Creating an application

Open the OAuth2 applications page from your account dashboard and create a new application.

Each application represents one OAuth2 client.

After giving it a name, your application will be created and you will have access to this editor:

Application identity

The editor lets you see:

• Application ID
• Application Secret

and edit:

• Description

Application metadata

In the editor, you should set:

• Name
• Website
• Terms of Service
• Privacy Policy

These fields describe the client that is requesting access and should match the real application that users are authorizing.

Redirect URIs

Applications can define one or more redirect URLs.

Use Add Redirect URL to register every callback URL your application will use.

Only https redirect URLs are allowed, except for local development URLs using localhost or 127.0.0.1.

The redirect URI used during authorization must match the one used later during token exchange.

Public and private applications

The editor includes a Public Application toggle.

Enable public mode when your application runs in an environment where the secret could be exposed.

In practice:

• Public applications should not rely on a client secret.
• Private applications can use a client secret.

The API behavior for public and private applications is documented on the token exchange route at POST /oauth/token.

Scopes

The URL generator lets you enable the scopes your application requests.

The UI currently exposes:

• identify
• main_access
• character_list_access
• character_data_access
• character_build_access
• online_status
• hunted_characters_access
• guild_history_access
• guild_high_ranked_access

Only request the scopes your application actually needs.

URL generator

The editor also shows:

• the selected redirect URI
• a generated authorization URL

Use that generated URL to verify that your selected redirect URI and requested scopes match the application configuration before integrating the OAuth2 flow in your client.