# Register Your App

> Request OAuth credentials to start building on Orshot

- **URL**: https://orshot.com/docs/developers/register-app

---

To build an app that connects to Orshot on behalf of users, you need a **client ID** and **client secret**. Register your app through our Developer Program and we'll review it.

## What You'll Need to Provide

When registering your app, include the following details:

| Field              | Description                                        | Example                                               |
| ------------------ | -------------------------------------------------- | ----------------------------------------------------- |
| **App Name**       | The name users will see on the consent screen      | "Acme Image Generator"                                |
| **Description**    | A short description of what your app does          | "Generates social media images from Orshot templates" |
| **Logo**           | A square logo (at least 128×128px)                 | Upload via the form                                   |
| **Redirect URIs**  | Where Orshot redirects after authorization         | `https://acme.com/callback`                           |
| **Scopes Needed**  | The permissions your app requires                  | `workspace:read`, `render:generate`                   |
| **App Type**       | Web app, CLI tool, desktop app, or IDE extension   | "Web app"                                             |
| **Website URL**    | Your app's website or landing page                 | `https://acme.com`                                    |
| **Privacy Policy** | URL to your privacy policy                         | `https://acme.com/privacy`                            |
| **Test Users**     | Email addresses allowed to test during development | `alice@example.com, bob@example.com`                  |

## Register Your App

![](https://orshot.com/docs/apps/register-app.png)

Sign in to your Orshot account and submit your app through the Developer Program:

## What Happens Next

![](https://orshot.com/docs/apps/developer-dashboard.png)

1. **Submit your app** — Fill out the registration form with your app details
2. **Start building** — Your `client_id` and `client_secret` are available immediately in the Developer Program dashboard
3. **Test in development mode** — Only you (and any test users you added) can authorize the app
4. **Submit for review** — When ready, [submit your app for publishing](https://orshot.com/docs/developers/publishing) to make it available to all users

## Development Mode

All new apps start in **development mode** (private). While in development mode:

- Only the **app owner** and explicitly added **test users** can authorize the app
- Other users who attempt to authorize will see an `access_denied` error
- API calls made with tokens from unauthorized users will return a `sandbox_restricted` error
- The consent screen shows an "unverified app" warning to test users

This mirrors how platforms like Google and Shopify handle app development — you can build and test safely before going live.

## Redirect URI Rules

Orshot validates redirect URIs strictly. Here's what's supported:

- **HTTPS URLs** — `https://your-app.com/callback` (required for production)
- **Localhost** — `http://localhost:3000/callback` (any port, for development)
- **Custom schemes** — `vscode://your-extension/callback`, `cursor://`, `claude://` (for IDE extensions and desktop apps)

You can register multiple redirect URIs. The `redirect_uri` parameter in the authorization request must exactly match one of the registered URIs (localhost ports are flexible).

## Keep Your Secret Safe

- **Never expose your `client_secret` in client-side code** (browser JavaScript, mobile apps)
- Store it in environment variables or a secrets manager
- If your secret is compromised, email us immediately for rotation
- For public clients (SPAs, mobile apps), use **PKCE** without a client secret