post https://{tenanturl}/v1.0/apiclients
Creates an API client with a random client ID and secret and assigns the given entitlements. The client is configured with the client_credentials grant type. You must perform a GET operation on the returned location header to get the generated client ID and secret.
The entitlements array can contain any combination of entitlements.
List of API Client entitlements:
| Entitlement | Description | Offering |
|---|---|---|
| manageDeployment | Manage deployment | any |
| manageCerts | Manage certificates | any |
| readCerts | Read certificates | any |
| manageAPIClients | Manage API clients | any |
| readAPIClients | Read API clients | any |
| manageIdentitySources | Manage identity providers | any |
| readIdentitySources | Read identity providers | any |
| manageMFAMethods | Manage second-factor authentication method configuration | CIC |
| readMFAMethods | Read second-factor authentication method configuration | CIC |
| manageEnrollMFAMethodAnyUser | Manage second-factor authentication enrollment for all users | CIV |
| readEnrollMFAMethodAnyUser | Read second-factor authentication enrollment for all users | CIV |
| authnAnyUser | Authenticate any user | CIV |
| manageAuthenticatorsConfig | Manage authenticator configuration | CIV |
| readAuthenticatorsConfig | Read authenticator configuration | CIV |
| manageAuthenticatorsAnyUser | Manage authenticator registrations for all users | CIV |
| readAuthenticatorsAnyUser | Read authenticator registrations for all users | CIV |
| manageUserGroups | Manage users and groups | any |
| readUserGroups | Read users and groups | any |
| manageAllUserGroups | Synchronize users and groups | any |
| manageUsersPwdReset | Manage users and their pwdReset attribute | any |
| manageUserStandardGroups | Manage users and standard groups | any |
| manageAdminGroup | Manage administrator group | any |
| readAdminGroup | Read administrator group | any |
| managePwdPolicy | Manage password policy | any |
| readPwdPolicy | Read password policy | any |
| AnalyticsDataSyncToCloud | CIA | |
| AnalyticsSatelliteOnBoard | CIA | |
| manageOIDCGrants | Manage OAuth tokens | any |
| readOIDCGrants | Read OAuth tokens | any |
| recoverUsername | Recover user name | any |
| manageFederations | Manage federations | any |
| readFederations | Read federations | any |
| resetPassword | Reset password | any |
| manageAppAccessAdmin | Manage application lifecycle | any |
| manageAppAccessOwner | Manage application entitlements | any |
| manageSubscriptions | Manage subscriptions | ISC |
| manageAccessPolicies | Manage access policies | any |
| readAccessPolicies | Read access policies | any |
| managePushCreds | Manage Push notification credentials | any |
| readPushCreds | Read Push notification credentials | any |
| manageAccessRequest | Manage access request | CIG |
| manageAccessWorkflow | Manage access request work flows | CIG |
| manageOIDCConsents | Manage OAuth consents | any |
| readOIDCConsents | Read OAuth consents | any |
| manageReports | Manage reports | any. Exception: application usage reports can only be exported by CIC. |
| readReports | Read reports | any. Exception: application usage reports can only be accessed by CIC. |
| updateAnyUser | Update any user | any |
| resetPasswordAnyUser | Reset password of any user | any |
| readTenantProperties | Read tenant properties | any |
| manageTenantProperties | Manage tenant properties | any |
| manageAttributes | Manage attribute sources | any |
| readAttributes | Read attribute sources | any |
| generateOTP | Generate OTP | CIV |
| readAppConfig | Read application configuration | any |
| manageTemplates | Manage templates and themes | any |
| readTemplates | Read templates and themes | any |
| reviewCertRecords | Review certification records | CIG |
| readEntitlements | Read configurable entitlements | any |
| manageNotificationProviders | Manage notification providers | any |
| readNotificationProviders | Read notification providers | any |
| manageCertifications | Manage certifications | CIG |
| readExternalAgents | Read external agents | any |
| manageExternalAgents | Manage external agents | any |
| runExternalAgent | Enable external agent runtime functions | any |
| manageOidcDynamicClient | Manage OIDC client registration dynamically | any |
| readPurpose | Read privacy purposes and EULA | any |
| managePurpose | Manage privacy purposes and EULA | any |
| manageAppPurpose | Manage application privacy purposes | any |
| readPrivacyConsent | Read privacy consents | any |
| managePrivacyConsent | Manage privacy consents | any |
| readPrivacyPolicy | Read privacy rules and policy | any |
| managePrivacyPolicy | Manage privacy rules and policy | any |
| createPrivacyConsent | Create privacy consent records | any |
| performDSP | Retrieve privacy purposes and associated user's consent | any |
| performDUA | Check for data usage approval | any |
| certCampaignSupervisor | Monitor certification campaigns | CIG |
| managePwdVaultAnyUser | Manage password vault for all users | CIC, CIV |
| managePwdVault | Manage own password vault | CIC, CIV |
| readPwdVaultAnyUser | Read password vault for all users | CIC, CIV |
| readPwdVault | Read own password vault | CIC, CIV |
| managePwdVaultConfig | Manage password vault configuration | CIC, CIV |
| readPwdVaultConfig | Read password vault configuration | CIC, CIV |
| mfaPush | Send second-factor push notifications | CIV |
| readPrivacyProfile | Read privacy profiles | any |
| managePrivacyProfile | Manage privacy profiles | any |
| manageEntitlements | Manage entitlements | any |
| manageDevicesAnyUser | Manage devices for all users | any |
| readDevicesAnyUser | Read devices for all users | any |
| manageDevices | Manage only your devices | any |
| readDevices | Read only your devices | any |
| manageRecaptcha | Manage reCAPTCHA configuration | any |
| readRecaptcha | Read reCAPTCHA configuration | any |
| manageLoginSessions | Manage login sessions | any |
| manageRelyingParty | Manage relying party configuration | any |
| readRelyingParty | Read relying party configuration | any |
| manageWebhooks | Manage webhooks | any |
| readWebhooks | Read webhooks | any |
| readSTSClients | Read STS clients and token types | any |
| manageSTSClients | Manage STS clients and token types | any |
| manageVerifiableLinks | Manage verifiable links configuration | any |
| readSelfOidcGrants | Read your OIDC and OAuth grants | any |
| manageSelfOidcGrants | Manage your OIDC and OAuth grants | any |
| diManageAgency | Manage Decentralized Identity Agency Configuration | any |
| diReadAgency | Read Decentralized Identity Agency Configuration | any |
| diManageAgentsAny | Manage Decentralized Identity Agents | any |
| diReadAgentsAny | Read Decentralized Identity Agents | any |
| manageMyOrg | Manage my organization | CIG |
| diIssueCredentials | Issue Decentralized Identity Verifiable Credentials | CIV |
| diVerifyCredentials | Verify Decentralized Identity Verifiable Credentials | CIV |
Entitlements required: manageAPIClients (Manage API clients)