Register Your App
Request OAuth credentials to start building on Orshot
To build an app that connects to Orshot on behalf of users, you need a client ID and client secret. Register your app through our Developer Program and we'll review it.
What You'll Need to Provide#
When registering your app, include the following details:
| Field | Description | Example |
|---|---|---|
| App Name | The name users will see on the consent screen | "Acme Image Generator" |
| Description | A short description of what your app does | "Generates social media images from Orshot templates" |
| Logo | A square logo (at least 128×128px) | Upload via the form |
| Redirect URIs | Where Orshot redirects after authorization | https://acme.com/callback |
| Scopes Needed | The permissions your app requires | workspace:read, render:generate |
| App Type | Web app, CLI tool, desktop app, or IDE extension | "Web app" |
| Website URL | Your app's website or landing page | https://acme.com |
| Privacy Policy | URL to your privacy policy | https://acme.com/privacy |
Register Your App#
Sign in to your Orshot account and submit your app through the Developer Program:
Register Your App →What Happens Next#
- Submit your app — Fill out the registration form with your app details
- We review it — We'll check your app details and intended use case (1–3 business days)
- Receive credentials — Once approved, your
client_idandclient_secretwill appear in the Developer Program dashboard - Start building — Use the credentials to implement OAuth in your app
Reviews typically take 1–3 business days. You can check the status of your application in the Developer Program dashboard.
Redirect URI Rules#
Orshot validates redirect URIs strictly. Here's what's supported:
- HTTPS URLs —
https://your-app.com/callback(required for production) - Localhost —
http://localhost:3000/callback(any port, for development) - Custom schemes —
vscode://your-extension/callback,cursor://,claude://(for IDE extensions and desktop apps)
You can register multiple redirect URIs. The redirect_uri parameter in the authorization request must exactly match one of the registered URIs (localhost ports are flexible).
Keep Your Secret Safe#
- Never expose your
client_secretin client-side code (browser JavaScript, mobile apps) - Store it in environment variables or a secrets manager
- If your secret is compromised, email us immediately for rotation
- For public clients (SPAs, mobile apps), use PKCE without a client secret
All Set? Let's Start Automating
- Image, PDF and Video Generation via API
- Canva like editor with AI and smart features
- No-Code Integrations (Zapier, Make, n8n etc.)
- Embed Orshot Studio in your app
- Start Free. No credit card required. Cancel anytime.