OAuth Apps

You can create and manage your own OAuth applications directly in the app.

Open your user settings, switch to Development, and use the Owned OAuth Applications section.

What you can do there

create a new OAuth application
edit its name
update allowed redirect URIs
choose whether the app requires a client secret
rotate the client secret for confidential apps
copy the client id
reveal and copy the client secret when one is enabled; it stays hidden by default in the list
delete the app

Leave Require a client secret off for public clients that cannot safely store secrets.
Turn it on for server-side integrations that can keep the client secret private.
Turning Require a client secret off removes the previously stored client secret for that app and signs out existing OAuth sessions for it.
Public apps use a browser-safe authorization flow.
Apps request explicit read, write, or delete access when a user authorizes them.
Older tokens with pre-release custom scopes are treated as read-only until the app is authorized again with explicit scopes.
Authorizing or revoking an OAuth app requires your signed-in Bnder session.
Do not put a client secret in a public link.
If a confidential app secret leaks, rotate it from the owned-app list instead of creating a new client id from scratch.
Rotating a client secret signs out existing OAuth sessions for that app, so connected integrations need to authorize again with the new secret.

The Authorized OAuth Applications list is separate from the apps you own.

Use that list when you want to revoke an app's access to your account. Use the owned-app list when you want to edit or delete the application itself.

Deleting an OAuth application immediately breaks further OAuth API access for that app, even if it still had unexpired tokens.