Clients & API

If credentials are exposed, rotate the client secret immediately and revoke any compromised tokens or access paths.

security api tokens

An authorization code is a short-lived code that your backend exchanges for an access token.

oauth tokens api

An access token is a temporary credential used to call protected API endpoints on behalf of a user or client.

tokens oauth api

A refresh token allows your application to request a new access token without forcing the user to log in again.

tokens oauth authentication

Token lifetime depends on your configured security policy and client setup.

tokens security oauth

Yes. Tokens can be revoked through the dashboard or supported API revocation mechanisms.

tokens security dashboard

Deleting a client invalidates associated credentials and tokens, so existing integrations stop working.

client tokens api

رحلتك مع XWMS تبدأ هنا