Skip to main content
POST
/
api
/
adm
/
identityServerClients
Create IdentityServer Client
curl --request POST \
  --url https://localhost:44371/api/adm/identityServerClients \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '{}'
{
  "success": true,
  "code": 200,
  "errorMessage": null,
  "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6"
}

Description

Creates a new IdentityServer4 client configuration for OAuth 2.0 and OpenID Connect authentication. The client must be configured with appropriate grant types, scopes, and redirect URIs based on application type (web app, SPA, mobile app, or machine-to-machine service).

Input

  • Body: model (IdentityServerClientCreateCommandRequest, required) — Client configuration including:
    • clientId (string, required) — Unique OAuth client identifier.
    • clientName (string, required) — Display name for the client.
    • clientSecrets (string[], optional) — Client secret values (hashed after creation).
    • allowedGrantTypes (string[], required) — OAuth grant types (e.g., client_credentials, authorization_code).
    • allowedScopes (string[], required) — Permitted scopes (e.g., AdminUI, Payment, openid, profile).
    • redirectUris (string[], optional) — Allowed redirect URIs for authorization code flow.
    • enabled (bool, optional) — Enable client (default: true).

Output

Returns a BaseCreateCommandResponse containing the ID of the newly created client.

Example Request

POST /api/admin/identityServerClients
Content-Type: application/json
Authorization: Bearer {token}

{
  "clientId": "payment.api.client",
  "clientName": "Payment API Client",
  "clientSecrets": ["sk_secret_value_here"],
  "allowedGrantTypes": ["client_credentials"],
  "allowedScopes": ["Payment"],
  "enabled": true
}

Example Response

{
  "success": true,
  "code": 200,
  "errorMessage": null,
  "id": "7bc94a21-8833-4d2f-a5e1-9f4b2d8c1e7a"
}

Errors

  • 400 Bad Request — Client ID already exists, invalid grant type, invalid redirect URI format, or missing required fields.
  • 404 Not Found — Referenced resources not found.

Notes

  • Client secrets are hashed and cannot be retrieved after creation; store securely.
  • Client ID must be unique across all IdentityServer clients.
  • Redirect URIs must be absolute URLs to prevent authorization code interception.
  • Public clients (SPAs, mobile apps) should use PKCE for enhanced security.
  • Configuration changes may require IdentityServer cache refresh.

Authorizations

Authorization
string
header
required

The access token received from the authorization server in the OAuth 2.0 flow.

Body

application/json

The client configuration details including client ID, secrets, scopes, and grant types.

Base structure for command requests that modify data. Represents the payload used to create an identity server client.

clientId
string
required

The public client identifier.

Maximum string length: 50
clientSecret
string
required

The client secret used for authentication.

Minimum string length: 1
companyId
string<guid>

The identifier of the company that owns the client.

companyProjectId
string<guid> | null

The identifier of the project associated with the client, if any.

description
string | null

The description of the client.

Response

Returns the ID of the newly created IdentityServer client.

Standard response structure containing operation status and error information. Standard command response indicating the result of a data modification. Create response containing the identifier of the newly created entity.

success
boolean

True if the operation completed successfully; false if an error occurred.

Example:

true

code
enum<string>

Result code indicating the outcome of the operation.

Available options:
Unknown,
Success,
BadRequest,
Unauthorized,
NotFound,
Error
Example:

200

errorMessage
string | null

Human-readable error message when an error occurs.

Example:

null

id
string<guid>

Unique identifier of the newly created entity.

Example:

"3fa85f64-5717-4562-b3fc-2c963f66afa6"