Skip to main content
Vane supports RFC 6749 §4.4 client credentials for deployments that need OAuth-compatible authentication. OAuth tokens are accepted anywhere an API key is accepted.

POST /v1/oauth/clients

Creates an OAuth 2.0 client for the authenticated company. Returns the client_id and client_secret. The client_secret is shown once — store it securely. Requires authentication (API key or existing OAuth token).

Response 201

Example


GET /v1/oauth/clients

Lists all OAuth clients for the authenticated company. Secrets are not returned.

Response 200

Example


POST /v1/oauth/token

Exchanges client credentials for a short-lived Bearer token. No authentication required (the credentials are the authentication). Accepts both application/x-www-form-urlencoded (standard OAuth) and application/json.

Request fields

Response 200

Error responses

Example — form-encoded (standard OAuth)

Example — JSON body