This article gives a general overview of how to manage Chat API clients and OAuth tokens. It walks you through how to create and delete existing clients, as well as create and revoke OAuth access tokens.
API clients are used to create OAuth access tokens to authenticate API requests. If you're on a Legacy Chat-only account, you have two ways of authenticating API requests:
- basic authentication with a username and password
- OAuth access token
If you're on the Chat+Support or Phase 4 account, you have only one way of authenticating API requests:
- OAuth access token
For more on Chat account types, see About Chat account types. For details on API authentication, see Security and Authentication in the Chat API docs.
This article contains the following sections
- Managing API clients
- Creating API clients
- Deleting API clients
- Creating tokens
- Revoking tokens
- Additional resources
Managing API clients
Admins can easily view and delete any of their active API clients from the Chat interface. Users can only see the clients that they created.
To view your active clients, go to the Chat dashboard and select Settings > Account > API & SDKs.
From here, you can select the client you want to view or update. You can also regenerate the client secret or delete the client.
Creating API clients
If you're creating OAuth tokens for internal use, follow these instructions. If the client is for a third party integration, follow the installation instructions provided by the developer.
To create a client, go to the Chat dashboard and select Settings > Account > API & SDKs, then click the Add API Client button.
For detailed instructions on completing the client fields, see Adding an API client in the Chat API docs.
Deleting API clients
Before deleting a client, make sure you know how it may affect any third-party services. If your client has the Redirect URL field set to anything other than localhost, the client is likely interacting with an external integration. If you delete the client, you'll need to create another client. During the token creation process, users of the external integration will need to grant the integration access to their Chat account again. If the redirect url is localhost, then the client was likely created for internal API use.
To delete a client
- From the Chat dashboard, select Settings > Account > API & SDKs, then select the client from the list.
- Click the Delete Selected button.
You can also manage API clients with the API. See OAuth Clients in the API docs.
Once you have an API client, you can create an OAuth access token to authenticate API requests.
There are two ways to create an access token -- a longer, more formal way for production environments, and a shorter, more convenient way for testing environments.
For instructions on both methods, see Generating a REST API token for integrated Chat accounts.
A token can only be revoked by the user who created it. Admins don't have the permissions to revoke tokens created by other users.
Use the OAuth Tokens API to revoke a token. The procedure consists of the following steps:
- List your tokens to get the id of the token you want to delete.
See List Tokens in the API docs.
If you have many tokens, it helps to know the approximate time and date you created the token so you can identify it in the list.
- Revoke the token by id.
See Revoke Token in the API docs.
This article provides a general overview of API clients and OAuth access tokens. For more information, see the following articles:
- OAuth Authentication in the Chat API docs
- Generating a REST API Tokens for Chat
Article is closed for comments.