Skip to main content
You can create and configure Vantage API clients in the Configuration tab in the left pane. To create an API client, follow these steps:
  1. Click Create API Client.
Create API Client
  1. In the dialog that will open, the Client ID and Client Secret of the created client will be displayed. You can save their values by clicking the icon next to them. Alternatively, you can click the Save to File button and specify a location where a TXT file containing the Client ID and Client Secret values will be saved.
Important! The secret value is shown only once during client creation, which means that it needs to be saved immediately. Client ID and Secret Dialog
  1. Click Close.
After the above steps, you will automatically navigate to the editing page for the created client. There, you will be able do the following:
  • Change the name of the created client specified in the Client Name field.
  • Create a new secret by clicking Add Secret. By default, a secret is created for a period of 6 months.
  • Add a new redirect URL by clicking Add Redirect URL.
  • Configure the allowed authentication flows in the OAuth 2.0 Flows Settings section. Please note that you can select more than one flow:
    • Allow Authorization Code Flow. Allows authentication using this secure authentication scheme, where instead of routing the authentication request to the user, the application sends it directly to the Vantage authorization server. The authorization server then verifies the user’s credentials and provides the client with an authorization code. Authorization Code Flow is enabled for all Vantage API clients. If needed:
      • Select the Require PKCE for Authorization Code Flow option. This option strengthens security when authorizing public clients. It allows Vantage to verify that the application requesting an access token is the same one that initiated the authentication.
      • Select Allow issuing refresh tokens to refresh access tokens. This option allows issuing refresh tokens for obtaining renewed access tokens. The application can request new access tokens using the refresh tokens without interacting with the user. Applications must store refresh tokens securely because they let the user stay authenticated.
    • Allow Resource Owner Password Credentials Flow. Allows users to authenticate using their username and password. This involves the application having access to the user’s password and requires a high level of trust between the user and the application.
Note: This flow doesn’t work when an External Identity Provider is configured.
  • Allow client credentials flow. Allows applications to be authorized using the OAuth 2.0 Client Credentials flow, granting them access to the Vantage API. Roles assigned to the applications are determined by the Manage Roles setting below Allow client credentials flow. With the specified roles, the application will log in to Vantage.
For more information about authentication flows, see Authentication. OAuth 2.0 Configuration If you want to create a new client, select Add Client in the New Client drop-down list. This list will also display all existing clients, clicking on which will open the editing page for the selected client. Additionally, if necessary, you can search by client name and roles. New Client Dropdown To delete a client, click the icon and then click Delete Client. Delete Client