Dcisive allows external applications, including AI agents, web applications, and backend services, to securely connect to the Dcisive platform using OAuth 2.0.
This configuration page provides the credentials, application type selection, and callback settings required to establish a secure authentication flow between your external application and Dcisive.
Creating an API Application
Navigate to the Settings screen within Dcisive and select the "</> API" setting. Select the "Create app" button:
Before configuring authentication details, you must specify the type of external connection you would like to use with Dcisive:
Selecting the correct application type ensures the appropriate authentication flow and security controls are applied. Dcisive supports 3 connection options:
Regular Web App: server-rendered web application. This option is typically used when authentication and token handling occur securely on a backend server.
Single Page App: front-end application that runs in the browser and consumes APIs directly. This option uses OAuth 2.0 with PKCE and does not require a client secret.
Machine to Machine: backend services, integrations, or automated systems running on trusted infrastructure. This option is used when no interactive user login is required and authentication occurs between systems.
Enter a descriptive name for your application, select the appropriate authentication type and select "Create app" to proceed with external application connection creation.
Regular Web App
The following information is provided/completed for Regular Web Apps:
Basic Information
The Basic Information section defines how your external application is registered within Dcisive.
Application Name: the display name of the external application.
Type: defaulted to the selected application type from the previous screen (Regular Web App).
Domain: the Dcisive authentication domain used to initiate OAuth requests.
External applications must direct authentication requests to this domain.Client ID: the unique identifier assigned to your registered external application.
This value must be included in all OAuth authentication requests made to Dcisive.Client Secret: a confidential credential used by server-based applications to securely authenticate with Dcisive. The client secret must be stored securely on your backend server and must never be exposed in browser-based code or public repositories.
Regular Web App authentication uses the OAuth 2.0 Authorization Code flow with a client secret. Because authentication is handled server-side, the client secret is required to exchange the authorization code for access tokens securely.
Callback URLs
The Callback URLs section controls where users are redirected during authentication and logout.
Application Homepage URI: the primary URL of your application.
Application Login URI: the endpoint within your application that initiates the OAuth login flow.
Allowed Callback URLs: these are the authorised redirect URIs where Dcisive can send users after successful authentication. Only URLs listed here will be accepted during the OAuth flow. Each URL must be entered on a new line.
Allowed Logout Redirect URLs: these URLs define where users may be redirected after signing out. Each logout URL must be entered on a new line.
Single Page App
The following information is provided/required for Single Page Apps:
Basic Information
The Basic Information section defines how your external application is registered within Dcisive.
Application Name: the display name of the external application.
Type: defaulted to the selected application type from the previous screen (Single Page App).
Domain: the Dcisive authentication domain used to initiate OAuth requests.
External applications must direct authentication requests to this domain.Client ID: the unique identifier assigned to your registered external application.
This value must be included in all OAuth authentication requests made to Dcisive.
Single Page App configurations use PKCE and do not require a client secret.
Security is enforced using a code verifier and code challenge during the authentication flow.
Callback URLs
The Callback URLs section controls where users are redirected during authentication and logout.
Application Homepage URI: the primary URL of your application.
Application Login URI: the endpoint within your application that initiates the OAuth login flow.
Allowed Callback URLs: these are the authorised redirect URIs where Dcisive can send users after successful authentication. Only URLs listed here will be accepted during the OAuth flow. Each URL must be entered on a new line.
Allowed Logout Redirect URLs: these URLs define where users may be redirected after signing out. Each logout URL must be entered on a new line.
Machine to Machine
The following information is provided for Machine to Machine authentication:
Basic Information
The Basic Information section defines how your external application is registered within Dcisive.
Application Name: the display name of the external application.
Type: defaulted to the selected application type from the previous screen (Regular Web App).
Domain: the Dcisive authentication domain used to initiate OAuth requests.
External applications must direct authentication requests to this domain.Client ID: the unique identifier assigned to your registered external application.
This value must be included in all OAuth authentication requests made to Dcisive.Client Secret: a confidential credential used by server-based applications to securely authenticate with Dcisive. The client secret must be stored securely on your backend server and must never be exposed in browser-based code or public repositories.
Machine to Machine applications do not require callback or redirect URLs, as no user browser redirection occurs during authentication.
Saving External App Connection
Select the "Save" button to save the external application connection:
A list of saved external connections is visible in the "</> API" page:
