Request access OAuth client registration is handled by the OnePageCRM team — request access to get credentials.

OAuth

Client registration

How to get OAuth client credentials while OAuth is in closed beta — what you receive, and the redirect URI rules.

Last updated Jul 11, 2026

Before your app can request tokens, it needs a client_id. While OAuth is in closed beta, client registration is handled by the OnePageCRM team — there is no self-service registration. To request access, get in touch through the support page.

What you receive

  • client_id — the public identifier. Safe to embed in client code.
  • client_secret — confidential clients only. Keep it in your server’s secret store, never in client code or source control. There is no self-serve recovery — if you lose it, contact the team.
  • Public clients get no secret. client_id plus PKCE at authorization time is the whole model.

Redirect URI rules

Redirect URIs are matched exactly at authorization time — no wildcards, no prefix matching, no “close enough”. Register every URI you’ll use, including different ports and paths.

RuleDetail
Exact matchThe redirect_uri in the authorization request must equal a registered URI character-for-character
AbsoluteRelative URIs are rejected
No fragmentshttps://app.example.com/cb#section is rejected
HTTPSRequired, except http://localhost and http://127.0.0.1 loopback — any port, any path
Custom schemesNot supported — myapp://callback is rejected. Native apps must use an http loopback redirect (http://localhost or http://127.0.0.1) or an https URL
Maximum20 redirect URIs per client
  • Quickstart — go from credentials to your first token.
  • Reference — every endpoint, parameter, scope, and error code.