Introduction
What we need from you
In order for us to register your app, we'll need the following information:
- The name of your app
- Redirect URI
- A link to your terms & conditions
- A link to your privacy policy
Redirect URIs
This is where we'll send users back to when they've logged in. We will only redirect users to a
registered URI, which helps prevent some attacks. Any HTTP redirect URIs must be secure, so the
service will only redirect to HTTP URIs beginning with https://. This prevents tokens from being
intercepted during the authorisation process.
Client ID and Secret
After registering your app, you will receive a client ID and a client secret. The client ID is considered public information, and is used to build the authorisation URL. The client secret must be kept confidential. If a deployed app cannot keep the secret confidential, such as in JavaScript or native apps, then the secret is not used.
If you suspect that your secret has been leaked, contact your account manager or email support as soon as possible.
Roles
In this documentation, you might see terms referring to different actors in the OAuth process. Below is a list of those terms and who they refer to.
| Title | Description |
|---|---|
| The Third-Party Application: "Client" | The client is your application, which needs access to a user's account. The user needs to authorise your application before you can access their account. |
| The API: "Resource Server" | The resource server is the API server used to access the user's information. |
| The User: "Resource Owner" | The resource owner is the user who is giving access to some portion of their account. |