Register Your Application
To integrate with Fabi-SC ID, you need to register your application in the Developer Dashboard.
Prerequisites
- A Fabi-SC ID account
- A domain you own and can verify
Creating an Application
- Log in to Fabi-SC ID
- Go to the Developer Dashboard
- Click “Create Application”
- Fill in the required information:
Required Fields
| Field | Description |
|---|---|
| Name | Your application’s name (1-128 characters) |
| Domain | The domain where your application runs (e.g., example.com) |
| Description | A brief description of your application (at least 3 words, max 1024 characters) |
Optional Fields
| Field | Description |
|---|---|
| Homepage URL | Your application’s homepage |
| Privacy Policy URL | URL to your privacy policy (shown to users during login) |
| Callback URL | Where users are redirected after login |
| Webhook URL | URL to receive webhook notifications (must use a domain, no IP addresses) |
Note: App Icon and Background Image are uploaded separately in the application settings after creation.
Domain Verification
Before your application can be used, you must verify ownership of your domain. This prevents others from impersonating your application.
Method 1: DNS TXT Record
- In your application settings, click “Verify Domain”
- Copy the verification token
- Add a TXT record to your domain’s DNS:
fabi-sc-id-verify=<your-verification-token> - Wait for DNS propagation (can take up to 24 hours)
- Click “Verify via DNS”
Method 2: HTTP File
- In your application settings, click “Verify Domain”
- Copy the verification token
- Create a file at:
https://yourdomain.com/.well-known/fabi-sc-id-verification.txt - The file should contain only the verification token (no extra whitespace)
- Click “Verify via HTTP”
Note: HTTP verification requires HTTPS. The file must be accessible via https://.
Credentials
After creating your application, you receive:
- Client ID: Your application’s public identifier (shown as “ID” in settings)
API Keys
API Keys are created separately in your application settings. You can have multiple API keys per application.
To create an API key:
- Go to your application settings
- Scroll to the “API Keys” section
- Click “Create Key”
- Copy the key immediately - it won’t be shown again!
Important: Keep your API keys secret. If compromised, revoke them immediately. Consider rotating your keys periodically.
Webhook Secret
If you configure a webhook URL, you need to generate a webhook secret:
- Go to your application settings
- Scroll to the “Webhooks” section
- Click “Rotate Secret”
- Copy the secret immediately - it won’t be shown again!
Use this secret to verify that webhook requests are authentic. You can rotate the secret at any time.
Scopes
Scopes define what user data your application can access. Configure which scopes your application needs:
| Scope | Description | Data |
|---|---|---|
openid | User identifier | Always included |
username | Username | User’s unique username |
display_name | Display name | User’s chosen display name |
avatar | Profile picture | URL to user’s avatar |
locale | Language | User’s preferred language |
email | Email address | User’s email |
email_verified | Email status | Whether email is verified |
date_of_birth | Date of birth | User’s birth date |
first_name | First name | User’s first name |
last_name | Last name | User’s last name |
bio | Biography | Short bio (max 160 chars) |
website_links | Websites | User’s website URLs (max 5) |
timezone | Timezone | User’s IANA timezone |
Required vs Optional Scopes
You can configure scopes as:
- Required: User must grant these to use your application
- Optional: User can choose whether to grant these
Users see all requested scopes during login and can toggle optional scopes.
Token Lifetime
Configure how long user tokens remain valid:
- Days (0-365)
- Hours (0-23)
- Minutes (0-59)
Default is 1 day. After expiration, redirect users to the login page to get a new token.
Allowed Origins
Configure which origins can make API requests to fetch user data. At least one origin is required.
When you create an application, the default origin is set to https://yourdomain.com based on your configured domain.
Origins must:
- Include the protocol (e.g.,
https://example.com) - Use a domain name (IP addresses are not allowed)