Skip to content

OAuth 2.0

For services and applications, CloudOptify supports standard OAuth 2.0 flows.

Use a confidential client owned by your organization:

  1. In API Access → OAuth clients, create a client. Choose its allowed scopes.
  2. Copy the client ID and client secret — the secret is shown once.
  3. Exchange credentials for a token:
Terminal window
curl -X POST https://app.cloudoptify.com/oauth/token \
-d grant_type=client_credentials \
-d client_id=<client_id> \
-d client_secret=<client_secret>

The response contains an access_token to use as a Bearer token against /api/v1/*. Tokens carry the client’s allowed scopes (intersected with organization permissions).

Applications acting on behalf of a signed-in user — including AI agents — use the standard authorization-code flow with PKCE. Endpoints and capabilities are published in the discovery document:

https://app.cloudoptify.com/.well-known/oauth-authorization-server

Dynamic client registration is supported for this flow, so compatible clients can onboard without manual setup.

Tokens can be revoked at any time (RFC 7009 revocation endpoint, or from the API Access page). Deleting an OAuth client invalidates the credentials it issued.

You’re building… Use
A backend job or service Client credentials
An app where a user signs in Authorization code + PKCE
A quick script An API token is simpler