---
source: https://qlik.dev/authenticate/oauth/create/create-oauth-client-m2m-impersonation/
last_updated: 2026-04-09T12:49:26Z
---

# Create a M2M impersonation OAuth2 client

## Introduction

In this tutorial, you are going to learn how to create a machine-to-machine impersonation
OAuth2 client on your Qlik Cloud tenant through the management console user
interface.

If you're not sure which type of OAuth client you need for your application, review
the [OAuth2 Overview](https://qlik.dev/authenticate/oauth/) to learn more.

## Prerequisites

- A Qlik Cloud tenant
- Tenant Admin role assigned to the user account creating OAuth2 clients

## Create an OAuth2 client

1. In the Administration activity center, select **OAuth**.

   [image: OAuth settings panel in the Administration activity center]

2. Click **Create new**, then select **Web** from the **Client type** dropdown.

   [image: Configuration options for a Web OAuth2 client]

3. Enter a name for the OAuth2 client.

   [image: Name input field for a Web OAuth2 client configuration]

4. Select the scopes to grant to the client. For more information, see [OAuth Scopes](https://qlik.dev/authenticate/oauth/scopes/).

   [image: Scopes selection panel]

5. If you plan to use the access token from a browser application, add it to the
   **Allowed Origins** list. In this example, `https://custom-app.com` is using impersonation
   tokens to make requests to a Qlik Cloud tenant.

   [image: Allowed Origins configuration for browser apps]

6. Select the **Machine-to-machine impersonation** checkbox to enable M2M impersonation
   for this OAuth client.

   [image: Machine-to-machine impersonation checkbox for a Web OAuth2 client configuration]

7. Under **Authentication method**, select one or both options:

   - **Client secret** (default): Qlik Cloud generates a shared secret. Use this if your
     application stores credentials securely.
   - **Private key JWT**: Authenticate using a public/private key pair for enhanced
     security. Paste your application's public key in JSON Web Key (JWK) format. For more
     information, see [Authenticate with Private Key JWT](https://qlik.dev/authenticate/oauth/oauth-private-key-jwt/).

8. Click **Create**. A dialog displays your **Client ID** and (if selected) **Client secret**.
   Copy these values to a secure location.

   [image: OAuth 2 client id and client secret display]

9. Click the action menu (three dots) next to your new OAuth client and select **Change
   consent method**.

   [image: OAuth 2 extended properties menu]

10. Select **Trusted** and click **Change consent method**.

    [image: Consent configuration screen]

Your OAuth2 client is ready to use. Use your **Client ID** and **Client secret** in your
application to authenticate with Qlik Cloud.