Skip to content
Cloudflare API
Start here
API Reference
IAM
OAuth Clients

Update OAuth Client

PATCH/accounts/{account_id}/oauth_clients/{oauth_client_id}

Update an existing OAuth client. Only include fields you want to update.

Security
API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY
API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194
Accepted Permissions (at least one required)
OAuth Client Write
Path ParametersExpand Collapse
account_id: string

Account identifier tag.

maxLength32
minLength32
oauth_client_id: string

The unique identifier for an OAuth client.

Body ParametersJSONExpand Collapse
allowed_cors_origins: optional array of string

Array of allowed CORS origins.

client_name: optional string

Human-readable name of the OAuth client.

client_uri: optional string

URL of the home page of the client.

grant_types: optional array of "authorization_code" or "refresh_token"

Array of OAuth grant types the client is allowed to use. authorization_code is required; refresh_token may be included optionally.

One of the following:
"authorization_code"
"refresh_token"
logo_uri: optional string

URL of the client’s logo.

policy_uri: optional string

URL that points to a privacy policy document.

post_logout_redirect_uris: optional array of string

Array of allowed post-logout redirect URIs.

redirect_uris: optional array of string

Array of allowed redirect URIs for the client.

response_types: optional array of "token" or "id_token" or "code"

Array of OAuth response types the client is allowed to use.

One of the following:
"token"
"id_token"
"code"
scopes: optional array of string

Array of OAuth scopes the client is allowed to request. Colon-delimited scopes are not accepted. Dot-delimited scopes are validated against available OAuth API scopes; simple identity scopes are allowed. Protocol scopes offline_access and openid are added or removed automatically based on grant_types and response_types.

token_endpoint_auth_method: optional "none" or "client_secret_basic" or "client_secret_post"

The authentication method the client uses at the token endpoint.

One of the following:
"none"
"client_secret_basic"
"client_secret_post"
tos_uri: optional string

URL that points to a terms of service document.

visibility: optional "public"

Promote the OAuth client from private to public visibility. Only public is accepted; demotion to private is not supported. Promotion requires a non-empty client name, logo URI, verified client URI host, and at least one non-identity scope.

ReturnsExpand Collapse
errors: array of object { code, message, documentation_url, source }
code: number
minimum1000
message: string
documentation_url: optional string
source: optional object { pointer }
pointer: optional string
messages: array of object { code, message, documentation_url, source }
code: number
minimum1000
message: string
documentation_url: optional string
source: optional object { pointer }
pointer: optional string
success: true

Whether the API call was successful.

result: optional object { client_id, visibility, allowed_cors_origins, 16 more }

Fields shared by OAuth client responses and create/update requests.

client_id: string

The unique identifier for an OAuth client.

visibility: "public" or "private"

Visibility of the OAuth client.

One of the following:
"public"
"private"
allowed_cors_origins: optional array of string

Array of allowed CORS origins.

client_name: optional string

Human-readable name of the OAuth client.

client_uri: optional string

URL of the home page of the client.

client_uri_verification: optional object { status, text }

Client URI domain control verification state.

status: optional "pending" or "in_progress" or "verified" or "failed"

Current verification status for the client URI host.

One of the following:
"pending"
"in_progress"
"verified"
"failed"
text: optional string

Exact TXT record value that must be added to DNS to prove ownership of the client URI host.

created_at: optional string

Timestamp when the OAuth client was created.

formatdate-time
grant_types: optional array of "authorization_code" or "refresh_token"

Array of OAuth grant types the client is allowed to use. authorization_code is required; refresh_token may be included optionally.

One of the following:
"authorization_code"
"refresh_token"
has_rotated_secret: optional boolean

Indicates whether the client has a rotated secret that has not yet been deleted.

logo_uri: optional string

URL of the client’s logo.

policy_uri: optional string

URL that points to a privacy policy document.

post_logout_redirect_uris: optional array of string

Array of allowed post-logout redirect URIs.

redirect_uris: optional array of string

Array of allowed redirect URIs for the client.

response_types: optional array of "token" or "id_token" or "code"

Array of OAuth response types the client is allowed to use.

One of the following:
"token"
"id_token"
"code"
scopes: optional array of string

Array of OAuth scopes the client is allowed to request. Colon-delimited scopes are not accepted. Dot-delimited scopes are validated against available OAuth API scopes; simple identity scopes are allowed. Protocol scopes offline_access and openid are added or removed automatically based on grant_types and response_types.

token_endpoint_auth_method: optional "none" or "client_secret_basic" or "client_secret_post"

The authentication method the client uses at the token endpoint.

One of the following:
"none"
"client_secret_basic"
"client_secret_post"
tos_uri: optional string

URL that points to a terms of service document.

updated_at: optional string

Timestamp when the OAuth client was last updated.

formatdate-time

Update OAuth Client

curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/oauth_clients/$OAUTH_CLIENT_ID \
    -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
    -d '{
          "allowed_cors_origins": [
            "https://example.com"
          ],
          "client_name": "My OAuth App",
          "client_uri": "https://example.com",
          "grant_types": [
            "authorization_code",
            "refresh_token"
          ],
          "logo_uri": "https://example.com/logo.png",
          "policy_uri": "https://example.com/privacy",
          "post_logout_redirect_uris": [
            "https://example.com/logout"
          ],
          "redirect_uris": [
            "https://example.com/callback"
          ],
          "response_types": [
            "code"
          ],
          "scopes": [
            "account.read"
          ],
          "token_endpoint_auth_method": "client_secret_post",
          "tos_uri": "https://example.com/tos",
          "visibility": "public"
        }'
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": {
    "client_id": "a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4",
    "visibility": "private",
    "allowed_cors_origins": [
      "https://example.com"
    ],
    "client_name": "My OAuth App",
    "client_uri": "https://example.com",
    "client_uri_verification": {
      "status": "in_progress",
      "text": "cloudflare_oauth_client_publisher=example"
    },
    "created_at": "2025-01-01T00:00:00Z",
    "grant_types": [
      "authorization_code",
      "refresh_token"
    ],
    "has_rotated_secret": false,
    "logo_uri": "https://example.com/logo.png",
    "policy_uri": "https://example.com/privacy",
    "post_logout_redirect_uris": [
      "https://example.com/logout"
    ],
    "promoted_at": "2026-05-13T12:00:00Z",
    "redirect_uris": [
      "https://example.com/callback"
    ],
    "response_types": [
      "code"
    ],
    "scopes": [
      "account.read"
    ],
    "token_endpoint_auth_method": "client_secret_post",
    "tos_uri": "https://example.com/tos",
    "updated_at": "2025-01-01T00:00:00Z"
  }
}
Returns Examples
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": {
    "client_id": "a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4",
    "visibility": "private",
    "allowed_cors_origins": [
      "https://example.com"
    ],
    "client_name": "My OAuth App",
    "client_uri": "https://example.com",
    "client_uri_verification": {
      "status": "in_progress",
      "text": "cloudflare_oauth_client_publisher=example"
    },
    "created_at": "2025-01-01T00:00:00Z",
    "grant_types": [
      "authorization_code",
      "refresh_token"
    ],
    "has_rotated_secret": false,
    "logo_uri": "https://example.com/logo.png",
    "policy_uri": "https://example.com/privacy",
    "post_logout_redirect_uris": [
      "https://example.com/logout"
    ],
    "promoted_at": "2026-05-13T12:00:00Z",
    "redirect_uris": [
      "https://example.com/callback"
    ],
    "response_types": [
      "code"
    ],
    "scopes": [
      "account.read"
    ],
    "token_endpoint_auth_method": "client_secret_post",
    "tos_uri": "https://example.com/tos",
    "updated_at": "2025-01-01T00:00:00Z"
  }
}