# Setting Up an App

### App Registration

* Register at <https://btibadges.io/developer> -> OAuth Apps
* Take note of your client ID / secret

### Key Components

#### 1. Client ID

* Unique identifier for your app
* Assigned upon registration

#### 2. Client Secret

* Cryptographic key for API authentication
* Keep confidential; never expose in client-side code. Treat like a password.
* Required to fetch user authentication details

#### 3. Redirect URIs

* Endpoints where users are redirected after authentication
* Must be pre-registered and use HTTPS
* Not needed for delayed/QR code authentication. Only for immediate digital redirects.

### Security Notes

* Treat client secret as securely as a password
* Ensure exact match between registered and used redirect URIs (if applicable)
* Use HTTPS for all redirects for security reasons