How to register an API client app

This guide shows you how to create an App registration so an external system or script can call the AlloyScan REST API.

Prerequisites

• You sign in with the Administrator role on the target site.
• You know the date by which the registration must be renewed (Expiration date is required at creation).
• You have a secret store ready to receive the Client secret. The secret is displayed only once.

Steps

1. Navigate to Admin Center > Site Settings > IAM > App registrations.

2. Click + New registration.

3. Fill in the registration form:

   • Name — a free-text identifier for the client.
   • Expiration date — the date after which the registration stops working. Required.
   • Enabled — leave on. You can turn it off later to disable the registration without deleting it.

4. Click Save. The system issues a 20-character Client ID and a system-generated Client secret.

5. Copy the Client ID and the Client secret to your secret store immediately.

   Important: The Client secret is shown only once, at the moment the registration is created. AlloyScan does not store the secret in a way that lets you reveal it again later. If you lose it, the only recovery path is to rotate the registration with a new secret.

6. Configure your client (for example, an Alloy Navigator Sync job, a custom integration, or a script) with the issued Client ID and Client secret.

Verify

• The new registration appears in the App registrations grid with Enabled = Yes and an Expires value of In N days.
• Your client successfully authenticates against the REST API and receives a non-error response.
• No API client alert banner appears on the dashboard for this registration.

Related

• App Registrations Reference
• About Integrations
• API Authentication Reference
• API Rate Limits