Managing Client IDs
The URL of the HID Authentication Service platform (see HID Authentication Service Platforms around the World)
Your tenant ID (the identifier of your tenant, starting with the letter "t", for example, t987198273d986w9869)
A bearer token (access token) obtained by authenticating a privileged user (Organization Administrator, Client ID M2M) through an authentication flow. You need an privileged user to have sufficient permissions to perform the actions in the following sections.
Using a bearer token from an non-privileged user / Client ID will result in 401 / 403 HTTP responses from the HID Authentication Service APIs.
For further information about tokens, see Enabling User Authentication.
Register a Client ID (or a Client ID for M2M)
The register endpoint is used to create Client IDs as follows:
-
Register the Client ID in the UG_CLIENTID group
-
Fetch the internal ID of the Client ID
-
Use the internal ID to assign the role RL_OPENIDCLIENT to the newly created Client ID
Each Client ID needs to be registered under the UG_CLIENTID group and assigned the RL_OPENIDCLIENT role.
The group allows the HID Authentication Service to filter Client IDs and the role is the only way for the Client ID to have sufficient permissions to perform end user authentication. Failing to assign the role to a Client ID will result in HTTP 401 or 403 errors upon end user authentication.
Client IDs with Passwords
To create a Client ID with a password, you need to call the register endpoint with the token_endpoint_auth_method set to client_secret_basic.
The HID Authentication Service will then register the Client ID and generate a password for you.
The following table provides an overview of the supported parameters:
| Parameter | Description |
|---|---|
|
|
Instructs the HID Authentication Service to create the Client ID under the UG_CLIENTID group |
|
|
A free field in which you can name your Client ID The name must be unique. and will NOT be the identifier of the Client ID, which will be generated by the HID Authentication Service |
|
|
Indicates through which default channel the Client ID needs to authenticate This parameter can be overwritten upon authentication If you do not know what to indicate here, keep CH_EXTRAPP |
|
|
The default authentication policies for Client IDs They can be set to AT_SYSLOG and AT_JWT |
|
|
The authentication policy for Client IDs with mTLS-based authentication It can be set to AT_EMPPKI |
|
|
Indicates through which default channel the Client ID needs to authenticate end users This parameter can be overwritten upon authentication If you do not know what to indicate here, keep CH_EXTRAPP |
|
|
The default authentication policy code to be used for end user (indirect user) authentication For the list of available policies you can use, see Authentication Policies in the HID Authentication Service. For example, if you want to use a simple password policy, set AT_STDPWD |
|
|
Defines the format for the CIBA callback response (if required) and the value can be set to either True or False To sign the id_token, set the value to False For further information about the CIBA callback response for signed and plain id_tokens, see Send the Push Notification |
|
|
Defines the encryption algorithm for the CIBA callback response (if required) The jwks (JSON Web Key Set) attribute must also be provided with the certificate as a key object to encrypt the signed id_tokens The currently supported algorithm is RSA-OAEP-256 |
You can specify the value for client_id attribute if you do not want the HID Authentication Service to generate it. However, the value you define must be unique.
It is not possible to define a password as an attribute for the Client ID as it is generated by the HID Authentication Service.
However, you can change the password afterward using the client_secret parameter.
You can optionally encrypt the signed id_token but you cannot encrypt the plain id_token.
The first step is to register the Client ID:
Sample request to register a client ID with a signed and encrypted id_token
POST https://[base-server-url]/{tenant}/authn/register HTTP/1.1
Authorization: Bearer YOUR_BEARER_TOKEN
Content-Type: "application/json"
{
"redirect_uris":[
"https://client.example.org",
"https://client2.example.org" ],
"client_name":"newclientid",
"token_endpoint_auth_method":"client_secret_basic",
"hid_client_channel":"CH_EXTRAPP",
"hid_client_pwd_policy":"AT_SYSLOG",
"hid_client_pki_policy":"AT_JWT",
"hid_user_channel":"CH_EXTRAPP",
"hid_user_authn_policy":"AT_STDPWD",
"hid_client_group":"UG_CLIENTID",
"hid_ciba_callback_format_plain": "false",
"id_token_encrypted_response_alg": "RSA-OAEP-256",
"jwks": {
"keys": [{
"use": "enc",
"kty": "RSA",
"x5t#S256": "",
"e": "AQAB",
"kid": "MyClientId",
"x5c": "MIIGNTDDBQ2gAwIUdGU11QTTUtTMzQ4LUNBMB(…......)7dlizqis0Fq0pLoWcEbLfiItWGw6AN8cA17HVpE1w"
}]
"hid_client_scopes":"{\"scopes\":[\"openid\",\"profile\"]}"
}use - encryption (enc)
kid - Key Id (CN)
kty - key type
e - public key exponent
x5c - full certificate chain, PEM format without the first and last line (BEGIN CERTIFICATE and END CERTIFICATE)
x5t#S256 - base64url-encoded SHA-256 thumbprint of the certificate
An example result:
"jwks": { "keys": [ { "use": "enc", "kty": "RSA", "x5t#S256": "ZFgddljlwertdjKzsDRla2chRcshc4NrWkYFrvoio", "e": "AQAB", "kid": "MyClientId", "x5c": "MIIGNTDDBQ2gAwIUdGU11QTTUtTMzQ4LUNBMB(…......)7dlizqis0Fq0pLoWcEbLfiItWGw6AN8cA17HVpE1w" }
The response mainly confirms the parameters that were indicated in the registration request, specifically:
-
client_id is the generated user ID (or externalId) for your Client ID and the most important attribute
It is used when authenticating your application with the HID Authentication Service
-
client_secret is the generated password for your Client ID
-
grant_types indicates the OpenID grant types that can be used with the Client ID
For further information about OpenID grant types and flows, see OpenID Authentication Flows
{
"grant_types":[
"client_credentials",
"password",
"authorization_code"
],
"hid_client_group":"UG_CLIENTID",
"registration_client_uri":"https:\/\/[base-server-url]\/tenant\/authn\/register\/655817402088574941876708488070484658763453311419",
"redirect_uris":[
"https:\/\/client.example.org",
"https:\/\/client2.example.org",
"http:\/\/localhost:8080\/samplesAuthorizationCode.html"
],
"hid_client_channel":"CH_EXTRAPP",
"token_endpoint_auth_method":"client_secret_basic",
"client_id":"655817402088574941876708488070484658763453311419",
"hid_client_pwd_policy":"AT_SYSLOG",
"hid_client_consentprompt":"false",
"hid_client_pki_policy":"AT_JWT",
"hid_client_scopes":"{\"scopes\":[\"openid\",\"profile\"]}",
"hid_user_channel":"CH_EXTRAPP",
"client_secret_expires_at":1725363585,
"hid_user_authn_policy":"AT_STDPWD",
"client_id_issued_at":1567683586,
"client_secret":"OpenID1567683585093",
"tls_client_certificate_bound_access_tokens":false,
"hid_ciba_callback_format_plain": "false",
"id_token_encrypted_response_alg": "RSA-OAEP-256",
"jwks": {
"keys": [ {
"use": "enc",
"kty": "RSA",
"x5t#S256": "ZFgddljljlaldjKzsHk1rja2chRcshc4NrWkYFrvoio",
"e": "AQAB",
"kid": "MyClientId",
"x5c": "MIIGNTCCBR2gAwIUdGU01QUUtTMzQ4LUNBMB(…......)7dlizqis0Fq0kLoWbEbLfiItUGw6AN8cA17HVpE1w"
}]
}
"client_name":"newclientid"
}The second step is to assign the RL_OPENIDCLIENT role to the Client ID. To do so, get the internal ID of the Client ID allowing to call the SCIM API endpoint to assign a role.
Sample request to search for a user using the externalId from the above response in the filter parameter:
POST https://[base-server-url]/scim/{tenant}/v2/Users/.search HTTP/1.1
Authorization: Bearer YOUR_BEARER_TOKEN
Content-Type: "application/scim+json"
{
"schemas":[ "urn:ietf:params:scim:api:messages:2.0:SearchRequest" ],
"filter":"externalId eq \"655817402088574941876708488070484658763453311419\"",
"sortBy":"id",
"sortOrder":"descending",
"startIndex":0,
"count":100
}The response is a multi-resource array where the externalId as the filter guarantees that only one result is returned.
For further information, see Internal IDs vs External IDs.
{
"schemas":["urn:ietf:params:scim:api:messages:2.0:ListResponse"],
"totalResults":1,
"resources":[
{
"schemas":[
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:hid:scim:api:idp:2.0:UserDevice",
"urn:hid:scim:api:idp:2.0:UserAttribute",
"urn:hid:scim:api:idp:2.0:UserAuthenticator"
],
"id":"11053",
"externalId":"655817402088574941876708488070484658763453311419" (...)
}
]
}The most important attribute returned is:
-
id which is the internal ID of the Client ID (in this example, 11053)
Finally, assign the role where the Client ID's internal ID is present as a path parameter in the URL.
POST https://[base-server-url]/scim/tenant/v2/Users/11053 HTTP/1.1
Authorization: Bearer YOUR_BEARER_TOKEN
Content-Type: "application/scim+json"
{
"schemas":[
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:hid:scim:api:idp:2.0:Attribute",
"urn:hid:scim:api:idp:2.0:UserDevice" ],
"externalId":"655817402088574941876708488070484658763453311419",
"roles":[
{ "value":"RL_OPENIDCLIENT" }
],
"groups":[
{ "value":"UG_CLIENTID" }
]
}The roles and groups parameters always need to be passed to the Users endpoint
If you do not pass them, an error will be returned by the HID Authentication Service
More importantly, if you pass an empty list of roles, the HID Authentication Service will unassign the roles which might already be assigned to the user
For information about the client authentication, see Client ID Authentication with a Password.
Client IDs with PKI Certificates
For PKI authentication, you need a public CA-signed certificate of any format (CER, DER, CRT or PEM).
This public certificate is sent to the HID Authentication Service that will store it. You can also send the JWKS encryption certificate along with this public certificate to create an encrypted id_token.
Each time the client ID needs to authenticate, the HID Authentication Service uses this certificate (public key) to verify a challenge.
To generate such a certificate:
openssl genrsa -out myClientID.private.key 2048
openssl req -new -key myClientID.private.key -out myClientID.csrThen send the CSR to your CA for them to provide you with a signed certificate (CRT, DER, PEM or CER file).
The method to create a Client ID with PKI is similar to Client IDs with passwords, but the token_endpoint_auth_method attribute must be set to private_key_jwt.
In addition, the jwks attribute must be provided with the certificate as a key object. This key object must be computed out of your certificate.
kid - the Key Id (CN)
kty - the key type
n - the public key modulo
e - the public key exponent
x5c - the full certificate chain, in PEM format without the first and last line (BEGIN CERTIFICATE and END CERTIFICATE)
x5t#S256 - the Base64URL-encoded SHA-256 thumbprint of the certificate.
The following is sample code to illustrate how to compute the values out of a certificate. The following operations should be performed in a secure environment (for example, server-side), and avoid relying on client browsers:
Convert the certificate file to the PEM format:
var certificatePEM = convertToPEM( certificate );Convert the certificate to a DER binary X509 format:
var certificateBinaryDER = convertToDERBinary( certificate );Modify the PEM to compute the x5c:
certificatePEM.removeNewLines();certificatePEM.remove( "-----BEGIN CERTIFICATE-----" );certificatePEM.remove( "-----END CERTIFICATE-----" );Read the following from the certificate:
kid = certificate.CN; kty = certificate.keyType; n = certificate.key.modulo; e = certificate.key.exponent;Read the x5c and thumbprint:
x5c = certificatePEM;The SHA256 thumbprint is computed out of the DER binary data:
x5t#256 = base64URLEncode( hashSHA256( certificateBinaryDER ) );
Sample result
"jwks":{
"keys":[
{
"kid":"myClientID",
"kty":"RSA",
"n":"tUKZxLQO720MBomWtfLvsn_b7k1-1e65ftd9sGqw5y_D_fu8IPtYrdJ2VJZOyDr4ObavKhT473Dq4UM5zPMRFgz5hTrwOkX9rVTSBDNhwMG9sywIFDMPo95qiQBYjjDHPq5s-mg3PveZduRAlm709PnzN_ybVmE8Nwfpf8Rbuv8eatb5BiBb5vOJWVheYtka_gvgvRj0Uq5b5uStI3cSthApziMHCBgzZKPeX6xZgwja3u4hp3SXGJ6MSvxFczC07ySY0yJ87-mC1VKGsG7hx9XcC01K4Ak9X47NAAUla8ZSIRsz-NnYApqQxj2A1SoZ9Q_Wq0gwtc5BKgTCRZoniw",
"e":"AQAB",
"x5c":[
"MIIDQTCCAikCCQDBaGyjlba/8TANBgkqhkiG9w0BAQsFADBeMQswCQYDVQQGEwJQTDEPMA0GA1UECAwGUE9MQU5EMQ8wDQYDVQQHDAZLUkFLT1cxDDAKBgNVBAoMA0hJRDENMAsGA1UECwwEQUFBUzEQMA4GA1UEAwwHUk9PVCBDQTAeFw0xOTA5MTMxMTI1MjBaFw0yMTAxMjUxMTI1MjBaMGcxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIDAVUZXhhczEPMA0GA1UEBwwGQXVzdGluMRMwEQYDVQQKDApISUQgR2xvYmFsMQ0wCwYDVQQLDARBYWFTMRMwEQYDVQQDDApteUNsaWVudElEMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtUKZxLQO720MBomWtfLvsn/b7k1+1e65ftd9sGqw5y/D/fu8IPtYrdJ2VJZOyDr4ObavKhT473Dq4UM5zPMRFgz5hTrwOkX9rVTSBDNhwMG9sywIFDMPo95qiQBYjjDHPq5s+mg3PveZduRAlm709PnzN/ybVmE8Nwfpf8Rbuv8eatb5BiBb5vOJWVheYtka/gvgvRj0Uq5b5uStI3cSthApziMHCBgzZKPeX6xZgwja3u4hp3SXGJ6MSvxFczC07ySY0yJ87+mC1VKGsG7hx9XcC01K4Ak9X47NAAUla8ZSIRsz+NnYApqQxj2A1SoZ9Q/Wq0gwtc5BKgTCRZoniwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBQ/k13HX8QOXly0B6wTlzlaWNv6fRqNK4FTTIUSjnq/t2tYhcrkru55buY1ICAZIvOUVkUMooKVclrmxV3brpxzKxfoYxqRQqDJI+AxDEUzGBaDS1HFRFdww9yVBvUYbJYpFKyklqv6YHPjwc3/suwtc18VcbZ80LiilNNXYKX7UTgfzwR6FWOFpzW44awYBI0PeDldob8KOst1sASTKIi9wCV+VrY1TchI0ZqTheHY6SbNjGxLOgOZYTO8k69zk0yR4LYsWpwYb8XWS0hIKT92vnn8NVQMVdYGYrJOHn/ckDi5TQaOx5oiXFFbaGeozOleWDLN8XTeq/vd4oM6Q+T" ],
"x5t#S256":"SgK6Nb36iJo_qSVaY3-mHnNXumYTTAYG1iJeVU0tCDY" }
]
}Sample request for Client IDs with PKI certificate and signed and encrypted id_token
POST https://[base-server-url]/{tenant}/authn/register HTTP/1.1
Authorization: Bearer YOUR_BEARER_TOKEN
Content-Type: "application/json"{
"redirect_uris":[
"https://client.example.org",
"https://client2.example.org" ],
"client_name":"myClientId",
"token_endpoint_auth_method":"private_key_jwt",
"hid_client_channel":"CH_EXTRAPP",
"hid_client_pwd_policy":"AT_SYSLOG",
"hid_client_pki_policy":"AT_JWT",
"hid_user_channel":"CH_EXTRAPP",
"hid_user_authn_policy":"AT_STDPWD",
"hid_sessiontransfer_type":"NUM001",
"hid_client_group":"UG_CLIENTID",
"hid_ciba_callback_format_plain": "false",
"id_token_encrypted_response_alg": "RSA-OAEP-256",
"jwks":{
"keys":[
{
"kid":"myClientID",
"kty":"RSA",
"n":"tUKZxLQO720MBomWtfLvsn_b7k1-1e65ftd9sGqw5y_D_fu8IPtYrdJ2VJZOyDr4ObavKhT473Dq4UM5zPMRFgz5hTrwOkX9rVTSBDNhwMG9sywIFDMPo95qiQBYjjDHPq5s-mg3PveZduRAlm709PnzN_ybVmE8Nwfpf8Rbuv8eatb5BiBb5vOJWVheYtka_gvgvRj0Uq5b5uStI3cSthApziMHCBgzZKPeX6xZgwja3u4hp3SXGJ6MSvxFczC07ySY0yJ87-mC1VKGsG7hx9XcC01K4Ak9X47NAAUla8ZSIRsz-NnYApqQxj2A1SoZ9Q_Wq0gwtc5BKgTCRZoniw",
"e":"AQAB",
"x5c":[
"MIIDQTCCAikCCQDBaGyjlba/8TANBgkqhkiG9w0BAQsFADBeMQswCQYDVQQGEwJQTDEPMA0GA1UECAwGUE9MQU5EMQ8wDQYDVQQHDAZLUkFLT1cxDDAKBgNVBAoMA0hJRDENMAsGA1UECwwEQUFBUzEQMA4GA1UEAwwHUk9PVCBDQTAeFw0xOTA5MTMxMTI1MjBaFw0yMTAxMjUxMTI1MjBaMGcxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIDAVUZXhhczEPMA0GA1UEBwwGQXVzdGluMRMwEQYDVQQKDApISUQgR2xvYmFsMQ0wCwYDVQQLDARBYWFTMRMwEQYDVQQDDApteUNsaWVudElEMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtUKZxLQO720MBomWtfLvsn/b7k1+1e65ftd9sGqw5y/D/fu8IPtYrdJ2VJZOyDr4ObavKhT473Dq4UM5zPMRFgz5hTrwOkX9rVTSBDNhwMG9sywIFDMPo95qiQBYjjDHPq5s+mg3PveZduRAlm709PnzN/ybVmE8Nwfpf8Rbuv8eatb5BiBb5vOJWVheYtka/gvgvRj0Uq5b5uStI3cSthApziMHCBgzZKPeX6xZgwja3u4hp3SXGJ6MSvxFczC07ySY0yJ87+mC1VKGsG7hx9XcC01K4Ak9X47NAAUla8ZSIRsz+NnYApqQxj2A1SoZ9Q/Wq0gwtc5BKgTCRZoniwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBQ/k13HX8QOXly0B6wTlzlaWNv6fRqNK4FTTIUSjnq/t2tYhcrkru55buY1ICAZIvOUVkUMooKVclrmxV3brpxzKxfoYxqRQqDJI+AxDEUzGBaDS1HFRFdww9yVBvUYbJYpFKyklqv6YHPjwc3/suwtc18VcbZ80LiilNNXYKX7UTgfzwR6FWOFpzW44awYBI0PeDldob8KOst1sASTKIi9wCV+VrY1TchI0ZqTheHY6SbNjGxLOgOZYTO8k69zk0yR4LYsWpwYb8XWS0hIKT92vnn8NVQMVdYGYrJOHn/ckDi5TQaOx5oiXFFbaGeozOleWDLN8XTeq/vd4oM6Q+T" ],
"x5t#S256":"SgK6Nb36iJo_qSVaY3-mHnNXumYTTAYG1iJeVU0tCDY" }
{
"use": "enc",
"kty": "RSA",
"x5t#S256": "",
"e": "AQAB",
"kid": "MyClientId",
"x5c": "MIIGNTDDBQ2gAwIUdGU11QTTUtTMzQ4LUNBMB(…......)7dlizqis0Fq0pLoWcEbLfiItWGw6AN8cA17HVpE1w"
}
]
}
}For information about the client authentication, see Client ID Authentication with JWT (PKI).
Client IDs for M2M
To create a Client ID for M2M, follow the same procedure as creating a Client ID, but assign the RL_CLIENTIDM2M role instead of RL_OPENIDCLIENT.
Retrieve a Client ID Configuration
While the Search and Users endpoints provide us with the basic data (externalId, internal ID, names, authenticators, devices ...), they do not provide configuration details for Client IDs.
To fetch these details, you need to use the Register endpoint.
The following request is for the configuration for the Client ID with the "23037978973074996612022322309357694048700176080" externalId.
GET https://[base-server-url]/{tenant}/authn/register/23037978973074996612022322309357694048700176080 HTTP/1.1
Authorization: Bearer YOUR_BEARER_TOKENThe response contains all the Client ID configuration attributes:
{
"hid_sessiontransfer_type": "NUM001",
"grant_types": [
"client_credentials",
"password",
"authorization_code" ],
"hid_refresh_token_validity": "3600",
"registration_client_uri": "https://[base-server-url]/{tenant}/authn/register/23037978973074996612022322309357694048700176080",
"redirect_uris": [
"https://client2.example.org",
"https://client.example.org" ],
"hid_client_channel": "CH_EXTRAPP",
"token_endpoint_auth_method": "client_secret_post",
"client_id": "23037978973074996612022322309357694048700176080",
"hid_client_pwd_policy": "AT_SYSLOG",
"hid_client_consentprompt": "false",
"hid_client_pki_policy": "AT_JWT",
"hid_client_scopes": "{\"scopes\":[\"openid\",\"profile\"]}",
"hid_user_channel": "CH_EXTRAPP",
"hid_user_authn_policy": "AT_STDPWD",
"client_id_issued_at": 1568193712,
"tls_client_certificate_bound_access_tokens": false,
"client_name": "mynewclient2"
}List All Client IDs
To list all Client IDs, perform a search on the UG_CLIENTID group:
POST https://[base-server-url]/scim/{tenant}/v2/Users/.search HTTP/1.1
Authorization: Bearer YOUR_BEARER_TOKEN
Content-Type: "application/scim+json"
{
"schemas":["urn:ietf:params:scim:api:messages:2.0:SearchRequest"],
"filter":"groups eq \"UG_CLIENTID\""
}Search for Client IDs
To search for Client IDs, simply use the same technique as described above but add filters by using the AND operator.
Make sure you filter on the group, or the result will contain Organization Administrators and end users.
-
Filter only simple Client IDs:
groups eq \"UG_CLIENTID\" and role eq \"RL_OPENIDCLIENT\"
-
Filter only M2M Client IDs:
groups eq \"UG_CLIENTID\" and role eq \"RL_CLIENTIDM2M\"
For further information, see Searching with the SCIM API.
Update a Client ID (or a Client ID for M2M)
The HID Authentication Service SCIM API is designed with a replacement approach when it comes to updates.
This means that omitting an attribute that was set on the user on an update request will simply remove/empty this attribute.
The recommended process to update a user is to first fetch the details of this user, and then modify the returned JSON.
To update the basic data of a Client ID (groups, roles, extra attributes), search for a Client ID and then reuse the JSON-based response by updating the required attributes.
To update the configuration of a Client ID, you need to use the OpenID Register endpoint with a PUT request, indicating the externalId of the Client ID in the client_id attribute. For further information about the attributes, see Register a Client ID.
You cannot update the hid_client_group attribute with the Register endpoint
Use the Users endpoint instead
The jwks attribute changes the Client ID's PKI credential (certificate-based)
If the Client ID does not have a PKI credential, it creates a new one with the authentication policy defined in the hid_client_pki_policy attribute
All the attributes of the request are optional, except client_id
Unlike the behavior with the Users endpoint, omitting them will not empty their existing values
PUT https://[base-server-url]/{tenant}/authn/register HTTP/1.1
Authorization: Bearer YOUR_BEARER_TOKEN
Content-Type: application/json
{
"redirect_uris":["https://www.myCustomRedirectURL.com"],
"client_name":"My new client ID name ",
"client_id":"186070539305161126850183514319657725837614882667",
"hid_client_channel":"CH_EXTRAPP",
"hid_client_pwd_policy":"AT_SYSLOG",
"hid_client_pki_policy":"AT_JWT",
"hid_user_channel":"CH_EXTRAPP",
"hid_user_authn_policy":"AT_STDPWD",
"hid_sessiontransfer_type":"NUM001",
"hid_client_scopes":"{\"scopes\":[\"openid\",\"profile\"]}",
"hid_federation_audiences":"",
"hid_federation_roles":"",
"hid_federation_atttype":""
}Delete a Client ID
To delete a Client ID, use a DELETE request with the Register endpoint, passing the externalId of the Client ID as a path parameter.
In this example, delete the Client ID with the 23037978973074996612022322309357694048700176080 externalId .
DELETE https://[base-server-url]/{tenant}/authn/register/23037978973074996612022322309357694048700176080 HTTP/1.1
Authorization: Bearer YOUR_BEARER_TOKEN
See also:
