This article explains how to provision and manage OAuth credentials for the FUGA Catalog & Distribution API (Application Programming Interface) directly in the FUGA Interface. Users will learn how to create a Client ID and Client Secret pair, exchange them for an access token, and revoke credentials safely when they are no longer needed. This guides Primary Account users through integration setup.
API credentials are required to authenticate machine-to-machine integrations with the FUGA Catalog & Distribution API. Your integration exchanges the Client ID and Client Secret for a short-lived access token at the API gateway, then uses that token on subsequent API calls.
Navigate to My organization > API credentials in the FUGA Interface. The API credentials tab is visible when all three of the following conditions are met:
API access is enabled on your account
Your user role has the Organization management permission
The account is a Primary Account. Subaccounts do not see the tab.
If the tab is not visible and you expect to have access, contact your FUGA representative or reach out via our support channel.
Creating a credential
Navigate to My organization > API credentials
Click Create credential.
Enter a name for the credential that identifies the integration, for example distribution-pipeline-prod.
Select the permissions the credential should have.
Click Save.
The FUGA Interface returns a new Client ID and Client Secret pair.
Note: The Client Secret is shown once at creation time. Copy it into your integration's secret store before closing the dialog. You will not be able to see it again afterward; if you lose it, revoke the credential and create a new pair.
Using a credential at the API gateway
Your integration exchanges the Client ID and Client Secret for an access token at the API gateway, then uses the returned token in the Authorization header on subsequent FUGA Catalog & Distribution API calls.
For the token exchange request shape, the access token TTL, and example code, see the FUGA Catalog & Distribution API documentation.
Revoking a Credential
Navigate to My organization > API credentials
Locate the credential row you want to revoke.
Click Revoke.
Confirm in the dialog.
Revocation is immediate. Any access tokens already issued under that credential continue to work until their TTL expires; no new tokens can be exchanged for that Client ID and Client Secret after revocation.
To rotate a credential, create a fresh credential pair, update your integration to use it, verify the integration works, and revoke the old credential.
Subaccounts
Subaccounts cannot create their own API credentials. The API credentials tab is hidden in subaccount contexts; credentials are managed at the Primary Account level only.
If you operate one or more subaccounts and want to interact with their catalogs via the FUGA Catalog & Distribution API, see the FUGA Catalog & Distribution API documentation for how subaccounts are addressed on API requests.
If you require assistance with API credentials or your integration, contact your FUGA representative or reach out via our support channel.