Company/Classroom/Enterprise Settings - Developer

To create an app that opens in the Onshape UI for internal use or testing:

1. Register the app with Onshape.
2. Create an extension for the app in the Onshape UI.
3. Assign users to the app.

To publish the app to the Onshape App Store for end users:

1. Authenticate with OAuth2.
2. Create an app store entry.
3. Complete the Launch Checklist

1. Click the OAuth applications link on the Developer page to see a list of all your apps:

   

2. Click the Create new OAuth application button.

3. Fill out the form:

   • Name - Name of the application displayed to users.

   • Primary format - String that uniquely identifies your application and is a marker for the data it might store on Onshape servers (e.g.,com.example.example). Cannot be changed after the application is registered. Not displayed to users.

   • Summary - Description of the application, shown to the user when they’re asked to grant the application permission to access their data.

   • Redirect URLs - URL to which you are redirected after authentication; the landing page of your application.

     • Your application must specify at least one URL used in the OAuth protocol exchanges.

     • This URL must also use SSL (a URL that begins with https), with two exceptions applicable for installed desktop applications: http://localhost:<port> and urn:ietf:wg:oauth:2.0:oob.

   • Type - Application type: Integrated Cloud App, Connected Cloud App, or Connected Desktop App.

   • OAuth URL - URL used to start the OAuth2 process to authenticate the user. See Developer Docs: OAuth2 for details.

     • Should contain the URL of your deployed application.

     • This is the first URL called from the Onshape Applications page.

     • The page hosted at this URL should handle the OAuth authentication. Once your application’s server has been authenticated on behalf of the user, that user should be redirected to your applications content.

     • If you have not deployed your app yet, you can leave this field blank for local work and update it later.

       All applications submitted to the Onshape App Store for public use must authenticate properly with OAuth2. See Developer Docs: OAuth2 for details.

   • Settings

     • Supports collaboration - Check if you wish to collaborate with other users when developing the application.

   • Permissions - See Permission scopes below.

4. Click Create application.

5. Copy the OAuth secret key from the window.

   You will not be able to access this secret key again. This secret is unique to you and your app. It should be protected like any sensitive password and never checked into source code.

6. The app's OAuth application entry appears with the Details tab active. Selecting the app name on the OAuth applications page now brings you to this screen.

Use the tabs on this screen to:

• Details:

  • Create a store entry for the app

  • Transfer ownership of the app

  • Delete the app

• Settings: Manage app settings

• Keys and secret:
  • Copy the OAuth client identifier key
  • Regenerate a new OAuth client secret key

• Permissions: Modify app permission scopes

• Extensions: Manage app extensions

• Onshape OAuth: Manage Onshape authentication

• External OAuth: Manage third-party authentication

See the Onshape Developer Documentation for more information, including: properly authenticating with OAuth2 and completing Launch Checklist. See the Hello World tutorial for a working example.

1. Click OAuth applications on the Developer page, then select your application.

2. Click the Extensions tab.

   

3. Click Add extension.

4. Fill out the form:

   • Name: Can be truncated in the UI if it is too long.

   • Description (optional): Does not appear in the Onshape UI, but could appear in the authentication grant process.

   • Location: Where the extension exists in the Onshape UI.

     • See Supported Locations and Contexts in the Developer Docs.

     • You can create only one element tab extension per application.

   • Context: Some locations work in the context of a selection, such as inside a Part Studio.

     • See Supported Locations and Contexts in the Developer Docs.

   • Action URL: Locations that embed a UI use the action URL to define the address of the page to display. The action URL is used to specify the REST endpoint if the location is an action (context menu, toolbar item, action in dialog etc.) and the action type is GET or POST. If the location is an action and the action is Open in new window, the action URL is the URL to open in the new window.

     • See Action URL parameters in the Developer Docs for a list of parameters that can be used in this field.

   • Action type: Applicable for locations that do not embed UIs. Supported action types are:

     • GET - This makes a GET API call using the action URL. Parameter replacement is done on the action URL.

     • POST - This makes a POST API call using the action URL and the action body as the post body. Parameter replacement is done on both the action URL and the action body.

     • Open in new window - This opens the action URL in a new browser window. Parameter replacement is done on the action URL.

   • Action body: Only applicable for POST action types. The action body is passed in a POST API call and must be in a valid JSON format.

   • Show response: This is only applicable if the action type is GET or POST. When selected, the UI waits for a response and shows the response in a dialog in the UI. The response must be in a valid JSON format.

   • Icon: The icon is displayed where the extension exist, which can include an icon in an Info panel, context menu action, toolbar button, action button in a dialog, or other supported locations.

5. Click OK.

For more information on creating and managing Onshape applications, please see the Onshape Developer Docs. Please see the Hello World tutorial for a working example.

Admins can add internal users to applications for testing before submitting to the Onshape App Store. Users added here automatically see the associated app extensions in their Onshape UI, without having to subscribe via the app store.

1. Once your app is registered, click Applications in the left pane.

2. Select the application in the list.

   

3. Begin typing the name or email of a user, team, or alias in the Add users or teams field, and select a result from the list. The admin who created the app is automatically in the Users list. Continue adding names or emails.

   

4. Click the Add button.

Light users cannot be added to applications.

To remove a user, alias, or team from the app, click its X icon in the Remove column.

1. In your Developer settings, click OAuth applications.
2. Click the name of the app to transfer.
3. Click the Transfer ownership button on the Details tab. The Transfer dialog opens.

   

4. Select an option to transfer the app to an individual, company, or enterprise.
5. To transfer to an individual, enter the name or email of the new owner in the search field. To transfer ownership to a company or enterprise, select an option from the dropdown.
6. Click Transfer Ownership. The application is removed from your OAuth apps list.
   • If the app is transferred to an individual account, they receive an email notification and the app appears in their Onshape Developer Portal.
   • If the app is transferred to someone in a Company/Classroom/Enterprise, all Admins receive an email notification and the app appears in their Developer Settings.

Future API call consumption and billing will be attributed to the new owner. See API Limits for details.

Before submitting an app to the Onshape App Store, see the Onshape Developer Documentation for requirements, including properly authenticating with OAuth2 and completing Launch Checklist.

To review, edit, or delete an existing Onshape App Store entry, click Store entries in your Developer settings, then select the entry to modify.

To create a new store entry for an OAuth application:

1. In your Developer settings, click OAuth applications.

2. Click the app name in the list.

3. Click Create store entry on the app's Details page.

   

4. Fill out the form:

   

   • Name - Automatically set from the app name provided during registration.

   • Summary - Automatically set from the summary provided during registration.

   • Type - Application type: Integrated Cloud App, Connected Cloud App, or Connected Desktop App. This should match the Type that was selected when registering the OAuth application.

   • Category - Select the appropriate category for your app.

   • Team Visibility - Choose to make the private app store entry visible to no internal users (default), all internal users, or specific teams.

   • Description - User-facing description of the application. Limited formatting allowed.

   • Support URL - URL or email users of your app should be directed to for assistance. This must be actively monitored.

   • Support Email - Email that should receive app subscription notifications. This must be actively monitored.

   • Vendor - Your company name.

   • Version - Current version of this application.

   • Images - Optionally upload summary, hero, and other images.

5. Click Create.

The application appears in the Onshape App Store as private. It is viewable only to you and any internal teams specified in Team Visibility settings. To make the app public, see the Launch Checklist next.

1. Click Developer in the left pane of your company settings.
2. If your app has an Onshape App Store entry, delete that first:
   1. Click Store entries on the Developer page.
   2. Click the store entry to delete.
   3. Click Delete store entry on the Details tab.
      
   4. Click Delete again to confirm.
   5. Click Developer in the left pane or breadcrumbs to return the Developer landing page.
3. Click OAuth applications in the Developer settings.
4. Click the application to delete.
5. Click Delete application on the Details tab.
   
6. Click Delete again to confirm.

All applications submitted to the Onshape App Store (Onshape Apps) must follow the instructions on the API Guide: OAuth2 page and use OAuth2 for authorization. Automation scripts (or applications not meant for the Onshape App Store) may use either OAuth2 or API Keys for authentication. OAuth2 allows applications to call Onshape APIs on behalf of the users of the application; API keys will only perform operations on behalf of the Onshape user who generated the API keys.

API keys are a useful way create small applications meant for personal use, allowing developers to avoid the overhead of the OAuth workflow.

API keys are used to authenticate an application, not its users. (OAuth2 authenticates an application and users of the application by ensuring the users are authorized to access Onshape.) Once you create an API key, it is valid only in the stack on which it was created. An API key created on companyName.onshape.com will not function on cad.onshape.com.

API keys that are not associated with a company or enterprise can be managed through the My Account - Developer page.

Viewing API keys

1. In your Company/Classroom/Enterprise Developer settings, click API keys
2. Review the API keys available for the company.
   
   

Creating API keys

1. In your Company/Classroom/Enterprise Developer settings, click API keys
2. Click Create new API key.
   
3. Provide a name for the API key in the Name field.

4. Assign the API key to someone in the company. You can search by name or email in the User field.

5. Choose the permissions for the keys. See Permission scopes below.
6. Click the Create API key button.

7. In the pop-up window, copy the API key and secret key shown, save them somewhere, then click the Close button.

   You will not be able to access this secret key again. This secret is unique to you and your app. It should be protected like any sensitive password and never checked into source code.

   

8. For information on authenticating your applications with API keys, see API Guide: Authentication.

Deleting API keys

1. Click the "X" icon to the right of the API key you wish to delete.
2. Confirm that you want to delete this API key for all users. This action cannot be undone. Click Delete to confirm.
   

The following permission scopes are available when creating OAuth applications:

• Application can read your profile information (OAuth2ReadPII) - Check to allow the application access to information on your profile.

• Application can read your documents (OAuth2Read) - Check to allow the application read access to your documents.

• Application can write to your documents (OAuth2Write) - Check to allow the application write access to your documents.

• Application can delete your documents and workspaces (OAuth2Delete) - Check to allow the application access to delete your documents and workspaces.

• Application can request purchases on your behalf (OAuth2Purchase) - Check to allow the application the ability to make purchase for you.

• Application can share and unshare documents on your behalf (OAuth2Share) -  Check to allow the application the ability to share and unshare your documents.