Registering your client application

In order to get started, you must first register your application with Drillster. This sounds like a lot of work, but in reality it isn’t. All you need to do is think of a name for your application or project, and provide a redirection URI, which is the page of your client application where the user is sent to after authentication and authorization, and is explained later in this document.

What registering does, is assign a client ID and a client secret to your application. These codes look something like this:

Client ID: 874a16d4ac764ce4a545f0cca4584c63
Client secret: 5782b2e7532b48b5a0798f2ad6644614

The client ID uniquely identifies your application or project in the Drillster system. The client ID is not a secret. In fact, it is included in some of the authentication steps in plain sight of the user.

The client secret is, unsurprisingly, a secret. It should only be known to the application developer, and serves as proof that the holder of the secret is in control of the application that is identified by the client ID.

Drillster currently only supports confidential clients. As defined by the OAuth specification, these are clients that are capable of maintaining the confidentiality of their credentials (client secret), typically clients implemented on a secure server. Clients that don't classify as confidential are called public clients, and can currently not use the Drillster API. Public clients are clients that cannot maintain the confidentiality of their credentials, e.g. clients executing on the device used by the user, such as a native app, or a JavaScript application.