List Your OpenID Connect Clients

Endpoint URL: {identityDomain} /{customerId} /config/clients


Returns information about all the OpenID Connect (OIDC) clients associated with a customer, including public clients, confidential clients, and configuration clients.

The Akamai Identity Cloud supports two types of OIDC clients:

  • Confidential clients. Clients capable of securely maintaining a client secret: confidential clients require that secret when authenticating with the token endpoint. These clients can be used by both end-user facing applications and machine-to-machine applications.

    The Identity Cloud also supports configuration clients. Like confidential clients, configuration clients have a client secret. However, configuration clients are not employed to help manage user logins and registrations; instead, these clients are used to acquire access tokens needed to call other OpenID Connect configuration endpoints. Because they aren’t used for logins and registrations, configuration clients are not assigned a login policy and are not associated with an application client. If your API response includes a confidential client that doesn’t have a login policy or an application client, that’s a configuration client.

  • Public clients. Clients (such as native mobile apps and single page apps) that are not capable of securely maintaining a client secret; as a result, public clients don’t have client secrets. Instead, public clients use PKCE (Proof Key for Code Exchange) to authenticate with the token endpoint. Public clients can only be utilized by end-user facing applications.

Respects the API Client Allow List: No


This endpoint requires token-based authentication. To obtain an access token, you must use a confidential client (using the client ID as the username and the client secret as the password) to access the /{customerId}/login/token endpoint. The access token returned from the token endpoint is then used in the Authorization header of your API call. For example, if you get back the access token Ki712dpGq5GPQcsxMHY6ShHY7wU_iTs0o9dPx4TEzf5yLIvddjnDVBJxjPDucf5YVB then your Authorization header will look like this when using Curl:

-H 'Authorization: Bearer Ki712dpGq5GPQcsxMHY6ShHY7wU_iTs0o9dPx4TEzf5yLIvddjnDVBJxjPDucf5YVB'

In Postman, set the Authorization Type to Bearer and use the access token as the value of the Token field.

Path Parameters

Path parameters that must be included in the request are listed in the following table:





Unique identifier of the customer associated with the OIDC clients. Note that any one customer can have multiple OIDC clients.

Sample Request (Curl)

The following command returns information about all the OIDC clients associated with the customer 01000000-0000-3000-9000-000000000000:

curl -X GET \ \
  -H 'Authorization: Bearer Ki712dpGq5GPQcsxMHY6ShHY7wU_iTs0o9dPx4TEzf5yLIvddjnDVBJxjPDucf5YVB' 


200 OK

If your call to this endpoint succeeds, you'll get back information about all the OIDC clients associated with the specified customer:

    "total": 2,
    "_embedded": {
        "clients": [
                "id": "b83fff95-a685-49db-a019-84d03275f7a0",
                "name": "Akamai Documentation Login Client",
                "_links": {
                    "self": {
                        "href": "/01000000-0000-3000-9000-000000000000/config/clients/b83fff95-a685-49db-a019-84d03275f7a0"
                "id": "d4266439-dbb1-46ab-8976-1d192325b828",
                "name": "Akamai Training Login Client",
                "_links": {
                    "self": {
                        "href": "/01000000-0000-3000-9000-000000000000/config/clients/d4266439-dbb1-46ab-8976-1d192325b828"

Response Codes

The following table includes information about some of the response codes that you might encounter when calling this endpoint.

Response CodeDescription


Authentication required or Invalid credentials. You either did not specify an authentication method for the call (this endpoint requires token-based authentication) or the token was rejected. In the latter case, this could be because the token is not valid or because the token has expired.


Forbidden. You do not have permission to access the requested resource.