Online Help

How to create an App registration

This guide shows you how to create a REST API App registration so a service-to-service caller can authenticate against AlloyScan.

Each App registration produces a Client ID and a Client secret that the caller exchanges for short-lived access tokens via the OAuth client_credentials grant. Registrations are scoped per Site.

Prerequisites

  • You are signed in as a Site Administrator.
  • You know the lifetime you want to grant the registration. Use the shortest lifetime that fits the integration's deployment cadence so that compromise blast radius stays small.
  • You have a place to store the Client secret immediately on creation. The secret is shown once; if it is lost, the registration must be replaced.

Steps

  1. Navigate to Admin Center > Site Settings > IAM > App registrations.
  2. Click + New registration.
  3. Fill in the fields:
    • Name — a human-readable label that identifies the consumer (for example, Backup script — pull device list nightly).
    • Expiration date — when the secret stops being accepted. Drives the 30-day / 7-day / expired notification cadence.
    • Enabled — leave on for a registration that should accept tokens immediately.
  4. Click Save.
  5. The Client ID and Client secret are displayed. Copy the secret to your secret store now — it cannot be revealed again.

Important: The Client secret is shown only once at creation. If the consumer loses it, you cannot recover it from the Admin Center; you must delete the registration and create a new one.

Verify

The new registration appears in the App registrations grid with Name, Client ID, Registration date, Enabled = Yes, an empty Last used, and Expires showing In N days.

To confirm the credentials work end-to-end, exchange them for a token and call a low-impact endpoint (for example, list devices) — the registration's Last used column updates to the current timestamp.