I’m encountering some difficulty locating the Client ID (Application ID) and Client Secret for our Third-Party Application within our Foundry instance and was hoping someone might have insights into the process.
We are trying to integrate our application programmatically with Foundry APIs and require these OAuth 2.0 client credentials. I have reviewed the general documentation, including:
Checking the Overview page of the application in the Developer Console.
Navigating to the “OAuth & scopes” section of the application settings.
However, I haven’t been able to clearly identify where the Client ID is displayed or how to manage and create Client Secrets for this specific application. There doesn’t seem to be a dedicated “Client Secrets” section or a readily visible Client ID in these locations.
Could anyone provide general guidance or point me towards any specific documentation regarding:
The typical location of the Client ID for Third-Party Applications?
The process for creating or accessing Client Secrets for these application types?
Any common prerequisites or configurations that might need to be in place to enable OAuth client functionality?
I understand that specific account details cannot be shared publicly, but any general advice on the standard process or common pitfalls in locating these credentials would be greatly appreciated.
The “OAuth & scopes” section that you mentioned should be the relevant place to view and manage the information you’re interested in:
https://www.palantir.com/docs/foundry/ontology-sdk/navigation/#oauth–scopes
The Client ID should be displayed at the top of the page.
Client secrets are only present for confidential OAuth clients when a secret can be securely stored. The client secret will be shown only once when creating an application that uses a confidential OAuth client. If you require rotating the client secret you should be able to perform this in the Client secret row directly under the Client ID.
There are no other common prerequisites or configurations that need to be in place to enable OAuth client functionality. The standard OAuth authorization_code or client_credentials grant types can be used depending on the type of client chosen:
https://www.palantir.com/docs/foundry/ontology-sdk/permissions/#permission-types
Is this an Ontology SDK app or not? In other words, when you created it, did you select yes or no on this step?
If you selected no: the client id (and client secret if one exists – see below) will be at the top of the “OAuth & permissions” tab of the applications as shown in this screenshot. Note that the client id is blank in the screenshot but will be populated in your case. This scenario is outlined in the documentation here.
If you selected yes: the client id will be shown under “Application metadata” on the “Overview” tab of the application, directly underneath “Application RID”. The client id and more OAuth details are also shown on the “OAuth & scopes” tab under “App credentials” as seen in this screenshot and outlined in the documentation here.
Regarding the client secret, this is not generated for public clients. If on the “Application type” step of creating the app, you only selected “Client facing application” then there will be no client secret. This is because public clients cannot safely store a client secret. In this case, you will need to implement Proof Key for Code Exchange (PKCE) as outlined here. Confidential clients, on the other hand, can safely store a client secret so if you selected “Backend service” under “Application type” then a client secret should have been generated. PKCE is still recommended but not required.
If after reviewing the above you are still unable to find a client id (and secret if you believe there should be one), then please can you share the exact steps you took to create the third-party application, including the choices made at each step.
