Create an API Client

Endpoint URL: {registrationDomain} /clients/add


Add a new client to Registration. Once created, your new client will have access to the API, and if applicable, the UI. Default clients have no permissions, so you need to configure them in the dashboard, unless you add permissions using the features parameter.

The client_id and client_secret are generated by the Identity Cloud and included in the API response. This API call may only be made by the owner client.

Optionally, you may set the features for the client at the time of creation. The features that you can add are:

  • owner — Complete admin access.
  • access_issuer — Can issue access tokens for other clients.
  • direct_read_access — Has read access to all records.
  • direct_access — Has read and write access to all records.
  • login_client — This client has permission to use login and registration-based API endpoints.

For more information on these features, see the API Clients and Permissions topic.

Respects the API Client Allow List: Yes

API Client Permissions

The following table indicates the API clients that can (and the API clients that can't) be used to call this endpoint:



This endpoint supports Basic authentication. 

How to Create an Authentication String

Base URL

The base URL for this endpoint is your Identity Cloud Capture domain; for example:

Your Capture domains (also known as Registration domains) can be found in the Console on the Manage Application page:


Example Request

This command creates an API client that has the direct_read_access feature. This gives the client read-only access to user records.

curl -X POST \
  -H "Authorization: Basic c2dueXZ1czZwYzRqbTdraHIybmVxNWdzODlnYnIyZXE6d3Q0YzN1bjl3a2tjZnZ5a25xeDQ0eW5jNDc2YWZzNjg=" \
  --data-urlencode description='Client with direct read access'\
  --data-urlencode features='["direct_read_access"]' \

      Running this command in Postman

Query Parameters

descriptionstringYesString description of the client.
A JSON array of client features. If not included, the client will be created but will not have any features.


200 OK

Example Error Response

  "argument_name": "features",
  "request_id": "b83954jrg5hmc9kr",
  "code": 200,
  "error_description": "features was not valid for the following reason: superuser_owner is not a valid feature name",
  "error": "invalid_argument",
  "stat": "error"

Response Example (application/json)

  "features": [
  "description": "\"Client with direct read access\"",
  "client_id": "12345abcde12345abcde",
  "client_secret": "edcba54321edcba54321",
  "stat": "ok"

right to read user profile information) needed to complete the API call.