OAuth Applications
Create and manage OAuth applications for the Texture Connect flow. OAuth apps enable third-party applications to access Texture data on behalf of your users.
OAuth app object
{
"id": "oauth_abc123def456",
"clientId": "texture_client_a1b2c3d4",
"name": "My Energy App",
"description": "Connects customers to their energy data.",
"redirectUris": ["https://myapp.com/callback"],
"allowedScopes": ["read:devices", "read:sites"],
"type": "CONFIDENTIAL",
"workspaceId": "ws_abc123def456",
"createdAt": "2025-06-01T00:00:00.000Z",
"updatedAt": "2025-06-01T00:00:00.000Z"
}App types
| Type | Description |
|---|---|
CONFIDENTIAL | Server-side apps that can securely store a client secret |
PUBLIC | Client-side apps (SPAs, mobile) that cannot store secrets |
List OAuth applications
GET /v1/oauth-apps
Query parameters:
| Parameter | Type | Default | Description |
|---|---|---|---|
page | integer | 1 | Page number (1–1000) |
perPage | integer | 10 | Items per page (1–100) |
Response: 200 OK
{
"data": [...],
"meta": {
"total": 5,
"page": 1,
"perPage": 10
}
}Get OAuth application
GET /v1/oauth-apps/:id
Response: 200 OK — Returns the OAuth app object.
Create OAuth application
POST /v1/oauth-apps
Request body:
| Field | Type | Required | Description |
|---|---|---|---|
name | string | Yes | App name (1–255 chars) |
description | string | No | Description (max 1000 chars) |
redirectUris | string[] | Yes | At least one valid redirect URI |
allowedScopes | string[] | Yes | At least one OAuth scope |
type | enum | Yes | PUBLIC or CONFIDENTIAL |
{
"name": "My Energy App",
"description": "Connects customers to their energy data.",
"redirectUris": ["https://myapp.com/callback"],
"allowedScopes": ["read:devices", "read:sites"],
"type": "CONFIDENTIAL"
}Response: 201 Created
{
"id": "oauth_abc123def456",
"clientId": "texture_client_a1b2c3d4",
"clientSecret": "texture_secret_a1b2c3d4e5f6g7h8i9j0",
"name": "My Energy App",
"redirectUris": ["https://myapp.com/callback"],
"allowedScopes": ["read:devices", "read:sites"],
"type": "CONFIDENTIAL",
"createdAt": "2025-06-01T00:00:00.000Z"
}The clientSecret is only returned at creation time. Store it securely — it cannot be retrieved later.
Update OAuth application
PATCH /v1/oauth-apps/:id
All fields are optional — provide at least one.
| Field | Type | Description |
|---|---|---|
name | string | New name (1–255 chars) |
description | string | New description (max 1000 chars) |
redirectUris | string[] | New redirect URIs (min 1) |
allowedScopes | string[] | New scopes (min 1) |
Response: 200 OK — Returns the updated OAuth app object.
Delete OAuth application
DELETE /v1/oauth-apps/:id
Response: 204 No Content
Deleting an OAuth application immediately invalidates all tokens issued to that application. Users will need to re-authorize with a new application.
Rotate client secret
Generate a new client secret. The old secret is immediately invalidated.
POST /v1/oauth-apps/:id/rotate-secret
Response: 200 OK
{
"clientId": "texture_client_a1b2c3d4",
"clientSecret": "texture_secret_newxyz987"
}The old secret stops working immediately. Update your application's configuration before rotating to avoid downtime. For zero-downtime rotation, deploy the new secret to your application immediately after receiving it.