API Clients

Navigate to System > Connections to manage API clients. API clients provide OAuth2-style credentials (Client ID + Client Secret) that external systems use to authenticate with the Koios GraphQL and REST APIs.

Client List

The client table shows all registered API clients with the following columns:

Column	Description
Status	Enabled (teal) or Disabled (gray)
Name	A descriptive name for the client
Client ID	The UUID used for authentication (copyable)
Last Used	When the client last authenticated
Created	When the client was created

Disabled clients appear at reduced opacity and cannot authenticate until re-enabled.

Bulk Actions

Select multiple clients with checkboxes, then use the Actions menu to enable, disable, or delete them in bulk.

Creating a Client

Click Add API Client
Enter a Name and optional Description
Click Create

After creation, a one-time credentials dialog appears showing the Client ID and Client Secret. Copy both values immediately — the secret cannot be retrieved again.

Save the secret now

The client secret is only displayed once at creation time. If you lose it, you'll need to regenerate a new secret, which invalidates the previous one.

Client Detail Page

Click any client row to view its detail page.

Overview Tab

Last Activity — when the client last authenticated
Status — enabled or disabled
Client Credentials — the Client ID (copyable) and a masked Client Secret. Click the secret field to regenerate it (with confirmation).
Description — the client's purpose, if set

Roles Tab

Assign roles to the API client to control what it can access. Works the same as user role assignment — select a role from the list to grant the client that role's permissions. An API client can have one role at a time.

Permissions Tab

Displays the effective permissions for the API client based on its assigned role. Permissions are shown grouped by category with toggle indicators, matching the layout used on user detail pages.

Regenerating a Secret

If a client secret is compromised or lost, you can regenerate it from the client's detail page:

Click the masked secret field in the Credentials card
Confirm the regeneration — this invalidates the current secret immediately
Copy the new credentials from the dialog

Any external system using the old secret will stop authenticating until updated with the new one.

Enabling and Disabling

Use the toggle switch in the client detail header or the bulk actions menu on the list page. Disabled clients receive authentication errors on every request. Their credentials remain valid — re-enabling restores access without regenerating secrets.

What's Next

Users — manage user accounts
Roles & Permissions — control what users and clients can access

Roles & Permissions Backup & Restore