When to Use OAuth
Register a Client
Clara supports dynamic client registration per RFC 7591. No manual setup needed — register programmatically:Scopes
| Scope | Access |
|---|---|
api | Full read/write access to the Core and Metadata APIs |
profile | Read the authenticated user’s profile information |
scope=api profile
Authorization Code Flow
Use this flow when your app acts on behalf of a Clara user.1. Redirect the user to authorize
| Parameter | Required | Description |
|---|---|---|
client_id | Yes | Your registered client ID |
response_type | Yes | Must be code |
redirect_uri | Yes | Must match a registered redirect URI |
scope | No | Space-separated scopes (defaults to api) |
state | Recommended | Random string to prevent CSRF attacks |
code_challenge | Recommended | PKCE challenge (SHA-256 hash of verifier, base64url-encoded) |
code_challenge_method | Recommended | Must be S256 when using PKCE |
2. Handle the callback
After authorization, Clara redirects back to yourredirect_uri:
state matches what you sent.
3. Exchange the code for tokens
4. Use the access token
5. Refresh when expired
Client Credentials Flow
For server-to-server integrations with no user interaction:Server Discovery
Clara publishes its OAuth configuration at a standard discovery endpoint:API Endpoints Summary
| Endpoint | Purpose |
|---|---|
/.well-known/oauth-authorization-server | Server metadata discovery |
/oauth/register | Dynamic client registration |
/oauth/authorize | User authorization |
/oauth/token | Token exchange and refresh |
| Environment | Base URL |
|---|---|
| Hosted workspace | https://{your-workspace-url} |
| Self-Hosted | https://{your-domain} |
OAuth vs API Keys
| API Keys | OAuth | |
|---|---|---|
| Setup | Generate in Settings | Register a client, implement flow |
| User context | None (workspace-level) | Specific user’s permissions |
| Best for | Scripts, internal tools | External apps, multi-user integrations |
| Token rotation | Manual | Automatic via refresh tokens |
| Scoped access | Full API access | Granular via scopes |