---
title: "Create OAuth app"
description: "Store your BYOK client_id and client_secret for a platform."
section: "API reference"
url: https://dravo.dev/docs/api/oauth/create-app
---
# Create OAuth app

Store your own `client_id` and `client_secret` for a platform. The secret is
encrypted at rest. To use the Connect flow, also set `allowed_return_urls`, the
list of URLs the flow is permitted to redirect your users back to.

#### `POST /v1/oauth-apps`

Create a BYOK OAuth app config (your client_id/client_secret). The secret is encrypted and never returned.

**Auth:** API key (`dra_…`) or dashboard JWT

| Field | In | Type | Required | Description |
| --- | --- | --- | --- | --- |
| `platform` | body | string | yes | instagram \| facebook \| x \| linkedin \| tiktok. |
| `name` | body | string | yes | 1 to 120 chars. |
| `client_id` | body | string | yes | Your app's client id / client key. |
| `client_secret` | body | string | yes | Your app's client secret (stored encrypted). |
| `allowed_return_urls` | body | string[] | no | Allowlist (up to 20) of URLs the Connect flow may redirect users back to. Matched by origin + path prefix. |

Request:

```json
{
  "platform": "x",
  "name": "My X App",
  "client_id": "…",
  "client_secret": "…",
  "allowed_return_urls": [
    "https://app.acme.com/connect"
  ]
}
```

Response `201`: Created.

```json
{
  "id": "oa_1",
  "platform": "x",
  "redirect_uri": "https://api.dravo.dev/v1/oauth/x/callback",
  "scopes": [
    "tweet.write",
    "tweet.read",
    "users.read",
    "offline.access",
    "media.write"
  ],
  "allowed_return_urls": [
    "https://app.acme.com/connect"
  ]
}
```