OAuth Configuration

oauth authorization is an alternative authentication mechanism for the license api, available exclusively for enterprise clients oauth client id and secret structure oauth credentials (client id and secret) can be associated with different levels of specificity within the system license customer customer account company oauth token validation hierarchy when validating oauth tokens, the system follows a hierarchy of specificity check for an oauth secret at the license level if not found, check at the customer level if not found, check at the customer account level if not found, check at the company level user interface access license, customer, and customer account views oauth settings are accessible via the oauth tab company level oauth settings can be found under settings → keys oauth initialization location on platform default rotation settings when creating new oauth credentials, the system applies default rotation settings , unless overridden for specific credentials secret expiration period defines the time before a newly generated secret expires secret rotation grace period specifies the period before the current secret expires, allowing for a smooth transition setting the default rotation settings enforcing oauth authentication a company account may have an optional flag, is oauth required , when enabled oauth authentication is mandatory for all users under that company account api key and shared key authentication methods are disabled this setting is available under settings → preferences api error response if a request is sent using an api/shared key while oauth is required, the license api will return the following error { status 400, code 'oauth required', message 'this account requires oauth authentication' } authorization process to authorize with oauth users obtain a short lived access token using their client id and secret the access token must be included in the license api request headers , replacing the traditional api key or shared key for more details, refer to oauth authorization docid\ xhyzaual9qy4jerxkilmk sdk integration oauth authentication will be implemented in the sdks to simplify integration see your sdk specific documentation for more information oauth key management license manager permissions license managers can view a list of client ids and secrets for the licenses and customers they manage revoke oauth secrets manage expiration dates of oauth secrets explicit permission requirement license managers can only revoke or modify expiration dates of oauth keys if they have been granted explicit permission to do so oauth expiration notifications platform users can define notification policies for oauth key expiration these policies trigger email notifications when a secret is about to expire a secret has already expired