To initiate the OAuth flows, you must register an application in our authorization server. We currently do not offer a user interface that allows self-registration, so you need to contact our support team (firstname.lastname@example.org) to register your application.
The application registration requires the following information from you:
Organization Name: This represents the organization to which one or more applications belong. It usually represents your company and/or billing account.
Application Name: The user-friendly name that will be shown to end-users on the consent page.
API Plan: Each application must be registered under an API access plan. These plans define which group of entities and fields can be accessed. Later, when starting OAuth flows, the scope of the requests is limited to the permissions granted by each API plan. The complete information about API plans can be found in Pricing Model documentation.
Redirect URIs: The redirection endpoint URIs (separated by a comma) are used to validate the redirect URI provided during the request.
Here is an example of an application in the basic plan.
- Organization Name:
- Application Name:
ACME Basic Monitoring
- API Plan:
- Redirect URI:
Once we have received the above-mentioned information, Solytic will generate and provide the following information to you:
Api-Key: Unique access identifier for using the GraphQL API.
Client ID: Identifies your application in the authentication server.
Client Secret: Confidential info known only to your application and the authentication server.
It is beyond the scope of this documentation to determine how the application credentials (Client ID and Client Secret) should be secured on the client application. However, it is important to note that the Client Secret should never be exposed in client-side code or otherwise made publicly available. It should be kept on the server side and protected with appropriate security measures such as encryption and secure storage.
Additionally, it is recommended to regularly rotate the Client Secret to maintain the security of the OAuth flow.