Console Guide
This guide explains how to create an application or system integration in Console (admin panel) and configure the authentication information and scopes required for API usage.
Overview
To use AGENTIC STAR's API, you must first create a client in Console based on your intended use.
| Application | System Integration | |
|---|---|---|
| Use Case | Applications where users log in | Server-to-server system integration (Management API, etc.) |
| Authentication Flow | Authorization Code | Client Credentials |
| User Authentication | Yes (login via browser) | No (client credentials only) |
| Console Menu | "App List" | "System Integrations" |
- Ability to log in to Console (developer role or higher)
- Permission from the organization administrator to use the API
For details, see Authentication Guide.
Steps to Create an Application
Start creation by clicking "New Create" from the "App List" menu in Console.
1. Select Application Type
Select the application type based on your use case. The authentication method and security settings are automatically determined based on the type. The type cannot be changed after creation.
| Web Application | SPA | Mobile / Native | |
|---|---|---|---|
| Use Case | Server-side web applications | Single Page Applications running in the browser | Mobile apps and desktop apps |
| Client Type | Confidential (with Client Secret) | Public (no Client Secret, PKCE authentication) | Public (no Client Secret, PKCE authentication) |
| Authentication Flow | Authorization Code | Authorization Code + PKCE (required) | Authorization Code + PKCE (required) |
| Redirect URI | Required | Required | Required |
| Web Origins (CORS) | Optional | Required | — |
SPA and mobile applications are configured as Public Clients. PKCE (S256) is mandatory and provides protection through challenge verification using code_challenge / code_verifier. Methods other than S256 (such as plain) are not supported.
2. Enter Basic Information
| Item | Required | Description |
|---|---|---|
| App Name | ✓ | Display name of the application (max 256 characters). Also displayed on the authorization screen. |
| Logo | ✓ | Logo image of the application (PNG, JPEG, SVG format, max 500KB, recommended 128x128px or larger). |
| Short Description | ✓ | Concise description within 50 characters. Displayed in the app list. |
| Detailed Description | ✓ | Detailed description of the application. |
| Support URL | URL of support page. Displayed on the consent screen. | |
| Privacy Policy URL | URL of privacy policy. Displayed on the consent screen. | |
| Terms of Use URL | URL of terms of use. Displayed on the consent screen. |
3. Technical Configuration
| Item | Required | Description |
|---|---|---|
| Client ID | — | Auto-generated UUID. Cannot be changed. Copy and use after creation. |
| Redirect URI | ✓ | Register one or more redirect destination URLs after authorization completion. Validation is exact match, so enter the precise URL. |
| Web Origins (CORS) | ※ | Required only for SPA. Register origin URLs to allow direct API calls from the browser. Optional for Web applications. Not displayed for Mobile. |
Redirect URI is validated by exact match for security. It is recommended to register both development environment (http://localhost:3000/callback) and production environment (https://yourapp.com/callback) URLs. Wildcards are not supported.
4. Select Scopes
Select the required scopes based on the features your application will use. The selected scopes define the maximum range of permissions available to this application.
For the list of available scopes and selection guidance, see Authentication Guide — Scopes.
5. Publication Settings
Set the publication scope of your application. Toggle the switch to change.
| Setting | Description |
|---|---|
| Unpublished (default) | Only users with developer privileges can access. Recommended during development. |
| Published | Accessible to all users in the organization. |
6. Consent Screen
Configure whether to enable the consent screen. When enabled, the application name, logo, description, Support URL, Privacy Policy URL, and Terms of Use URL set in the basic information are reflected on the consent screen. Enter these accurately if you plan to enable the consent screen.
For consent screen behavior (display timing, displayed information), see Authentication Guide — Consent Screen.
7. Complete Creation
Click the "Create" button to create the application. After creation, you will be redirected to the app detail screen where you can view Client ID and Client Secret.
System Integration Creation Steps
To use Management APIs for server-to-server integration, create a Client Credentials client from the "System Integrations" menu. No user login is required; access tokens are obtained using only client credentials.
Start creation by clicking "New Create" from the "System Integrations" menu in Console.
1. Enter Basic Information
| Item | Required | Description |
|---|---|---|
| Name | ✓ | Display name for the integration (max 256 characters). |
| Description | Description of the integration purpose and use case. |
2. Select Scopes
Select the required scopes based on the Management APIs you will use for the system integration.
For the list of available scopes, see Authentication Guide — Scopes.
Write scopes such as users:manage and master:manage involve data modification and deletion. Select only the minimum scopes required.
3. Complete Creation
Click the "Create" button to create the system integration. After creation, you will be redirected to the detail screen where you can view Client ID, Client Secret, and Token URL.
Confirm Authentication Information
After creating a client, the authentication information required for API usage can be confirmed on the detail screen.
Application Authentication Information
The following information can be confirmed on the app detail screen.
- Client ID — Displayed in the "Technical Configuration" section. Can be copied to clipboard using the copy button.
- Client Secret — Issued for Web applications (Confidential).
| Action | Description |
|---|---|
| View | Click the eye icon to display the masked Client Secret. |
| Copy | Click the copy icon to copy Client Secret to clipboard. |
| Regenerate | Click the refresh icon to generate a new Client Secret. The previous secret is immediately invalidated. |
System Integration Authentication Information
The following information can be confirmed on the system integration detail screen.
- Client ID — Can be copied to clipboard using the copy button.
- Client Secret — Can be viewed, copied, and regenerated (same operations as Application).
- Token URL — URL for obtaining access tokens. Can be copied to clipboard using the copy button.
- Client Secret is confidential information equivalent to a password. Keep it secure.
- Do not hardcode in source code or version control systems. Environment variables or Secret Manager usage is recommended.
- Regenerating Client Secret will cause authentication to fail for all systems using the old secret. Check the scope of impact beforehand.
Next Steps
After obtaining authentication information, proceed to the following guides based on your use case.
- Quickstart — Shortest route to experience API with curl
- Authentication Guide — Detailed steps for authentication flows
- User API Reference — User-facing API endpoint specifications