This feature allows marketplace partners to automatically create and manage OAuth applications for each customer company, removing the need for manual onboarding. In this article, you’ll learn when to use this functionality and how to get started with programmatic client registration.
Overview
Programmatic OAuth Client Registration enables eligible marketplace partners to create OAuth applications dynamically via API. Instead of requesting a new application manually for each customer, partners can automate the process, reducing setup time and improving scalability.
This functionality is based on Dynamic Client Registration, which allows secure and standardised creation of OAuth clients with predefined permissions.
When and why it should be used
Use this feature if:
- Your integration requires a separate OAuth application per customer company
- You want to avoid manual onboarding processes for each new client
- You need a scalable and automated way to manage OAuth credentials
This is especially useful for integrations where each customer must have isolated authentication credentials for security or configuration reasons.
How to use
-
Request access to the feature
Contact Factorial’s support or partnerships team to request access to programmatic OAuth client registration. -
Complete initial validation
Your integration will be reviewed to ensure it meets security and compliance requirements. -
Receive API credentials and permissions
Once approved, you will be granted access to the registration API with a scope-restricted set of permissions. -
Call the Dynamic Client Registration endpoint
Use the provided API to programmatically create a new OAuth client for each customer company. -
Store generated credentials securely
Save the client ID and client secret returned by the API in a secure environment. -
Use the OAuth client in your integration
Implement the OAuth flow using the generated credentials for each specific customer.
If access is denied when calling the registration API, ensure your integration has been approved and that you are using the correct API credentials.
If there are invalid or missing scopes, verify that your request includes only the scopes assigned during the validation process.
If credentials are not working in OAuth flow, confirm that the client ID and secret are correctly stored and used in the authentication process.
Tips and best practices
- Automate credential management: Store and rotate credentials securely using a secrets manager.
- Respect scope limitations: Only request the permissions your integration truly needs.
- Isolate customer data: Ensure each OAuth application is tied to a single company to maintain data separation.
- Monitor usage: Track API usage and authentication activity to detect anomalies early.
FAQ
-
Who can use programmatic OAuth client registration?
This feature is available to eligible marketplace integration partners. Approval is required before access is granted.
-
Do I still need to create OAuth apps manually?
No. Once enabled, you can create OAuth applications automatically via API.
-
Is this secure?
Yes. All clients are created with scope-restricted permissions and go through an initial validation process to ensure compliance with security standards.
-
Can I customise the permissions for each OAuth client?
Permissions are predefined and assigned during the approval process. If you need changes, contact the support team.