DocsSystem APIEHR APIDemographic APIQuery APIDefinition APIAdmin API

Frequently Asked Questions

Requesting Client Credentials from Cadasto

Client credentials (a confidential client_id and client_secret) are issued by Cadasto after we provision an environment for you. This page explains what information to provide when requesting credentials and includes a short request template you can copy.

Why Request Credentials

  • Client credentials allow server-to-server integrations using the OAuth 2.0 Client Credentials flow.
  • Credentials are issued per-environment (development, staging, production) and should be treated as secrets.

What to provide when Requesting Credentials

  • Application name (friendly name used for identification).
  • Intended environment(s): development, staging, production.
  • Redirect URIs (if you will use interactive flows such as PKCE). For pure machine-to-machine (client credentials) this can be empty.
  • Allowed origins (CORS) if your application runs in a browser context.
  • Scopes required (e.g. api.read, api.write). Provide the minimal set of scopes required.
  • Contact / technical owner (name, email, team slack alias).
  • Short description of the integration and expected usage patterns.

Security & Lifecycle Notes

  • The client_secret must be stored securely (secret manager, environment variables, or other vault solutions). Do not check client secrets into source control.
  • Rotate credentials if a secret is compromised or on a periodic schedule as enforced by your security policy.
  • Cadasto may issue different credential sets per environment; treat each set independently.

Request template (email / support ticket)

Subject: Request: Cadasto API client credentials for

Body:

Application name: <your-app-name>
Environment: development|staging|production
Redirect URIs: <https://app.example.com/callback> (optional; required for interactive flows)
Allowed origins (CORS): <https://app.example.com> (optional)
Requested scopes: api.read api.write
Contact: Jane Doe <jane@example.com>
Description: <Short description of what the integration does and why it needs access>

What you will receive

  • client_id (public identifier)
  • client_secret (confidential secret; store it securely)
  • Optional: additional metadata about allowed scopes or lifetime

After you receive credentials

  • For server-to-server integrations use the Client Credentials flow (see docs/authentication.md).
  • For interactive user flows (if applicable) follow the PKCE flow and make sure redirect_uri matches a registered value.

If you need help

  • Contact Cadasto support or open a ticket with the information above. If you want, provide a callback URL for the team to test.
Cadasto B.V. © 2025. All rights reserved.