OAuth2 API Credential
The OAuth2 API credential lets Splice authenticate to services that use the OAuth 2.0 authorization-code flow. Once configured and authorized, Splice obtains an access token from the provider and attaches it to requests made by an HTTP Request node — refreshing it as needed without manual intervention.
Overview
OAuth 2.0 is the standard for modern cloud APIs. Rather than storing a long-lived password, you register Splice as a client with the provider, grant it access once, and Splice exchanges that grant for short-lived access tokens. This credential captures the provider's endpoints and your client registration so the token exchange can happen automatically.
You will typically register an application in the provider's developer console first to obtain a Client ID and Client Secret, and to whitelist Splice's redirect URL.
Credential Fields
Authorization URL (required)
The provider's authorization endpoint — where the user is sent to grant access (for example https://accounts.example.com/o/oauth2/auth).
Access Token URL (required)
The provider's token endpoint — where Splice exchanges the authorization grant (and later the refresh token) for an access token (for example https://oauth2.example.com/token).
Client ID (required)
The client identifier issued when you registered Splice as an application with the provider.
Client Secret (required)
The client secret issued alongside the Client ID. This field is masked in the UI and stored encrypted at rest.
Scope
A space-separated list of the permissions Splice should request — for example read write or a provider-specific scope URL. Leave blank if the provider does not require explicit scopes.
Auth URI Query Parameters
Additional query parameters some providers require on the authorization request. For example, set access_type=offline to request a refresh token from Google so tokens can be renewed without re-authorizing.
Authentication
How client credentials are presented to the token endpoint:
| Value | Behavior |
|---|---|
| Header (default) | Send the Client ID and Client Secret as an HTTP Basic Auth header. |
| Body | Send the Client ID and Client Secret in the request body. |
Choose whichever the provider documents; Header is the most common.
Example Configuration
Authorization URL: https://accounts.example.com/o/oauth2/auth
Access Token URL: https://oauth2.example.com/token
Client ID: 1234567890-abcdef.apps.example.com
Client Secret: ••••••••••••
Scope: read write
Auth URI Query Parameters: access_type=offline
Authentication: Header
Security
- The Client Secret is masked in the UI and encrypted at rest.
- Request only the scopes your workflows need — least-privilege access limits exposure if a token leaks.
- Tokens are short-lived; Splice refreshes them automatically when the provider issues a refresh token (request one with
access_type=offlinewhere applicable). - You can revoke Splice's access at any time from the provider's console, which immediately stops all API calls using this credential.
Related
- HTTP Request Node — attach this credential to authenticate outbound HTTP calls
- Header Auth Credential — for APIs that accept a static API key or pre-issued bearer token instead of an OAuth flow