--- title: "API Clients" description: "Manage API client credentials for external system integrations" source_url: https://ai-ops.com/docs/system/endpoints --- # API Clients Navigate to **System > Connections** to manage API clients. API clients provide OAuth2-style credentials (Client ID + Client Secret) that external systems use to authenticate with the Koios GraphQL and REST APIs. --- ## Client List The client table shows all registered API clients with the following columns: | Column | Description | |--------|-------------| | **Status** | Enabled (teal) or Disabled (gray) | | **Name** | A descriptive name for the client | | **Client ID** | The UUID used for authentication (copyable) | | **Last Used** | When the client last authenticated | | **Created** | When the client was created | Disabled clients appear at reduced opacity and cannot authenticate until re-enabled. ### Bulk Actions Select multiple clients with checkboxes, then use the **Actions** menu to enable, disable, or delete them in bulk. --- ## Creating a Client 1. Click **Add API Client** 2. Enter a **Name** and optional **Description** 3. Click **Create** After creation, a one-time credentials dialog appears showing the **Client ID** and **Client Secret**. Copy both values immediately — the secret cannot be retrieved again. > [!WARNING] Save the secret now > The client secret is only displayed once at creation time. If you lose it, you'll need to regenerate a new secret, which invalidates the previous one. --- ## Client Detail Page Click any client row to view its detail page. ### Overview Tab - **Last Activity** — when the client last authenticated - **Status** — enabled or disabled - **Client Credentials** — the Client ID (copyable) and a masked Client Secret. Click the secret field to regenerate it (with confirmation). - **Description** — the client's purpose, if set ### Roles Tab Assign roles to the API client to control what it can access. Works the same as user role assignment — select a role from the list to grant the client that role's permissions. An API client can have one role at a time. ### Permissions Tab Displays the effective permissions for the API client based on its assigned role. Permissions are shown grouped by category with toggle indicators, matching the layout used on user detail pages. --- ## Regenerating a Secret If a client secret is compromised or lost, you can regenerate it from the client's detail page: 1. Click the masked secret field in the Credentials card 2. Confirm the regeneration — this invalidates the current secret immediately 3. Copy the new credentials from the dialog Any external system using the old secret will stop authenticating until updated with the new one. --- ## Enabling and Disabling Use the toggle switch in the client detail header or the bulk actions menu on the list page. Disabled clients receive authentication errors on every request. Their credentials remain valid — re-enabling restores access without regenerating secrets. --- ## What's Next - [Users](https://ai-ops.com/docs/system/users.md) — manage user accounts - [Roles & Permissions](https://ai-ops.com/docs/system/roles-permissions.md) — control what users and clients can access