---
title: "Client registration"
description: "How to get OAuth client credentials while OAuth is in closed beta — what you receive, and the redirect URI rules."
canonical_url: https://developer.onepagecrm.com/oauth/registration/
source: Markdown mirror of https://developer.onepagecrm.com/oauth/registration/
---

Before your app can request tokens, it needs a `client_id`. While
OAuth is in closed beta, client registration is handled by the
OnePageCRM team — there is no self-service registration. To request
access, get in touch through the [support page](/support/).

## What you receive

- **`client_id`** — the public identifier. Safe to embed in client
  code.
- **`client_secret`** — confidential clients only. Keep it in your
  server's secret store, never in client code or source control. There
  is no self-serve recovery — if you lose it, contact the team.
- **Public clients get no secret.** `client_id` plus
  [PKCE](/oauth/quickstart/) at authorization time is the whole model.

## Redirect URI rules

Redirect URIs are matched **exactly** at authorization time — no
wildcards, no prefix matching, no "close enough". Register every URI
you'll use, including different ports and paths.

| Rule | Detail |
|------|--------|
| Exact match | The `redirect_uri` in the authorization request must equal a registered URI character-for-character |
| Absolute | Relative URIs are rejected |
| No fragments | `https://app.example.com/cb#section` is rejected |
| HTTPS | Required, except `http://localhost` and `http://127.0.0.1` loopback — any port, any path |
| Custom schemes | Not supported — `myapp://callback` is rejected. Native apps must use an http loopback redirect (`http://localhost` or `http://127.0.0.1`) or an https URL |
| Maximum | 20 redirect URIs per client |

## What to read next

- **[Quickstart](/oauth/quickstart/)** — go from credentials to your first token.
- **[Reference](/oauth/reference/)** — every endpoint, parameter, scope, and error code.
