Register an OAuth Client

The following details how an Ironclad user would register an OAuth 2.0 client application to use the Authorization Code Grant or Client Credentials Grant to generate bearer tokens to authenticate Ironclad API resource requests.


The first step to setting up your application with Ironclad’s OAuth 2.0 implementation is to register your client application.

To register your client application, navigate to the registration page:

  1. Click on your user profile dropdown at the top right-hand corner > Select “Company Settings”.
  1. Select the “API” tab on the left sidebar.


Access to API Settings

The “API” tab will only be visible if you have the API add-on enabled for your instance.

  1. After arriving there, you will click on the “Create new app” button.
  1. A popup will appear which will require a name to be entered for the OAuth application. Once the name is entered, click "Create app".
  1. This will generate a new client application and supply you with a client ID and secret. Save this secret, as you will not be able to access it again.
  1. After closing the modal, fill out the client application details and click “Save Changes”.
  • Title
    • This title will populate in the Authorization Code Grant consent dialog.
  • Description
  • Display Image
    • This image will populate in the Authorization Code Grant consent dialog.
  • Grant Types
    • Eligible OAuth grants that can be used with this client.
  • Redirect URIs
    • The URIs allowed in Authorization Code Grant requests to which the Ironclad authorization server will redirect the user's web browser after the user has authenticated and authorized the client application's access to protected resources.
    • When developing, "localhost" is a valid redirect URI.
  • Requested Resource Scopes
    • The resource scopes allowed in authorization or token requests for this client application. Requests can contain a subset of these allowable scopes if warranted.


Ironclad has multiple environments. The majority of our customers use the production environment and our EU customers use the production environment. We also have a demo environment.

Each of these environments operates independently. So a client application generated on will only be able to authorize users on that same environment. Additionally, client applications cannot be transferred from one environment to another. You will need to recreate the client applications on each environment.