Applications and clients can be managed either using Management APIs, or from the Admin Portal (as described below).
The Applications page presents a list of all your applications, including basic details like the application ID and name, when it was created, which admin created it, and the last time a user logged in. You can search for a specific application by name using the search box on the top-right, and click to view the Application Settings.
You can manage your applications from the Applications page:
- Create an app by clicking + Add application and configuring Application Settings .
- Edit an app by clicking and then Edit .
- Delete an app by clicking and then Delete .
You can access your application settings from the Applications page by clicking the relevant application in the table.
Basic application information includes:
- Application ID : Application identifier, automatically generated when the app is created. It cannot be edited.
- Application name : Name of your application, displayed in the Admin Portal.
- Application description : Short description of your application, displayed in the Admin Portal.
- Application logo : Your application's logo when needed (e.g., in email templates) in jpeg, png, or webp format.
Advanced app settings include:
: Allows login flows to automatically create new users (or associate existing users with the application) the first time they login. For example, you can control whether or not to allow registration of guest users (users who are new to the app). If enabled, auto-creation of new users can be requested via the
create_new_userparameter of Authentication APIs, or
createNewUserparameter of the OIDC authorization API .
- Authentication Hub : Allows setting this application as the Authentication Hub for your tenant. It can then be used by other apps of the tenant to authenticate users (in a centralized login flow), and perform SSO across the apps. Only one application can be set as an Authentication Hub per tenant.
The first client is automatically created when you set up your application. This represents the client that will be requesting Transmit Security services, such as your retail website or your Android banking application. You can add additional clients and leverage a multi-client application setup.
You can manage clients using Application APIs (with an access token of the relevant app or with an admin access token) or Client APIs (with an access token of the relevant app), or from the Admin Portal (as described below).
Client information includes:
- Client ID : Client identifier for API requests, automatically generated when the app is created. It cannot be edited.
- Client display name : Client name to display when needed.
- Client description : Short description of your client.
- Client secret : Client secret used to authorize API requests on behalf of the client (either directly or by using it to generate client access tokens). It is automatically generated when the app is created, but can be rotated when needed. Keep this secret somewhere safe, and make sure it's never exposed to your mobile or web applications.
: List of URIs approved for redirects for your application (e.g., URI to redirect to when an authentication is completed). The required format of the redirect URI depends upon client type: web clients must use HTTPS unless using local environment, while native apps must use HTTPS unless using a local environment or custom scheme. Custom schemes are only allowed in the format of reverse domain schemes (
- Client type : Whether the client is a web app (default) or a native app (e.g., mobile). This is used to adapt validations and configuration according to client type when relevant (such as validations for redirect URI).
- Resources : List of URIs the client can explicitly request access to. This allows the client to manage dedicated sessions for a resource, including the token and session expiration. For example, a website can have a shorter session for the page used to manage the user's payment methods. Before a resource can be added to a client, it must first be created from the Resources tab of the Applications page (see Resources ).
Your client can request access to a single resource in each request. If you'd like to customize the default expiration of tokens and sessions, create a resource that corresponds to your application URL.
Login preferences define which authentication methods the application can offer its end-users. For example, it allows you to configure provider credentials for social login, or to customize the branding of email templates for magic link authentication. Login preferences for your application are configured from the Authentication page of the Admin Portal.