Registering your client application

In order to get started, you must first register your application with Drillster. This sounds like a lot of work, but in reality it isn’t. All you need to do is think of a name for your application or project, and add an optional icon and description.

Submit new app

What registering does, is assign a client ID to your application. A client ID looks something like this:

874a16d4ac764ce4a545f0cca4584c63

The client ID uniquely identifies your application or project in the Drillster system. The client ID is not a secret. In fact, it is included in some of the authentication steps in plain sight of the user.

Adding client secrets

For most API integrations, most notably those using the JWT authorization grant it is required that the client is able to authenticate itself, and for that purpose a client secret must be added for the client ID.

In the client application details screen there is a button to add a secret to your registered application:

App details

Clicking this button generates a new client secret and displays it. This is your only chance to copy the newly created secret. Drillster does not store the secret itself, which means that if you lose the value a new secret will have to be generated. It is your responsibility to keep the secret secure.

Add new secret

Secrets are identified with their secret ID. Multiple client secrets may be used at the same time. An individual secret may be deleted by clicking on the trash can icon in the list of available client secrets. Deleting a client secret will make it unavailable immediately, meaning that it can no longer be used to request access tokens. Existing OAuth access tokens that are still valid are not impacted by the deletion of a client secret.

List secrets

Client secrets should only be used for what the OAuth specification calls confidential clients. These are clients that are capable of maintaining the confidentiality of their credentials (e.g. the client secret), typically clients implemented on a secure server. Clients that do not classify as confidential are called public clients, and can currently not use the Drillster REST APIs. Public clients are clients that cannot maintain the confidentiality of their credentials, e.g. clients executing on the device used by the user, such as a native app, or a JavaScript application.

See also:

 

Last updated on