The app management flow allow users to view, disable, and reset their clients in the API Portal.
Status: Gathering feedback
Requirements for app management flow
User stories: epic 4, stories 3, 5, and 8
- List my apps (nice to have: display client ID in list)
- Display app details (name, description, client ID, return URL, rate limit)
- Provide an option to reset a client secret
- Provide an option to disable an app
Prototype
Terminology
app
“App” is synonymous with “client”.
client ID
A value created when registering a client in the API Portal. A user can access the client ID for their client when logged in to the API Portal.
client secret
A value created when registering an app in the API Portal. A client secret is shown to the user once on creation and can only be accessed again by resetting it.
access token
A value generated in one of two ways:
- Created by the API Portal when registering a client authorized to act on behalf of a single user (the user creating the client). In this case, the access token has identical rights, roles, and permissions to that user.
- Created by an OAuth Extension API request /oauth/access_token as part of a user-authorization flow
rate limit
A rate limit is applied to a client based on client ID. Rate limits can differ between clients, so a user should be able to see the rate limit for each of their clients when logged in to the API Portal.
Questions
Should we include options to update the Public RSA key and allowed IP ranges as shown above?- No, these options aren't included in the Create app flow.
- Meta doesn't currently offer the ability for non-admins to disable clients. (epic 4, user story 5)
References
Client management options on Meta: