Register an OAuth simple client (custom) app

In order to make any call to the apaleo Identity API, and to request your OAuth 2.0 access token, you need to register a client application. Registered OAuth applications are assigned a unique Client ID (client_id) and a unique Client Secret (client_secret). Make sure to store the Client Secret securely.

Only users with administration management privileges can register applications.


To register OAuth simple client app:

  1. Log into the apaleo Dashboard with your apaleo developer credentials. If you don’t have an account, sign up for your apaleo developer account.

  2. Navigate to the Apps section and click Connected apps.

  3. On the connect clients page, click Add a new app.

  4. On the Add a new app dialog, select Add custom app.

  5. On the New custom app page, enter the following details:

    Field Description
    Client code Unique key for the client application.
    Client name Human-readable string name of the client application.
    Personally identifiable information Decide if you want to retrieve personal information such as guest name, address, country, etc.
    Secrets Description of your secret. You can add a new secret to your app to get a new client secret if you believe that the existing client secret has been compromised.
    Scopes OAuth scopes, or permissions, let you specify exactly how your app needs to access an apaleo user’s account.
  6. Review your app details and save your app.

  7. Take note of the client ID and client secret. You’ll need these in the next step to initiate the OAuth flow.

    • Client ID - This identifies the client responsible for the OAuth request. A unique key for the client application.
    • Client Secret - A client secret is a secret known only to your application and the authorization server. It protects your resources by only granting tokens to authorized requestors. Always store the client secret key securely; never reveal it publicly! If you suspect that the secret key has been compromised, regenerate it immediately by adding a new secret to the client application.