All Products
Search

This Product

    Resource Access Management:Create an application

    Document Center

    Resource Access Management:Create an application

    Last Updated:Sep 24, 2025

    You can create an OAuth enterprise application in RAM to obtain user information or access Alibaba Cloud APIs.

    Background information

    To provide services to users on both the China site (aliyun.com) and the international site (alibabacloud.com), an application provider must create a separate application for each site.

    Procedure

    1. Log on to the RAM console as a RAM administrator.

    2. In the navigation pane on the left, choose Integrations > OAuth Applications (Public Preview).

    3. On the Enterprise Applications tab, click Create Application.

      image

    4. On the Create Application page, set the application parameters.

      1. Enter an Application Name and a Display Name.

      2. Select an OAuth Protocol Version.

        • 2.0: Complies with the OAuth 2.0 protocol standard.

        • 2.1: Complies with the OAuth 2.1 protocol standard. This version supports dynamic client registration and does not support fixed key authentication.

      3. Select an Application Type.

        • Web Application: A web-based application that interacts with users through a browser.

        • Native Application: A local application that runs on an operating system, such as a desktop or mobile operating system.

        • Server Application: An application that directly accesses Alibaba Cloud services without requiring user logon. Currently, only user synchronization applications based on the System for Cross-domain Identity Management (SCIM) protocol are supported. For more information, see Synchronize internal enterprise accounts to Alibaba Cloud RAM using the SCIM protocol.

      4. Set the Access Token Validity Period.

        The validity period of an access token can range from 900 seconds (15 minutes) to 10,800 seconds (3 hours). The default value is 3,600 seconds (1 hour).

      5. For Web and Native applications, set the Refresh Token Validity Period and Callback Address.

        • Refresh Token Validity Period: The validity period can range from 7,200 seconds (2 hours) to 31,536,000 seconds (1 year). The default value is 2,592,000 seconds (30 days).

        • Callback Address: The destination address where the authorization server redirects the user after successful authorization. This address is typically used to receive an authorization code or perform subsequent operations. Use an HTTPS address. For example, https://example.com/authcallback.

      6. Add OAuth Scopes to define the permissions that the application has when a user logs on to Alibaba Cloud.

        You can also add OAuth scopes after you create the application. For more information, see Manage application scopes.

    5. Click Create Application.