Skip to main content

Create and manage App Credentials

Create App Credentials to securely authenticate external applications and services when accessing your Yeeflow application APIs. Configure resource-level permissions, manage client secrets, and control the credential lifecycle for secure system-to-system

What are App Credentials?

App Credentials provide secure, application-level authentication for external systems that need to access your Yeeflow application.

Unlike user authentication, App Credentials are designed for machine-to-machine communication. They allow backend services, automation platforms, custom applications, and AI-powered services to securely call Yeeflow APIs without requiring a user to sign in.

Each App Credential is scoped to a single application, allowing administrators to control exactly which resources an external system can access while keeping permissions isolated from other applications.

With App Credentials, you can:

  • Authenticate external applications securely

  • Grant access only to specific application resources

  • Configure resource-level permissions

  • Rotate client secrets without interrupting integrations

  • Control credential expiration

  • Monitor API usage through call and audit logs

App Credentials provide a secure foundation for integrating business systems, automation platforms, and AI services with Yeeflow applications.


Before you begin

Before creating an App Credential, ensure that:

  • You are an Application Administrator.

  • The application contains resources that external systems need to access.

  • You understand which resources and permissions should be granted.


Create an App Credential

  1. Open your application.

  2. Go to Settings > App Credentials.

  3. Click Create App Credential.

The creation wizard consists of three steps.


Step 1: Enter basic information

The Basic information page defines the identity of the App Credential.

Provide the following information:

  • App ID

    Enter a unique App ID for the credential.

    The App ID is used together with the client secret to authenticate API requests made by external applications.

  • Description (Optional)

    Add a description to explain the purpose of the credential.


Step 2: Configure access scopes

The Access scopes page defines which application resources the credential can access.

Depending on your application, supported resource types include:

  • Approval Forms

  • Form Reports

  • Data Lists

  • Document Libraries

  • Data Reports

  • AI Agents

For each resource type, choose one of the following permission levels:

  • No access

    The credential cannot access this resource type.

  • All items

    The credential can access every resource of this type within the application.

  • Selected items

    The credential can access only the resources you explicitly select.

This enables fine-grained permission control and helps follow the principle of least privilege by exposing only the resources required by the integration.

After configuring the required permissions, click Next step.


Step 3: Configure token settings

The Token settings page determines how long the App Credential remains valid.

Selecting an appropriate expiration period helps improve security by ensuring credentials are reviewed and rotated regularly.

Available options include:

Never expire

Recommended only for trusted internal integrations that require long-term access and are managed under strict security controls.

Expires in 30 days

Suitable for testing environments, temporary integrations, or scenarios requiring frequent credential rotation.

Expires in 90 days

Recommended for most production integrations that follow regular security policies.

Expires in 180 days

Suitable for long-running integrations where less frequent credential rotation is acceptable.

After selecting an expiration policy, click Create Credential.

Yeeflow generates:

  • App ID

  • Primary Client Secret

Important:

Copy and securely store the client secret immediately after it is generated. Treat it like a password and never expose it in client-side applications, source code repositories, or publicly accessible locations.


View App Credential details

After an App Credential is created, open it to view its configuration and management options.

The details page includes:

  • Credential information

  • Client secret management

  • Credential status

  • Expiration information

  • Access scope summary

  • Call Log

  • Audit Log


Manage client secrets

Each App Credential includes a Primary Client Secret and supports an optional Secondary Client Secret.

Using two client secrets allows credentials to be rotated without interrupting production integrations.

Available actions include:

  • Add a secondary client secret

  • Rotate the primary client secret

  • Deactivate an existing client secret

Rotate a client secret

If a client secret is approaching expiration or needs to be replaced:

  1. Open the App Credential.

  2. Click Rotate secret.

  3. A new client secret is generated.

  4. Update your external application to use the new secret.

  5. After confirming the integration is working correctly, deactivate the previous secret.

Regular secret rotation is recommended to improve security.


Manage App Credentials

Administrators can manage the lifecycle of an App Credential directly from its details page.

Available actions include:

Enable or disable a credential

Use the Enabled toggle to temporarily enable or disable the credential.

When disabled, authentication requests using the credential will be rejected until it is enabled again.

Edit settings

Select Edit settings to update:

  • Basic information

  • Access scopes

  • Expiration settings

Extend expiration

If a credential is approaching its expiration date, click Extend to configure a new expiration period without creating a new credential.

Delete a credential

Delete an App Credential when it is no longer required.

Deleting a credential permanently revokes all associated client secrets, and external applications can no longer authenticate using that credential.


Monitor credential activity

Each App Credential includes built-in monitoring and auditing capabilities.

Access scopes

The Access scopes tab provides a summary of the resources and permissions granted to the credential.

Review this information regularly to ensure the credential has only the permissions it requires.

Call Log

The Call Log records API requests made using the credential.

Information may include:

  • Request time

  • HTTP method

  • API endpoint

  • Response status

Use the Call Log to troubleshoot integration issues and verify successful API activity.

Audit Log

The Audit Log records administrative actions performed on the App Credential, including:

  • Credential creation

  • Secret rotation

  • Permission updates

  • Expiration changes

  • Enable or disable actions

  • Credential deletion

This provides a complete audit trail for security, governance, and compliance.

Did this answer your question?