Manage the OAuth 2.0 client credentials

OAuth 2.0 is one of the supported authorization types in Creatio. Identity Service implements OAuth 2.0 in Creatio. It authorizes third-party apps and web services you integrate with Creatio using OAuth 2.0. Learn more: OAuth 2.0 setup procedure.

Generate OAuth 2.0 client credentials

If you use Creatio in the cloud, the Identity Service is deployed out of the box. Before you generate OAuth 2.0 client credentials in Creatio on-site, deploy the Identity Service and connect it to Creatio. Instructions: Deploy the Identity Service, Connect the Identity Service to Creatio.

Creatio lets you authorize via OAuth 2.0 using the client credential flow. This flow builds server-server integration and provides access to Creatio data and API for integrated apps outside the context of a specific user, using client credentials for authentication. Learn more: OAuth 2.0 Client Credentials Grant (official vendor documentation).

Important

Generate dedicated OAuth 2.0 client credentials for each third-party app and web service you need to authorize using OAuth 2.0.

To generate OAuth 2.0 client credentials:

1. Open the System Designer. To do this, click in the top right.

2. Click OAuth 2.0 integrated applications in the Import and integration block. This opens the OAuth authorization page (Fig. 1).

   Fig. 1 OAuth authorization page

   

3. If you use Creatio on-site, make sure that all checkboxes on the Diagnostic tab are selected (Fig. 2).

   Fig. 2 Diagnostic tab

   

   If at least one of the checkboxes is cleared, identify potential issues or errors in the Identity Service or OAuth setup and usage. Instructions: OAuth health monitoring.

4. Click New. This opens the new record window.

5. Fill out the third-party app parameters (Fig. 3).

   Fig. 3 Fill out the third-party app parameters

   

   Parameter	Parameter value
   Name*	Name of the integration that Creatio and logs will use. Required.
   Application URL	The URL of the third-party app or web service.
   Description	The purpose of the integration.
   Create separate technical user for this integration	Whether to automatically create a separate technical user for this integration. The name of the technical user matches the name of the integration. Out of the box, the checkbox is selected. After generating OAuth 2.0 client credentials, grant sufficient permissions to the created technical user. We recommend using a dedicated user who has permissions only to read and edit the fields the integrated third-party app or web service need to change. For example, if you integrate a web service that passes the currency exchange rates to Creatio, grant permissions only to read and edit the Rate and Start fields of the Currency lookup. If you have already created a technical user for your integration, you can use those credentials. To do this: Clear the Create separate technical user for this integration checkbox. This displays the User parameter. Select a previously created technical user in the User parameter.

6. Save the changes.

As a result:

• If the Create separate technical user for this integration checkbox is selected, a separate technical user whose name matches the name of the integration will be created (Fig. 3). Otherwise, the manually created technical user will be used for the integration.

• The "Client Id" and "Client secret" parameters will be automatically populated (Fig. 4). Use these parameter values in third-party apps and web services you integrate with Creatio.

  Fig. 4 Client Id and Client secret parameters

  

• The new integration will be added to the OAuth authorization section (Fig. 5).

  Fig. 5 OAuth authorization section

  

The next steps depend on your business goals. Use OAuth 2.0 client credentials in the following ways:

• Authorize ready-to-use third-party apps and web services you integrate with Creatio. For example, webhook service, Power BI Connector, Clio.
• Provide OAuth 2.0 client credentials to colleagues or partners who need to work with your Creatio instance using API.
• Authorize self-developed third-party apps and web services you integrate with Creatio. Learn more: OAuth 2.0 authorization (developer documentation).

Modify the integration parameters

If the settings of the third-party app change, you can modify the parameters of the previously created integration. To do this:

1. Open the System Designer. To do this, click in the top right.
2. Click OAuth 2.0 integrated applications in the Import and integration block. This opens the OAuth authorization page.
3. Open the integration page whose parameters you want to modify.
4. Modify the needed parameters.
5. Save the changes.

As a result:

• The parameters for third-party app integration will be updated.
• The "Client Id" and "Client secret" parameters will remain unchanged.

Suspend the integration

Creatio lets you temporarily suspend the integration without deleting it. For example, when an integrated third-party app generates high-load requests, temporarily suspend the integration to solve the issue. To do this:

1. Open the System Designer. To do this, click in the top right.
2. Click OAuth 2.0 integrated applications in the Import and integration block. This opens the OAuth authorization page.
3. Clear the Active checkbox for a dedicated integration.
4. Save the changes.

As a result, the integration will be suspended temporarily.

To resume the integration, select the Active checkbox for a dedicated integration.

---

See also

Deploy the Identity Service

Connect the Identity Service to Creatio

OAuth health monitoring

OAuth 2.0 authorization (developer documentation)

---

E-learning courses

Tech Hour - Integrate like a boss with Creatio, part 2 (Odata)