OAuth Apps

You can create and manage your own OAuth applications directly in the app.

Open your user settings, switch to Development, and use the Owned OAuth Applications section.

What you can do there

create a new OAuth application
edit its name
update allowed redirect URIs
choose whether the app requires a client secret
rotate the client secret for confidential apps
copy the client id
reveal and copy the client secret when one is enabled; it stays hidden by default in the list
delete the app

Leave Require a client secret off for public clients that cannot safely store secrets.
Turn it on for server-side integrations that can keep the client secret private.
Turning Require a client secret off removes the previously stored client secret for that app and signs out existing OAuth sessions for it.
Authorize links must request explicit read, write, or delete scopes. Links without valid scopes are blocked instead of defaulting to broad access.
If a confidential app secret leaks, rotate it from the owned-app list instead of creating a new client id from scratch.
Rotating a client secret signs out existing OAuth sessions for that app, so connected integrations need to authorize again with the new secret.

The Authorized OAuth Applications list is separate from the apps you own.

Use that list when you want to revoke an app's access to your account. Use the owned-app list when you want to edit or delete the application itself.

If you prefer automation, the same owner-management actions are also available in the REST API under /consumer/v1/oauth/clients.

Deleting an OAuth application immediately breaks further OAuth API access for that app, even if it still had unexpired tokens.