---
title: "Create API Client Credentials"
slug: "create-api-client-credential"
updated: 2025-01-13T09:02:07Z
published: 2025-06-23T14:52:52Z
stale: true
---

> ## Documentation Index
> Fetch the complete documentation index at: https://docs.plainid.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Create API Client Credentials

Post/env-mgmt/1.0/api-key/clients

This API enables users to create Client Credentials associated to a Tenant or Environment.

### Notice

 Accessing the Policy Management APIs is through a dedicated domain/URL according to your PlainID Tenant Location:   

`https://api.{REGION}.plainid.io`
  
   

**United States (US)** -
`https://api.us1.plainid.io`   
 **Canada (US)** -
`https://api.ca1.plainid.io`   
 **Europe (US)** -
`https://api.eu1.plainid.io`  

Replace`{REGION}` with your PlainID Tenant region (e.g. us1, eu1, ca1, etc.).

 

### Important note about headers

Refer to the headers below to modify your cURL sample. Check if the following headers are in the sample, if not, ensure you add it to your cURL sample before pasting into your API tool.   
 

#### Headers

 *Required 

| Header | Value | cURL Line |
| --- | --- | --- |
| Accept | `application/json` | `-H"Accept: application/json"` |
| Content-Type | `application/json` | `-H"Content-Type: application/json"` |

  

### cURL Sample Guidelines

In order for the relevant parameters to appear in the cURL sample, you can input the values in the interactive API console on the right. They will then appear in the cURL sample on the bottom of the page in the correct format.

   

### Using HTML Encoded Special Characters

 

Use HTML encoded patterns when working with values that contain special characters like spaces, dashes, etc. Refer to this [HTML URL Encoding Reference](https://www.w3schools.com/tags/ref_urlencode.ASP) for a full list.

   

  

SecurityHTTPType bearer

For more details about Administration API Authentication, check out the Authentication APIs documentation. Provide your bearer token in the Authorization header when making requests to protected resources. Example: `Authorization: Bearer 123`

Body parameters<select class='api-response-data' aria-label='Media type'><option value='f157a76f-0619-4517-95f5-c194a464cee2'>application/json</option>
</select><select class='select-example' aria-label='Media type'><option value='403e63d4-5446-4fd8-b4ea-adac9f6b1a43'>Environment Admin Sample</option>
<option value='a5f75b78-02b6-4e4e-a4e5-f286ada9fafc'>Environment Viewer Sample</option>
<option value='1674044c-ae0f-4cc2-8488-ad7670fc2cfd'>Tenant Admin Sample</option>
</select>Environment Admin Sample

```json
{
  "ownerId": "b0e1f961-2061-4f83-8392-b5aa19fed0c1",
  "ownerType": "ENVIRONMENT",
  "name": "Name21",
  "description": "Name21 Description",
  "tokenDuration": "PT1440M",
  "permission": "ADMIN"
}
```

Environment Viewer Sample

```json
{
  "ownerId": "b0e1f961-2061-4f83-8392-b5aa19fed0c1",
  "ownerType": "ENVIRONMENT",
  "name": "Name22",
  "description": "Name22 Description",
  "tokenDuration": "PT1440M",
  "permission": "VIEWER"
}
```

Tenant Admin Sample

```json
{
  "ownerId": null,
  "ownerType": "TENANT",
  "name": "Name23",
  "description": "Name23 Description",
  "tokenDuration": "PT1440M",
  "permission": "ADMIN"
}
```

object  ownerIdstring  (UUID)   | null  Required

Client Owner is the Environment ID. The Environment ID can be found under the **Details tab** in the **Environment Settings**. If this is for a **Tenant Admin**, input **null or -** in the **`ownerId`** field.

ownerTypestring    Required

Type of Client Owner.

Valid values[
  "ENVIRONMENT",
  "TENANT"
]
namestring    Required

API Client Credential Name

Max length100
descriptionstring    

API Client Credential Description

Max length200
tokenDurationstring  (ISO-8601 duration)    Required

Client Token Duration

ExamplePT90M
permissionstring    Required

Client Access Permissions. When configuring Client Credentials for a Tenant, Permissions can be set to ADMIN only.

Valid values[
  "ADMIN",
  "VIEWER"
]

Responses201

Client Created Successfully

<select class='api-response-data' aria-label='Media type'><option value='0059044c-a1ae-48b3-bfa0-9ac333266478'>application/json</option>
</select>object  idstring    

Copy and save this id to use as your Client ID.

ownerIdstring  (UUID)    
ownerTypestring    
namestring    
descriptionstring    
secretstring    

Copy and save this secret to use as your Client Secret.

tokenDurationstring  (ISO-8601 duration)    
permissionstring    

400

Bad Request

<select class='api-response-data' aria-label='Media type'><option value='a16ab8af-eb20-4b11-b664-bb61cba58941'>application/json</option>
</select><select class='select-example' aria-label='Media type'><option value='f104a99f-792d-479c-aa71-c349b33999d2'>client count limitation</option>
<option value='9bd37564-7d41-4b21-8f1e-07a873411b33'>client already exists</option>
</select>client count limitation

```json
{
  "id": "EW68XA",
  "status": 400,
  "name": "clientCountLimitation",
  "message": "Client count limitation exceeded"
}
```

client already exists

```json
{
  "id": "EW69XA",
  "status": 400,
  "name": "clientAlreadyExists",
  "message": "Client {name} already exists"
}
```

Expand Allobject  codestring    
idstring    
statusinteger    
namestring    
messagestring    
argsobject  pathstring    

403

Forbidden

<select class='api-response-data' aria-label='Media type'><option value='1aa2f3d4-6246-429e-90d1-e59e46d56884'>application/json</option>
</select><select class='select-example' aria-label='Media type'><option value='f4dbb714-dea8-4c13-8c8b-9ed3bb6d5d6d'>forbidden environment</option>
<option value='aa5ca00a-48ac-4819-a59f-b14f5fb835b1'>forbidden tenant</option>
</select>forbidden environment

```json
{
  "id": "EW65XA",
  "status": 403,
  "name": "forbiddenEnvironment",
  "message": "operation get for resource Environment {ownerId} is not allowed because the current user does not have the appropriate permissions"
}
```

forbidden tenant

```json
{
  "id": "EW66XA",
  "status": 403,
  "name": "forbiddenTenant",
  "message": "Operation GET for resource Tenant {tenantId} is not allowed because the current user does not have the appropriate permissions."
}
```

Expand Allobject  codestring    
idstring    
statusinteger    
namestring    
messagestring    
argsobject  pathstring    

404

NotFound

<select class='api-response-data' aria-label='Media type'><option value='09ea2bae-ee75-4f23-bb6d-f9aa5dcb6f47'>application/json</option>
</select><select class='select-example' aria-label='Media type'><option value='d130cf44-e9b8-4972-9a90-705ed45f004f'>environment not found</option>
</select>environment not found

```json
{
  "code": "EVM-002",
  "id": "EW67XA",
  "status": 404,
  "name": "environmentNotFoundError",
  "message": "envId: {ownerId} does not exist"
}
```

Expand Allobject  codestring    
idstring    
statusinteger    
namestring    
messagestring    
argsobject  pathstring    

422

unprocessable entity

<select class='api-response-data' aria-label='Media type'><option value='5b47b9d9-93a7-4dde-9888-e96aa3ffc733'>application/json</option>
</select><select class='select-example' aria-label='Media type'><option value='0fc0fe3e-6ab0-4f94-b394-8d33d0f8a65d'>unsupported owner type</option>
</select>unsupported owner type

```json
{
  "id": "EW51XA",
  "status": 422,
  "name": "UnsupportedOwnerType",
  "message": "{ownerType} is not supported"
}
```

Expand Allobject  codestring    
idstring    
statusinteger    
namestring    
messagestring    
argsobject  pathstring