OAuth Client Management

PATH: System Administration > User Security > OAuth Management > OAuth Client Management

The OAuth Client Management tool allows users to create credentials for third-party programs to retrieve Campus data.

Creating Client Credentials in the OAuth Client Management Tool

Access to this tool is granted only to users who have a Product Security Role to the Student Information System.

Creating an OAuth Client

Adding an OAuth Client record creates a set of credentials that a third-party program can use to retrieve Campus data.

  1. Click New to create a new credential record.
  2. Enter a Client Name.
  3. Enter a Consumer Key following the hard-coded prefix.
  4. Leave OneRoster API selected as the Realm.
  5. Modify the Token Expiration Date if desired. Do not exceed 13 months from the current date.
  6. Leave the Status as Active.
  7. Click Save to finish.


It is the districts responsibility to communicate the Key, Secret, and URLs to the third-party system. See the OneRoster API for more information that may be useful to send.

OAuth Client Management Fields

Client EnabledIndicates if this set of client credentials is currently enabled.
Client NameThe name of the client who is being given credentials to access Campus data.
Consumer KeyThe username of the client account. Campus auto-populates the first 8 characters before the underscore based on the site in which the credentials are generated.
Consumer Secret

The password of the client account. This password is a randomly generated character string and displays as hidden (****) by default.

Show Secret TextMarking this checkbox displays the alphanumeric characters of the Consumer Secret.
RealmThe area of Campus specific to this set of credentials, which limits the data this client has access to. Currently, the only option is OneRoster API.
Campus User Account Name

The username attached to the client that is used in Campus. This username is created to provide a Modified By ID for tracking changes made in Campus.

This user is a dummy account only; tool rights and other account information cannot be edited.

Token Expiration Date

The date that the client's current credentials expire. This value should not exceed 13 months in the future.

Notifications are sent to the user who created the client account 60 and 30 days prior to its Expiration Date.

Valid Days

The calculated days between the Expiration Date and the current date.


Indicates if the client access is Active or Revoked.

Setting the Status to Revoked prevents any further communication between the third-party system and Campus. When a token is revoked and the record is saved, the Secret is deleted, the Enabled checkbox is unmarked, and all fields become read-only.

Select Renew to reinstate a revoked record, change the status to Active and make any updates.

Campus Realm URLs

These URLs are the to be sent to the third-party program to use for retrieving Campus data.


The base URL for accessing the API. This URL provides links to the OneRoster Specifications and the REST Documentation Client.

Below those links is a list of URLs for all available API Endpoints with a brief description for each. Most of the endpoints represent GET actions to retrieve data from Campus, with the exception of passing back posted grade information.

Rest Documentation ClientThe URL for accessing the REST documentation client, which documents the API and allows users to review endpoints and retrieved data.

Renewing an OAuth Client

Clicking Renew re-establishes the client record, updating the necessary fields to make the record active:

Client List Status Indicators

The Client List includes three colored status indicators. The logic for these indicators is as follows:

  1. Green if Client Enabled is marked, red if not.
  2. Green if Token Information > Status is Active, red if Revoked. The first indicator is also red when the Status is Revoked. 
  3. Green if Token Expiration Date is after the current date, red if it is the current date or before.

Related Articles