Clients
AM lets you create clients with specific redirect URIs, allowed origins, and token configurations—then rotate keys without downtime.
Mobile apps, web apps, backend services—each gets its own client with its own security settings.
Client Configuration
{
id: "cid_...",
account_id: "acc_...",
name: "My Web App",
allowed_origins: ["https://app.example.com"],
redirect_uris: ["https://app.example.com/callback"],
access_token_config: {
expires_in: 3600 // 1 hour
},
refresh_token_config: {
expires_in: 1209600 // 14 days
}
}Operations
| Operation | Endpoint | Description |
|---|---|---|
| Create | POST /api/accounts/:account_id/clients | Register new client |
| List | GET /api/accounts/:account_id/clients | List account’s clients |
| Get | GET /api/clients/:client_id | Get client details |
| Update | PATCH /api/clients/:client_id | Modify configuration |
| Delete | DELETE /api/clients/:client_id | Remove client |
Key Management
Clients sign tokens with RSA key pairs. AM stores private keys securely and exposes public keys via JWKS.
| Operation | Endpoint |
|---|---|
| List Keys | GET /api/clients/:client_id/keys |
| Create Key | POST /api/clients/:client_id/keys |
| Rotate Keys | POST /api/clients/:client_id/jwks/rotate |
| Delete Key | DELETE /api/client-keys/:client_key_id |
Keep 2-4 keys active during rotation so existing tokens remain valid.
Related
- OAuth - OAuth flows
- Client - Client resource
- Client Key - Signing keys