# Creating and Managing API Client in CrowdStrike's Console

## 1. Introduction

ClientId and ClientSecret are required in order to make requests using the OAuth2.0 workflow to CrowdStrike's API client.

## 2. Prerequisites

Before you begin, ensure you have:

- Access to the CrowdStrike Falcon Console
- Administrator privileges


## 3. Creating API Client

### Step 1: Access the CrowdStrike Falcon UI Console

- Log in to your CrowdStrike Console instance with administrative privileges.


### Step 2: Create an API Client, generate ClientId/ClientSecret with proper scope

- Go to the **Support and resources > Resources and tools > API Client and keys** section where an API Client can be managed.
- Create an API Client
- Provide a Client name and a related description with **read** permissions for the following Scopes
  - Alerts
  - Apps
  - Custom IOA rules
  - Detections
  - Device control policy
  - Hosts
  - Assets
  - Indicators
  - Incidents
  - IOC Management
  - IOCs (Indicators of Compromise)
  - Zero Trust Assessment
- The following scope should be given **write** access:
  - Hosts
- Create the new API Client.
- Securely store the generated Client ID, Secret and Base URL


## 4.  Configure the Integration

**URL**
This is the Base URL from where the Falcon API Client credentials came.
[CrowdStrike Base URLs](https://falcon.us-2.crowdstrike.com/documentation/page/a2a7fc0e/crowdstrike-oauth2-based-apis#k9578c40)

**ClientId**
This is the Client Id gathered in step 2

**ClientSecret**
This is the Client Secret gathered in step 2

***Note***
The token_url should not be set/configured when configuration the Integration.

## 5. Important Links in CrowdStrike's Documentation

- [CrowdStrike OAuth2-Based APIs](https://falcon.us-2.crowdstrike.com/documentation/page/a2a7fc0e/crowdstrike-oauth2-based-apis)