Skip to content
Cloudflare API
Start here
API Reference

IAM

IAMPermission Groups

List Account Permission Groups
GET/accounts/{account_id}/iam/permission_groups
Permission Group Details
GET/accounts/{account_id}/iam/permission_groups/{permission_group_id}
ModelsExpand Collapse
PermissionGroupListResponse object { id, meta, name }

A named group of permissions that map to a group of operations against resources.

id: string

Identifier of the permission group.

meta: optional object { key, value }

Attributes associated to the permission group.

key: optional string
value: optional string
name: optional string

Name of the permission group.

PermissionGroupGetResponse object { id, meta, name }

A named group of permissions that map to a group of operations against resources.

id: string

Identifier of the permission group.

meta: optional object { key, value }

Attributes associated to the permission group.

key: optional string
value: optional string
name: optional string

Name of the permission group.

IAMResource Groups

List Resource Groups
GET/accounts/{account_id}/iam/resource_groups
Resource Group Details
GET/accounts/{account_id}/iam/resource_groups/{resource_group_id}
Create Resource Group
POST/accounts/{account_id}/iam/resource_groups
Update Resource Group
PUT/accounts/{account_id}/iam/resource_groups/{resource_group_id}
Remove Resource Group
DELETE/accounts/{account_id}/iam/resource_groups/{resource_group_id}
ModelsExpand Collapse
ResourceGroupListResponse object { id, scope, meta, name }

A group of scoped resources.

id: string

Identifier of the resource group.

scope: array of object { key, objects }

The scope associated to the resource group

key: string

This is a combination of pre-defined resource name and identifier (like Account ID etc.)

objects: array of object { key }

A list of scope objects for additional context.

key: string

This is a combination of pre-defined resource name and identifier (like Zone ID etc.)

meta: optional object { key, value }

Attributes associated to the resource group.

key: optional string
value: optional string
name: optional string

Name of the resource group.

ResourceGroupGetResponse object { id, scope, meta, name }

A group of scoped resources.

id: string

Identifier of the resource group.

scope: array of object { key, objects }

The scope associated to the resource group

key: string

This is a combination of pre-defined resource name and identifier (like Account ID etc.)

objects: array of object { key }

A list of scope objects for additional context.

key: string

This is a combination of pre-defined resource name and identifier (like Zone ID etc.)

meta: optional object { key, value }

Attributes associated to the resource group.

key: optional string
value: optional string
name: optional string

Name of the resource group.

ResourceGroupCreateResponse object { id, scope, meta, name }

A group of scoped resources.

id: string

Identifier of the resource group.

scope: array of object { key, objects }

The scope associated to the resource group

key: string

This is a combination of pre-defined resource name and identifier (like Account ID etc.)

objects: array of object { key }

A list of scope objects for additional context.

key: string

This is a combination of pre-defined resource name and identifier (like Zone ID etc.)

meta: optional object { key, value }

Attributes associated to the resource group.

key: optional string
value: optional string
name: optional string

Name of the resource group.

ResourceGroupUpdateResponse object { id, scope, meta, name }

A group of scoped resources.

id: string

Identifier of the resource group.

scope: array of object { key, objects }

The scope associated to the resource group

key: string

This is a combination of pre-defined resource name and identifier (like Account ID etc.)

objects: array of object { key }

A list of scope objects for additional context.

key: string

This is a combination of pre-defined resource name and identifier (like Zone ID etc.)

meta: optional object { key, value }

Attributes associated to the resource group.

key: optional string
value: optional string
name: optional string

Name of the resource group.

ResourceGroupDeleteResponse object { id }
id: string

Identifier

maxLength32
minLength32

IAMUser Groups

List User Groups
GET/accounts/{account_id}/iam/user_groups
User Group Details
GET/accounts/{account_id}/iam/user_groups/{user_group_id}
Create User Group
POST/accounts/{account_id}/iam/user_groups
Update User Group
PUT/accounts/{account_id}/iam/user_groups/{user_group_id}
Remove User Group
DELETE/accounts/{account_id}/iam/user_groups/{user_group_id}
ModelsExpand Collapse
UserGroupListResponse object { id, created_on, modified_on, 2 more }

A group of policies resources.

id: string

User Group identifier tag.

maxLength32
minLength32
created_on: string

Timestamp for the creation of the user group

formatdate-time
modified_on: string

Last time the user group was modified.

formatdate-time
name: string

Name of the user group.

policies: optional array of object { id, access, permission_groups, resource_groups }

Policies attached to the User group

id: optional string

Policy identifier.

access: optional "allow" or "deny"

Allow or deny operations against the resources.

One of the following:
"allow"
"deny"
permission_groups: optional array of object { id, meta, name }

A set of permission groups that are specified to the policy.

id: string

Identifier of the permission group.

meta: optional object { key, value }

Attributes associated to the permission group.

key: optional string
value: optional string
name: optional string

Name of the permission group.

resource_groups: optional array of object { id, scope, meta, name }

A list of resource groups that the policy applies to.

id: string

Identifier of the resource group.

scope: array of object { key, objects }

The scope associated to the resource group

key: string

This is a combination of pre-defined resource name and identifier (like Account ID etc.)

objects: array of object { key }

A list of scope objects for additional context.

key: string

This is a combination of pre-defined resource name and identifier (like Zone ID etc.)

meta: optional object { key, value }

Attributes associated to the resource group.

key: optional string
value: optional string
name: optional string

Name of the resource group.

UserGroupGetResponse object { id, created_on, modified_on, 2 more }

A group of policies resources.

id: string

User Group identifier tag.

maxLength32
minLength32
created_on: string

Timestamp for the creation of the user group

formatdate-time
modified_on: string

Last time the user group was modified.

formatdate-time
name: string

Name of the user group.

policies: optional array of object { id, access, permission_groups, resource_groups }

Policies attached to the User group

id: optional string

Policy identifier.

access: optional "allow" or "deny"

Allow or deny operations against the resources.

One of the following:
"allow"
"deny"
permission_groups: optional array of object { id, meta, name }

A set of permission groups that are specified to the policy.

id: string

Identifier of the permission group.

meta: optional object { key, value }

Attributes associated to the permission group.

key: optional string
value: optional string
name: optional string

Name of the permission group.

resource_groups: optional array of object { id, scope, meta, name }

A list of resource groups that the policy applies to.

id: string

Identifier of the resource group.

scope: array of object { key, objects }

The scope associated to the resource group

key: string

This is a combination of pre-defined resource name and identifier (like Account ID etc.)

objects: array of object { key }

A list of scope objects for additional context.

key: string

This is a combination of pre-defined resource name and identifier (like Zone ID etc.)

meta: optional object { key, value }

Attributes associated to the resource group.

key: optional string
value: optional string
name: optional string

Name of the resource group.

UserGroupCreateResponse object { id, created_on, modified_on, 2 more }

A group of policies resources.

id: string

User Group identifier tag.

maxLength32
minLength32
created_on: string

Timestamp for the creation of the user group

formatdate-time
modified_on: string

Last time the user group was modified.

formatdate-time
name: string

Name of the user group.

policies: optional array of object { id, access, permission_groups, resource_groups }

Policies attached to the User group

id: optional string

Policy identifier.

access: optional "allow" or "deny"

Allow or deny operations against the resources.

One of the following:
"allow"
"deny"
permission_groups: optional array of object { id, meta, name }

A set of permission groups that are specified to the policy.

id: string

Identifier of the permission group.

meta: optional object { key, value }

Attributes associated to the permission group.

key: optional string
value: optional string
name: optional string

Name of the permission group.

resource_groups: optional array of object { id, scope, meta, name }

A list of resource groups that the policy applies to.

id: string

Identifier of the resource group.

scope: array of object { key, objects }

The scope associated to the resource group

key: string

This is a combination of pre-defined resource name and identifier (like Account ID etc.)

objects: array of object { key }

A list of scope objects for additional context.

key: string

This is a combination of pre-defined resource name and identifier (like Zone ID etc.)

meta: optional object { key, value }

Attributes associated to the resource group.

key: optional string
value: optional string
name: optional string

Name of the resource group.

UserGroupUpdateResponse object { id, created_on, modified_on, 2 more }

A group of policies resources.

id: string

User Group identifier tag.

maxLength32
minLength32
created_on: string

Timestamp for the creation of the user group

formatdate-time
modified_on: string

Last time the user group was modified.

formatdate-time
name: string

Name of the user group.

policies: optional array of object { id, access, permission_groups, resource_groups }

Policies attached to the User group

id: optional string

Policy identifier.

access: optional "allow" or "deny"

Allow or deny operations against the resources.

One of the following:
"allow"
"deny"
permission_groups: optional array of object { id, meta, name }

A set of permission groups that are specified to the policy.

id: string

Identifier of the permission group.

meta: optional object { key, value }

Attributes associated to the permission group.

key: optional string
value: optional string
name: optional string

Name of the permission group.

resource_groups: optional array of object { id, scope, meta, name }

A list of resource groups that the policy applies to.

id: string

Identifier of the resource group.

scope: array of object { key, objects }

The scope associated to the resource group

key: string

This is a combination of pre-defined resource name and identifier (like Account ID etc.)

objects: array of object { key }

A list of scope objects for additional context.

key: string

This is a combination of pre-defined resource name and identifier (like Zone ID etc.)

meta: optional object { key, value }

Attributes associated to the resource group.

key: optional string
value: optional string
name: optional string

Name of the resource group.

UserGroupDeleteResponse object { id }
id: string

Identifier

maxLength32
minLength32

IAMUser GroupsMembers

List User Group Members
GET/accounts/{account_id}/iam/user_groups/{user_group_id}/members
Get User Group Member
GET/accounts/{account_id}/iam/user_groups/{user_group_id}/members/{member_id}
Add User Group Members
POST/accounts/{account_id}/iam/user_groups/{user_group_id}/members
Update User Group Members
PUT/accounts/{account_id}/iam/user_groups/{user_group_id}/members
Remove User Group Member
DELETE/accounts/{account_id}/iam/user_groups/{user_group_id}/members/{member_id}
ModelsExpand Collapse
MemberListResponse object { id, email, status }

Member attached to a User Group.

id: string

Account member identifier.

email: optional string

The contact email address of the user.

maxLength90
status: optional "accepted" or "pending"

The member’s status in the account.

One of the following:
"accepted"
"pending"
MemberGetResponse object { id, created_at, email, 2 more }

Detailed member information for a User Group member.

id: string

Account member identifier.

created_at: optional string

When the member was added to the user group.

formatdate-time
email: optional string

The contact email address of the user.

maxLength90
status: optional "accepted" or "pending"

The member’s status in the account.

One of the following:
"accepted"
"pending"
user: optional object { id, email, first_name, last_name }

Details of the user associated with this membership.

id: optional string

User identifier tag.

email: optional string

The contact email address of the user.

maxLength90
first_name: optional string

User’s first name.

last_name: optional string

User’s last name.

MemberCreateResponse object { id, email, status }

Member attached to a User Group.

id: string

Account member identifier.

email: optional string

The contact email address of the user.

maxLength90
status: optional "accepted" or "pending"

The member’s status in the account.

One of the following:
"accepted"
"pending"
MemberUpdateResponse object { id, email, status }

Member attached to a User Group.

id: string

Account member identifier.

email: optional string

The contact email address of the user.

maxLength90
status: optional "accepted" or "pending"

The member’s status in the account.

One of the following:
"accepted"
"pending"
MemberDeleteResponse object { id, email, status }

Member attached to a User Group.

id: string

Account member identifier.

email: optional string

The contact email address of the user.

maxLength90
status: optional "accepted" or "pending"

The member’s status in the account.

One of the following:
"accepted"
"pending"

IAMSSO

Get all SSO connectors
GET/accounts/{account_id}/sso_connectors
Get single SSO connector
GET/accounts/{account_id}/sso_connectors/{sso_connector_id}
Initialize new SSO connector
POST/accounts/{account_id}/sso_connectors
Update SSO connector state
PATCH/accounts/{account_id}/sso_connectors/{sso_connector_id}
Delete SSO connector
DELETE/accounts/{account_id}/sso_connectors/{sso_connector_id}
Begin SSO connector verification
POST/accounts/{account_id}/sso_connectors/{sso_connector_id}/begin_verification
ModelsExpand Collapse
SSOListResponse object { id, created_on, email_domain, 4 more }
id: optional string

SSO Connector identifier tag.

maxLength32
minLength32
created_on: optional string

Timestamp for the creation of the SSO connector

formatdate-time
email_domain: optional string
enabled: optional boolean
updated_on: optional string

Timestamp for the last update of the SSO connector

formatdate-time
use_fedramp_language: optional boolean

Controls the display of FedRAMP language to the user during SSO login

verification: optional object { code, status }
code: optional string

DNS verification code. Add this entire string to the DNS TXT record of the email domain to validate ownership.

status: optional "awaiting" or "pending" or "failed" or "verified"

The status of the verification code from the verification process.

One of the following:
"awaiting"
"pending"
"failed"
"verified"
SSOGetResponse object { id, created_on, email_domain, 4 more }
id: optional string

SSO Connector identifier tag.

maxLength32
minLength32
created_on: optional string

Timestamp for the creation of the SSO connector

formatdate-time
email_domain: optional string
enabled: optional boolean
updated_on: optional string

Timestamp for the last update of the SSO connector

formatdate-time
use_fedramp_language: optional boolean

Controls the display of FedRAMP language to the user during SSO login

verification: optional object { code, status }
code: optional string

DNS verification code. Add this entire string to the DNS TXT record of the email domain to validate ownership.

status: optional "awaiting" or "pending" or "failed" or "verified"

The status of the verification code from the verification process.

One of the following:
"awaiting"
"pending"
"failed"
"verified"
SSOCreateResponse object { id, created_on, email_domain, 4 more }
id: optional string

SSO Connector identifier tag.

maxLength32
minLength32
created_on: optional string

Timestamp for the creation of the SSO connector

formatdate-time
email_domain: optional string
enabled: optional boolean
updated_on: optional string

Timestamp for the last update of the SSO connector

formatdate-time
use_fedramp_language: optional boolean

Controls the display of FedRAMP language to the user during SSO login

verification: optional object { code, status }
code: optional string

DNS verification code. Add this entire string to the DNS TXT record of the email domain to validate ownership.

status: optional "awaiting" or "pending" or "failed" or "verified"

The status of the verification code from the verification process.

One of the following:
"awaiting"
"pending"
"failed"
"verified"
SSOUpdateResponse object { id, created_on, email_domain, 4 more }
id: optional string

SSO Connector identifier tag.

maxLength32
minLength32
created_on: optional string

Timestamp for the creation of the SSO connector

formatdate-time
email_domain: optional string
enabled: optional boolean
updated_on: optional string

Timestamp for the last update of the SSO connector

formatdate-time
use_fedramp_language: optional boolean

Controls the display of FedRAMP language to the user during SSO login

verification: optional object { code, status }
code: optional string

DNS verification code. Add this entire string to the DNS TXT record of the email domain to validate ownership.

status: optional "awaiting" or "pending" or "failed" or "verified"

The status of the verification code from the verification process.

One of the following:
"awaiting"
"pending"
"failed"
"verified"
SSODeleteResponse object { id }
id: string

Identifier

maxLength32
minLength32
SSOBeginVerificationResponse object { errors, messages, success }
errors: array of object { code, message, documentation_url, source }
code: number
minimum1000
message: string
documentation_url: optional string
source: optional object { pointer }
pointer: optional string
messages: array of object { code, message, documentation_url, source }
code: number
minimum1000
message: string
documentation_url: optional string
source: optional object { pointer }
pointer: optional string
success: true

Whether the API call was successful.

IAMOAuth Clients

List OAuth Clients
GET/accounts/{account_id}/oauth_clients
OAuth Client Details
GET/accounts/{account_id}/oauth_clients/{oauth_client_id}
Create OAuth Client
POST/accounts/{account_id}/oauth_clients
Update OAuth Client
PATCH/accounts/{account_id}/oauth_clients/{oauth_client_id}
Delete OAuth Client
DELETE/accounts/{account_id}/oauth_clients/{oauth_client_id}
Rotate OAuth Client Secret
POST/accounts/{account_id}/oauth_clients/{oauth_client_id}/rotate_secret
Delete Rotated OAuth Client Secret
DELETE/accounts/{account_id}/oauth_clients/{oauth_client_id}/rotate_secret
ModelsExpand Collapse
OAuthClientListResponse object { client_id, visibility, allowed_cors_origins, 16 more }

Fields shared by OAuth client responses and create/update requests.

client_id: string

The unique identifier for an OAuth client.

visibility: "public" or "private"

Visibility of the OAuth client.

One of the following:
"public"
"private"
allowed_cors_origins: optional array of string

Array of allowed CORS origins.

client_name: optional string

Human-readable name of the OAuth client.

client_uri: optional string

URL of the home page of the client.

client_uri_verification: optional object { status, text }

Client URI domain control verification state.

status: optional "pending" or "in_progress" or "verified" or "failed"

Current verification status for the client URI host.

One of the following:
"pending"
"in_progress"
"verified"
"failed"
text: optional string

Exact TXT record value that must be added to DNS to prove ownership of the client URI host.

created_at: optional string

Timestamp when the OAuth client was created.

formatdate-time
grant_types: optional array of "authorization_code" or "refresh_token"

Array of OAuth grant types the client is allowed to use. authorization_code is required; refresh_token may be included optionally.

One of the following:
"authorization_code"
"refresh_token"
has_rotated_secret: optional boolean

Indicates whether the client has a rotated secret that has not yet been deleted.

logo_uri: optional string

URL of the client’s logo.

policy_uri: optional string

URL that points to a privacy policy document.

post_logout_redirect_uris: optional array of string

Array of allowed post-logout redirect URIs.

redirect_uris: optional array of string

Array of allowed redirect URIs for the client.

response_types: optional array of "token" or "id_token" or "code"

Array of OAuth response types the client is allowed to use.

One of the following:
"token"
"id_token"
"code"
scopes: optional array of string

Array of OAuth scopes the client is allowed to request. Colon-delimited scopes are not accepted. Dot-delimited scopes are validated against available OAuth API scopes; simple identity scopes are allowed. Protocol scopes offline_access and openid are added or removed automatically based on grant_types and response_types.

token_endpoint_auth_method: optional "none" or "client_secret_basic" or "client_secret_post"

The authentication method the client uses at the token endpoint.

One of the following:
"none"
"client_secret_basic"
"client_secret_post"
tos_uri: optional string

URL that points to a terms of service document.

updated_at: optional string

Timestamp when the OAuth client was last updated.

formatdate-time
OAuthClientGetResponse object { client_id, visibility, allowed_cors_origins, 16 more }

Fields shared by OAuth client responses and create/update requests.

client_id: string

The unique identifier for an OAuth client.

visibility: "public" or "private"

Visibility of the OAuth client.

One of the following:
"public"
"private"
allowed_cors_origins: optional array of string

Array of allowed CORS origins.

client_name: optional string

Human-readable name of the OAuth client.

client_uri: optional string

URL of the home page of the client.

client_uri_verification: optional object { status, text }

Client URI domain control verification state.

status: optional "pending" or "in_progress" or "verified" or "failed"

Current verification status for the client URI host.

One of the following:
"pending"
"in_progress"
"verified"
"failed"
text: optional string

Exact TXT record value that must be added to DNS to prove ownership of the client URI host.

created_at: optional string

Timestamp when the OAuth client was created.

formatdate-time
grant_types: optional array of "authorization_code" or "refresh_token"

Array of OAuth grant types the client is allowed to use. authorization_code is required; refresh_token may be included optionally.

One of the following:
"authorization_code"
"refresh_token"
has_rotated_secret: optional boolean

Indicates whether the client has a rotated secret that has not yet been deleted.

logo_uri: optional string

URL of the client’s logo.

policy_uri: optional string

URL that points to a privacy policy document.

post_logout_redirect_uris: optional array of string

Array of allowed post-logout redirect URIs.

redirect_uris: optional array of string

Array of allowed redirect URIs for the client.

response_types: optional array of "token" or "id_token" or "code"

Array of OAuth response types the client is allowed to use.

One of the following:
"token"
"id_token"
"code"
scopes: optional array of string

Array of OAuth scopes the client is allowed to request. Colon-delimited scopes are not accepted. Dot-delimited scopes are validated against available OAuth API scopes; simple identity scopes are allowed. Protocol scopes offline_access and openid are added or removed automatically based on grant_types and response_types.

token_endpoint_auth_method: optional "none" or "client_secret_basic" or "client_secret_post"

The authentication method the client uses at the token endpoint.

One of the following:
"none"
"client_secret_basic"
"client_secret_post"
tos_uri: optional string

URL that points to a terms of service document.

updated_at: optional string

Timestamp when the OAuth client was last updated.

formatdate-time
OAuthClientCreateResponse object { client_id, visibility, allowed_cors_origins, 17 more }

Fields shared by OAuth client responses and create/update requests.

client_id: string

The unique identifier for an OAuth client.

visibility: "public" or "private"

Visibility of the OAuth client.

One of the following:
"public"
"private"
allowed_cors_origins: optional array of string

Array of allowed CORS origins.

client_name: optional string

Human-readable name of the OAuth client.

client_secret: optional string

The client secret. This is the only time the secret is returned in a response.

client_uri: optional string

URL of the home page of the client.

client_uri_verification: optional object { status, text }

Client URI domain control verification state.

status: optional "pending" or "in_progress" or "verified" or "failed"

Current verification status for the client URI host.

One of the following:
"pending"
"in_progress"
"verified"
"failed"
text: optional string

Exact TXT record value that must be added to DNS to prove ownership of the client URI host.

created_at: optional string

Timestamp when the OAuth client was created.

formatdate-time
grant_types: optional array of "authorization_code" or "refresh_token"

Array of OAuth grant types the client is allowed to use. authorization_code is required; refresh_token may be included optionally.

One of the following:
"authorization_code"
"refresh_token"
has_rotated_secret: optional boolean

Indicates whether the client has a rotated secret that has not yet been deleted.

logo_uri: optional string

URL of the client’s logo.

policy_uri: optional string

URL that points to a privacy policy document.

post_logout_redirect_uris: optional array of string

Array of allowed post-logout redirect URIs.

redirect_uris: optional array of string

Array of allowed redirect URIs for the client.

response_types: optional array of "token" or "id_token" or "code"

Array of OAuth response types the client is allowed to use.

One of the following:
"token"
"id_token"
"code"
scopes: optional array of string

Array of OAuth scopes the client is allowed to request. Colon-delimited scopes are not accepted. Dot-delimited scopes are validated against available OAuth API scopes; simple identity scopes are allowed. Protocol scopes offline_access and openid are added or removed automatically based on grant_types and response_types.

token_endpoint_auth_method: optional "none" or "client_secret_basic" or "client_secret_post"

The authentication method the client uses at the token endpoint.

One of the following:
"none"
"client_secret_basic"
"client_secret_post"
tos_uri: optional string

URL that points to a terms of service document.

updated_at: optional string

Timestamp when the OAuth client was last updated.

formatdate-time
OAuthClientUpdateResponse object { client_id, visibility, allowed_cors_origins, 16 more }

Fields shared by OAuth client responses and create/update requests.

client_id: string

The unique identifier for an OAuth client.

visibility: "public" or "private"

Visibility of the OAuth client.

One of the following:
"public"
"private"
allowed_cors_origins: optional array of string

Array of allowed CORS origins.

client_name: optional string

Human-readable name of the OAuth client.

client_uri: optional string

URL of the home page of the client.

client_uri_verification: optional object { status, text }

Client URI domain control verification state.

status: optional "pending" or "in_progress" or "verified" or "failed"

Current verification status for the client URI host.

One of the following:
"pending"
"in_progress"
"verified"
"failed"
text: optional string

Exact TXT record value that must be added to DNS to prove ownership of the client URI host.

created_at: optional string

Timestamp when the OAuth client was created.

formatdate-time
grant_types: optional array of "authorization_code" or "refresh_token"

Array of OAuth grant types the client is allowed to use. authorization_code is required; refresh_token may be included optionally.

One of the following:
"authorization_code"
"refresh_token"
has_rotated_secret: optional boolean

Indicates whether the client has a rotated secret that has not yet been deleted.

logo_uri: optional string

URL of the client’s logo.

policy_uri: optional string

URL that points to a privacy policy document.

post_logout_redirect_uris: optional array of string

Array of allowed post-logout redirect URIs.

redirect_uris: optional array of string

Array of allowed redirect URIs for the client.

response_types: optional array of "token" or "id_token" or "code"

Array of OAuth response types the client is allowed to use.

One of the following:
"token"
"id_token"
"code"
scopes: optional array of string

Array of OAuth scopes the client is allowed to request. Colon-delimited scopes are not accepted. Dot-delimited scopes are validated against available OAuth API scopes; simple identity scopes are allowed. Protocol scopes offline_access and openid are added or removed automatically based on grant_types and response_types.

token_endpoint_auth_method: optional "none" or "client_secret_basic" or "client_secret_post"

The authentication method the client uses at the token endpoint.

One of the following:
"none"
"client_secret_basic"
"client_secret_post"
tos_uri: optional string

URL that points to a terms of service document.

updated_at: optional string

Timestamp when the OAuth client was last updated.

formatdate-time
OAuthClientDeleteResponse object { id }
id: string

Identifier

maxLength32
minLength32
OAuthClientRotateSecretResponse object { client_secret }
client_secret: optional string

The new client secret.

OAuthClientDeleteRotatedSecretResponse object { id }
id: string

Identifier

maxLength32
minLength32

IAMOAuth Scopes

List OAuth Scopes
GET/oauth/scopes
ModelsExpand Collapse
OAuthScopeListResponse object { id, name, category, scopes }

An available OAuth scope that can be assigned to an OAuth client.

id: string

The scope label to use in the scopes array when creating or updating an OAuth client.

name: string

Human-readable name of the OAuth scope.

category: optional string

Category for grouping scopes in the UI.

scopes: optional array of string

The underlying resource scopes (Bach scopes) that define which resources this OAuth scope can act upon.