

The error response returned when an API request fails.
Show application/json properties
- errorsarray of objects
  
  A single error object describing what went wrong with the request.
  
  Show errors properties
  
  codestring
  Required
  
  A machine-readable error code.
  
  titlestring
  Required
  
  A summary of the error.
  
  detailstring
  
  Additional context about the error to help with debugging.

404

The requested resource was not found.

application/jsonobject

The error response returned when an API request fails.
Show application/json properties
- errorsarray of objects
  
  A single error object describing what went wrong with the request.
  
  Show errors properties
  
  codestring
  Required
  
  A machine-readable error code.
  
  titlestring
  Required
  
  A summary of the error.
  
  detailstring
  
  Additional context about the error to help with debugging.

500

An unexpected error occurred on the server. Try again later.

application/jsonobject

The error response returned when an API request fails.
Show application/json properties
- errorsarray of objects
  
  A single error object describing what went wrong with the request.
  
  Show errors properties
  
  codestring
  Required
  
  A machine-readable error code.
  
  titlestring
  Required
  
  A summary of the error.
  
  detailstring
  
  Additional context about the error to help with debugging.

503

The service is temporarily unavailable. Try again later.

application/jsonobject

The error response returned when an API request fails.
Show application/json properties
- errorsarray of objects
  
  A single error object describing what went wrong with the request.
  
  Show errors properties
  
  codestring
  Required
  
  A machine-readable error code.
  
  titlestring
  Required
  
  A summary of the error.
  
  detailstring
  
  Additional context about the error to help with debugging.

DELETE /api/core/oauth-clients/{id}/client-secrets/{hint}

This API is not included yet in qlik-cli

curl "https://console.qlikcloud.com/api/core/oauth-clients/{id}/client-secrets/{hint}" \
-X DELETE \
-H "Authorization: Bearer <access_token>"

const https = require('https')

const options = {
  hostname: 'console.qlikcloud.com',
  port: 443,
  path: '/api/core/oauth-clients/{id}/client-secrets/{hint}',
  method: 'DELETE',
  headers: {
    Authorization: 'Bearer <access_token>',
  },
}

const req = https.request(options)

Oauth clients

Endpoints

List OAuth clients

Facts

Query Parameters

Responses

200

400

401

403

500

503

Example Response

Create an OAuth client

Facts

Request Body

Responses

201

400

401

403

500

503

Example Response

Get an OAuth client

Facts

Path Parameters

Responses

200

400

401

403

404

500

503

Example Response

Update an OAuth client

Facts

Path Parameters

Request Body

Responses

202

204

400

401

403

404

500

503

Example Response

Delete an OAuth client

Facts

Header Parameters

Path Parameters

Responses

204

400

401

403

404

500

503

Create an OAuth client secret

Facts

Path Parameters

Responses

201

400

401

403

404

409

500

503

Example Response

Delete an OAuth client secret

Facts

Path Parameters

Responses

204