> ## Documentation Index
> Fetch the complete documentation index at: https://developers.vendaze.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Register Your App

> Get your client credentials to start building a Vendaze integration.

Before your app can authenticate Vendaze users, you need to register it. Registration is open to any developer with no approval process. Your credentials arrive by email within seconds.

<Tip>
  Don't have a Vendaze account yet? [Create one free](https://app.vendaze.com/register). New
  accounts include a 14-day trial so you can build and test your integration before requesting
  access from real users.
</Tip>

<Note>
  Each email address can only be associated with one registered app. If you need to update your
  app's name, redirect URIs, or rotate credentials, use the [rotate app](/en/guides/rotate-app)
  endpoint instead of registering again.
</Note>

## What you need

* A valid email address to receive the credentials (one app per email address)
* At least one HTTPS redirect URI for your OAuth callback
* A decision on which scopes your integration needs

## Register via API

Send a `POST` to `/v1/auth/register-app`:

```bash theme={null}
curl -X POST https://api.vendaze.com/v1/auth/register-app \
  -H "Content-Type: application/json" \
  -d '{
    "app_name": "My Integration",
    "email": "dev@yourapp.com",
    "description": "Syncs contacts and deals between Vendaze and MyApp",
    "avatar_url": "https://yourapp.com/assets/logo.webp",
    "redirect_uris": ["https://yourapp.com/oauth/callback"],
    "scopes": ["people:read", "people:write", "deals:read"]
  }'
```

**Response (201):**

```json theme={null}
{
  "data": {
    "app_name": "My Integration",
    "client_id": "9a8b7c6d-5e4f-3a2b-1c0d-9e8f7a6b5c4d",
    "avatar_url": "https://storage.vendaze.com/assets/integrations/myintegration.jpg",
    "message": "Credentials sent by email."
  }
}
```

If the email address is already associated with a registered app, the request is rejected:

**Response (409):**

```json theme={null}
{
  "error": {
    "code": "conflict",
    "message": "An app is already registered with this email address.",
    "request_id": "01966b3e-7c2a-7000-8f1e-4d3b2a1c0e9f"
  }
}
```

To update an existing app or rotate its credentials, use the [rotate app](/en/guides/rotate-app) endpoint with your `client_id` and registered email.

Your `client_secret` is sent **only by email** and never returned in the API response. Store it securely as soon as you receive it.

## Request parameters

| Parameter       | Type      | Required | Description                                                                                                         |
| --------------- | --------- | -------- | ------------------------------------------------------------------------------------------------------------------- |
| `app_name`      | string    | Yes      | Integration name shown to users on the consent screen. Max 100 chars.                                               |
| `email`         | string    | Yes      | Email where credentials will be sent. Each address can only be associated with one registered app.                  |
| `description`   | string    | No       | Short description of what your app does. Max 500 chars.                                                             |
| `avatar_url`    | string    | No       | HTTPS URL of your app logo. Accepted formats: JPEG, PNG, WebP, GIF, BMP, TIFF. Max 2MB.                             |
| `redirect_uris` | string\[] | Yes      | One or more HTTPS URIs for the OAuth callback. Exact match required.                                                |
| `scopes`        | string\[] | Yes      | Scopes your app needs. The user sees the full list on the consent screen and approves or denies everything at once. |

The `avatar_url` in the response is always a `https://storage.vendaze.com` URL.

## Redirect URIs

URIs must be exact HTTPS URLs. Wildcards and patterns are not accepted:

```
Accepted:  https://yourapp.com/oauth/callback
Accepted:  https://yourapp.com/integrations/vendaze/callback
Rejected:  https://yourapp.com/oauth/*
Rejected:  http://yourapp.com/callback
```

During local development, `http://localhost` and `http://127.0.0.1` are accepted.

You can register multiple redirect URIs for different environments. At authorization time, the `redirect_uri` in the request must exactly match one of the registered URIs.

## Available scopes

| Scope                 | Description                          |
| --------------------- | ------------------------------------ |
| `people:read`         | Read contacts (people)               |
| `people:write`        | Create, update, delete people        |
| `companies:read`      | Read companies                       |
| `companies:write`     | Create, update, delete companies     |
| `deals:read`          | Read deals                           |
| `deals:write`         | Create, update, delete deals         |
| `tasks:read`          | Read tasks                           |
| `tasks:write`         | Create, update, delete tasks         |
| `activities:read`     | Read activities                      |
| `activities:write`    | Create, delete activities            |
| `products:read`       | Read products                        |
| `products:write`      | Create, update, delete products      |
| `tags:read`           | Read tags                            |
| `tags:write`          | Create, update, delete tags          |
| `lists:read`          | Read lists                           |
| `lists:write`         | Create, update, delete lists         |
| `custom_fields:read`  | Read custom fields and their values  |
| `custom_fields:write` | Create, update, delete custom fields |

Requesting a scope during registration does not guarantee access will be granted. On the consent screen, the user sees all requested scopes and can only approve or deny access in full. Individual scope selection is not possible.

<Warning>
  Your `client_secret` is shown only once, in the email you receive after registration. If you lose
  it, you can rotate your credentials using your `client_id` and registered email. Never commit it
  to version control or include it in client-side code.
</Warning>

## Next step

With your `client_id` and `client_secret`, you are ready to implement the OAuth flow. See [Authentication](/en/guides/authentication) to authorize your first user, or [Rotate app credentials](/en/guides/rotate-app) if you need to update your app later.

Once your integration is fully built and live, you can apply for the [Verified badge](/en/guides/verified-app) to have your app listed in the Vendaze marketplace and marked as trusted on the consent screen.
