SohojXDocumentation

Create an auth application

Credentials, redirect URIs, and origins.

Each website or mobile product is one Auth application in SohojX. You receive a unique API key (client_id) and API secret (client_secret) used at the token endpoint.

Redirect URIs

Every OAuth callback URL must be registered before use. The authorize step rejects unknown redirect_uri values. Use separate URIs for local, staging, and production.

Allowed origins (CORS)

If your SPA calls SohojX Auth APIs from the browser, add allowed origins. Server-side token exchange does not require CORS entries.

Rotate secrets safely

Use Rotate secret in the dashboard if a secret is exposed. Update your backend environment variables immediately.

Create an auth application · Central Auth Docs | SohojX Platform