API and Identity Pages
The following pages are in either the System Setup or Administration folders. Very few Users should have access to these pages. Those with access should use extreme caution when they add or edit records.
API Procedures
This page includes a record for each API procedure available in the REST API. You should not edit these records. Use Security Roles to control access to each API Procedure through the REST API.
See for more details.
API Clients
This page includes a record for each API client authorized to access the REST API. This includes their Client ID, Client Secret, and the how long REST API-generated tokens are valid.
You must have a Client ID and Client Secret to access the API using the OAuth Client Credentials workflow and API Wrapper.
API Clients inherit their permissions from a User specified in the record. The permissions of this User determine what the client can access in the API.
You may manually enter passwords, or for greater security, create one randomly using a Password Generator or GUID Generator.
Platform doesn't directly use the dp_API_Clients table, so API client changes force refresh the metadata. The Authorization Server caches API Clients in memory for two minutes.
Identity Providers
This page includes a record for each OAuth provider authorized to authenticate on behalf of MinistryPlatform. This includes their Client ID, Client Secret, and if it is public or not.