What are App Credentials?
App Credentials provide secure, application-level authentication for external systems that need to access your Yeeflow application.
Unlike user authentication, App Credentials are designed for machine-to-machine communication. They allow backend services, automation platforms, custom applications, and AI-powered services to securely call Yeeflow APIs without requiring a user to sign in.
Each App Credential is scoped to a single application, allowing administrators to control exactly which resources an external system can access while keeping permissions isolated from other applications.
With App Credentials, you can:
Authenticate external applications securely
Grant access only to specific application resources
Configure resource-level permissions
Rotate client secrets without interrupting integrations
Control credential expiration
Monitor API usage through call and audit logs
App Credentials provide a secure foundation for integrating business systems, automation platforms, and AI services with Yeeflow applications.
Before you begin
Before creating an App Credential, ensure that:
You are an Application Administrator.
The application contains resources that external systems need to access.
You understand which resources and permissions should be granted.
Create an App Credential
Open your application.
Go to Settings > App Credentials.
Click Create App Credential.
The creation wizard consists of three steps.
Step 1: Enter basic information
The Basic information page defines the identity of the App Credential.
Provide the following information:
App ID
Enter a unique App ID for the credential.
The App ID is used together with the client secret to authenticate API requests made by external applications.
Description (Optional)
Add a description to explain the purpose of the credential.
Step 2: Configure access scopes
The Access scopes page defines which application resources the credential can access.
Depending on your application, supported resource types include:
For each resource type, choose one of the following permission levels:
No access
The credential cannot access this resource type.
All items
The credential can access every resource of this type within the application.
Selected items
The credential can access only the resources you explicitly select.
This enables fine-grained permission control and helps follow the principle of least privilege by exposing only the resources required by the integration.
After configuring the required permissions, click Next step.
Step 3: Configure token settings
The Token settings page determines how long the App Credential remains valid.
Selecting an appropriate expiration period helps improve security by ensuring credentials are reviewed and rotated regularly.
Available options include:
Never expire
Recommended only for trusted internal integrations that require long-term access and are managed under strict security controls.
Expires in 30 days
Suitable for testing environments, temporary integrations, or scenarios requiring frequent credential rotation.
Expires in 90 days
Recommended for most production integrations that follow regular security policies.
Expires in 180 days
Suitable for long-running integrations where less frequent credential rotation is acceptable.
After selecting an expiration policy, click Create Credential.
Yeeflow generates:
Important:
Copy and securely store the client secret immediately after it is generated. Treat it like a password and never expose it in client-side applications, source code repositories, or publicly accessible locations.
View App Credential details
After an App Credential is created, open it to view its configuration and management options.
The details page includes:
Credential information
Client secret management
Credential status
Expiration information
Access scope summary
Call Log
Audit Log
Manage client secrets
Each App Credential includes a Primary Client Secret and supports an optional Secondary Client Secret.
Using two client secrets allows credentials to be rotated without interrupting production integrations.
Available actions include:
Rotate a client secret
If a client secret is approaching expiration or needs to be replaced:
Open the App Credential.
Click Rotate secret.
A new client secret is generated.
Update your external application to use the new secret.
After confirming the integration is working correctly, deactivate the previous secret.
Regular secret rotation is recommended to improve security.
Manage App Credentials
Administrators can manage the lifecycle of an App Credential directly from its details page.
Available actions include:
Enable or disable a credential
Use the Enabled toggle to temporarily enable or disable the credential.
When disabled, authentication requests using the credential will be rejected until it is enabled again.
Edit settings
Select Edit settings to update:
Basic information
Access scopes
Expiration settings
Extend expiration
If a credential is approaching its expiration date, click Extend to configure a new expiration period without creating a new credential.
Delete a credential
Delete an App Credential when it is no longer required.
Deleting a credential permanently revokes all associated client secrets, and external applications can no longer authenticate using that credential.
Monitor credential activity
Each App Credential includes built-in monitoring and auditing capabilities.
Access scopes
The Access scopes tab provides a summary of the resources and permissions granted to the credential.
Review this information regularly to ensure the credential has only the permissions it requires.
Call Log
The Call Log records API requests made using the credential.
Information may include:
Request time
HTTP method
API endpoint
Response status
Use the Call Log to troubleshoot integration issues and verify successful API activity.
Audit Log
The Audit Log records administrative actions performed on the App Credential, including:
Credential creation
Secret rotation
Permission updates
Expiration changes
Enable or disable actions
Credential deletion
This provides a complete audit trail for security, governance, and compliance.









