App Registrations Reference
Reference for the per-Site REST API App registration catalog: list view, fields, lifecycle, and the expiration notification cadence.
Menu path
Admin Center > Site Settings > IAM > App registrations.
List view
| Column | Type | Description |
|---|---|---|
| Name | String, link | Human-readable label. Sorted ascending by default. |
| Client ID | UUID | Issued at creation. The OAuth client ID used by the consumer. |
| Registration date | DateTime | When the registration was created. |
| Enabled | Yes / No |
Whether the registration accepts token requests. |
| Last used | DateTime | Timestamp of the most recent successful token issuance. Empty until first use. |
| Expires | In N days / Expired |
Computed from the registration's Expiration date. |
Toolbar: Default View ▼ / + New registration / Filter / ⋯ / ⚙️.
Fields on the create form
| Field | Required | Description |
|---|---|---|
| Name | yes | Human-readable label that identifies the consumer in the grid and in audit logs. |
| Expiration date | yes | When the registration stops accepting token requests. Drives the 30-day / 7-day / expired notification cadence. |
| Enabled | yes (toggle, default on) | When off, the registration cannot exchange the Client secret for a token even if all other fields are valid. |
On save, the system displays the issued Client ID and Client secret. The Client secret is shown once and cannot be revealed again.
Lifecycle
| State | Trigger | UI signal |
|---|---|---|
| Active | Created with a future Expiration date. | Row shows In N days in Expires. Token requests succeed. |
| Expiring (30 d) | 30 days before Expiration date. | An Administrative notification fires. Banner not yet shown. |
| Expiring (7 d) | 7 days before Expiration date. | Second Administrative notification fires. Banner not yet shown. |
| Expired | The Expiration date has passed. | Row shows Expired. A persistent rose-pink API client alert banner appears on every page. Token requests fail. A third Administrative notification fires. |
| Disabled | Admin toggles Enabled off. | Token requests fail. The registration is preserved but inactive. |
The administrator transitions back to Active by extending the Expiration date or by toggling Enabled back on.
Expiration notification cadence
The Administrative notification category templates fire at three points relative to the Expiration date:
- 30 days before —
App registration expires in 30 days. - 7 days before —
App registration expires in 7 days. - On expiry —
App registration has expired.
After expiry, AlloyScan also renders a persistent API client alert banner at the top of every page in the Site (one banner per expired registration). Each banner names the affected registration and is dismissable per session, but it returns on every fresh page load until the registration is renewed or removed.
Constraints
- The Client secret cannot be revealed back through the UI. Capture it at creation.
- Extending the Expiration date does not regenerate the Client secret.
- Extending or renewing keeps the same Client ID; the consumer needs no update.
- Whether the create form exposes additional optional fields beyond Name, Expiration date, and Enabled may vary by deployment.
RBAC
| Action | Site Administrator | Site User | Global Administrator |
|---|---|---|---|
| List App registrations in this Site | yes | no | yes |
| Create / edit / delete | yes | no | yes |
| Cross-Site visibility (all registrations across the instance) | no | no | may vary by deployment |
Related
- How to create an App registration — step-by-step.
- How to renew an App registration — extending lifetime, recovering from expiry.
- Integrations Troubleshooting — symptoms.
- About Authentication — for interactive user authentication, distinct from App registrations.