Request access OAuth client registration is handled by the OnePageCRM team — request access to get credentials.
OAuth
Client registration
How to get OAuth client credentials while OAuth is in closed beta — what you receive, and the redirect URI rules.
Last updated Jul 11, 2026
Before your app can request tokens, it needs a client_id. While
OAuth is in closed beta, client registration is handled by the
OnePageCRM team — there is no self-service registration. To request
access, get in touch through the support page.
What you receive
client_id— the public identifier. Safe to embed in client code.client_secret— confidential clients only. Keep it in your server’s secret store, never in client code or source control. There is no self-serve recovery — if you lose it, contact the team.- Public clients get no secret.
client_idplus PKCE at authorization time is the whole model.
Redirect URI rules
Redirect URIs are matched exactly at authorization time — no wildcards, no prefix matching, no “close enough”. Register every URI you’ll use, including different ports and paths.
| Rule | Detail |
|---|---|
| Exact match | The redirect_uri in the authorization request must equal a registered URI character-for-character |
| Absolute | Relative URIs are rejected |
| No fragments | https://app.example.com/cb#section is rejected |
| HTTPS | Required, except http://localhost and http://127.0.0.1 loopback — any port, any path |
| Custom schemes | Not supported — myapp://callback is rejected. Native apps must use an http loopback redirect (http://localhost or http://127.0.0.1) or an https URL |
| Maximum | 20 redirect URIs per client |
What to read next
- Quickstart — go from credentials to your first token.
- Reference — every endpoint, parameter, scope, and error code.