> ## Documentation Index
> Fetch the complete documentation index at: https://docs.binarly.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Setup API Client

Set up Machine-to-Machine (M2M) authentication for automated integrations and CI/CD pipelines.

## SaaS Customers

<Warning>
  **Request Required** SaaS customers cannot create M2M credentials themselves. Contact [support@binarly.io](mailto:support@binarly.io) to request API credentials for your organization.
</Warning>

When contacting support, please provide:

* Your organization name
* Intended use case (CI/CD, automation, integration)
* Any specific permission requirements

You will receive:

* **Client ID** - Your API client identifier
* **Client Secret** - Your secure API key
* **Auth URL** - Your authentication endpoint

Once you receive your credentials, proceed to [M2M Authentication](/api-reference/authentication/get-m2m-token).

## On-Premises Customers

On-Premises customers have full access to Keycloak and can create API clients directly.

### Step 1: Navigate to Keycloak

1. Open your Keycloak Admin Console: `https://<YOUR_KEYCLOAK_HOST>/admin`
2. Click on **Administration Console** to log in with your administrator credentials.

<img src="https://mintcdn.com/binarly-bee2cf27/6V1U5G3a8j111qJt/images/authentication/keycloak-admin-login.png?fit=max&auto=format&n=6V1U5G3a8j111qJt&q=85&s=dff422be778094a732407f4d24e9aa59" alt="Keycloak Welcome Page" width="1363" height="579" data-path="images/authentication/keycloak-admin-login.png" />

### Step 2: Select Realm

From the dropdown menu in the top-left corner, select **BinarlyRealm** (or your organization's designated realm).

<img src="https://mintcdn.com/binarly-bee2cf27/6V1U5G3a8j111qJt/images/authentication/keycloak-dashboard.png?fit=max&auto=format&n=6V1U5G3a8j111qJt&q=85&s=6ff6938c561c600c2c1b91ebb069ab14" alt="Select BinarlyRealm" width="274" height="293" data-path="images/authentication/keycloak-dashboard.png" />

### Step 3: Create a Client

1. Select **Clients** from the left-hand menu.
2. Click **Create client**.

<img src="https://mintcdn.com/binarly-bee2cf27/6V1U5G3a8j111qJt/images/authentication/client-credentials-secret.png?fit=max&auto=format&n=6V1U5G3a8j111qJt&q=85&s=ed1500221e3845669d9a944a93d749d5" alt="Clients List" width="1915" height="731" data-path="images/authentication/client-credentials-secret.png" />

#### General Settings

* **Client type**: OpenID Connect
* **Client ID**: Enter a descriptive ID (e.g., `api-client` or `ci-cd-automation`).
* **Name**: (Optional) Enter a friendly name.

<img src="https://mintcdn.com/binarly-bee2cf27/6V1U5G3a8j111qJt/images/authentication/clients-list.png?fit=max&auto=format&n=6V1U5G3a8j111qJt&q=85&s=53a66f6a7a7d0e03f7f94065bb0f5419" alt="Create Client - General Settings" width="1378" height="757" data-path="images/authentication/clients-list.png" />

Click **Next**.

#### Capability Config

* **Client authentication**: **On** (This enables Client Credentials).
* **Authorization**: Off (unless specifically required).
* **Authentication flow**:
  * Uncheck "Standard flow", "Direct access grants", etc.
  * Ensure **Service accounts roles** is **Checked**.

<img src="https://mintcdn.com/binarly-bee2cf27/6V1U5G3a8j111qJt/images/authentication/create-client-id.png?fit=max&auto=format&n=6V1U5G3a8j111qJt&q=85&s=b4e02c565bd7da94a332aca86f016fc5" alt="Client Capability Config" width="1115" height="762" data-path="images/authentication/create-client-id.png" />

Click **Next** and then **Save**.

### Step 4: Obtain Credentials

1. After saving, select the **Credentials** tab at the top of the client details page.
2. Copy the **Client Secret**. This is your secure key for API access.

<img src="https://mintcdn.com/binarly-bee2cf27/u8BuktMpRXCWwcq-/images/authentication/realm-selection.png?fit=max&auto=format&n=u8BuktMpRXCWwcq-&q=85&s=29f5fa8724f047339453507ecee79a4d" alt="Client Credentials" width="1213" height="723" data-path="images/authentication/realm-selection.png" />

> <Warning>
>   Store this secret securely. If lost or compromised, regenerate it immediately using the "Regenerate" button on this page.
> </Warning>

## Next Steps

Now that you have your Client ID and Secret, you are ready to generate an access token.

[Go to M2M Authentication ->](/api-reference/authentication/get-m2m-token)