What is a Custom App in OnePlan

Direct Answer: What are Custom Apps in OnePlan?

Custom Apps in OnePlan allow organizations to securely authenticate and interact with OnePlan APIs using OAuth 2.0 and user-context authentication. Each Custom App registration provides a Client ID and optionally a Client Secret, enabling external applications to access data based on the permissions of the authenticated user and the selected group.

Custom Apps are the integration model in OnePlan — creating or enabling a Custom App registration defines how an external system connects and authenticates, replacing legacy approaches such as shared integration keys with a more secure, user-based model.

What you will understand

How Custom Apps enable integrations in OnePlan

How scope controls where Custom Apps are available

How Custom Apps are discovered and enabled across groups and organizations

Who This Article Is For: Custom Apps

A group administrator who needs to create or manage integrations in OnePlan
A developer building an external application that connects to OnePlan APIs
An IT administrator responsible for secure authentication and access control

This article is conceptual. For step-by-step instructions, see the related tasks in What to Do Next.

How Custom Apps Work in OnePlan

Context: Custom Apps as the Integration Model

In OnePlan, Custom Apps are the primary way to integrate external systems. Creating or enabling a Custom App registration defines how an application authenticates and accesses APIs — there is no separate integration workflow outside of this feature.

Context: User-Context API Access

Custom Apps use OAuth 2.0 to authenticate users. API access is issued through tokens that reflect the permissions of the authenticated user, ensuring that integrations only access data the user is authorized to see.

Context: Scope and Availability

The Scope setting determines where a Custom App can be used:

Group — the Custom App is available only in the group that created it
Organization — the Custom App can be discovered and enabled by other groups in your organization through the Browse App Registrations panel
Global — the Custom App is published by OnePlan Platform and available across all customers through the Browse App Registrations panel

Context: App Discovery and Enablement

Custom Apps are not automatically available in every group. Groups must explicitly enable a Custom App by finding it in the Browse App Registrations panel and selecting Add Consent. This ensures each group independently controls which integrations are active.

Key Components of Custom Apps

Custom App Registration
A configuration in OnePlan that defines how an external application authenticates and connects using OAuth 2.0.

Client ID
A unique identifier used during OAuth authentication to identify the Custom App.

Client Secret
A secure credential used by confidential Custom Apps when exchanging authorization codes for tokens. Shown only once at registration — store it securely.

Scope
A setting that determines whether a Custom App is available only in the current group (Group), across your organization (Organization), or across all OnePlan customers (Global).

Browse App Registrations Panel
A panel where group administrators can find and enable Custom Apps registered at Organization or Global scope.

Add Consent
An action that enables a selected Custom App for a group so users can authenticate and use it.

Public Client
A configuration for Custom Apps that cannot securely store a client secret. Public clients use PKCE instead of a client secret.

PKCE (Proof Key for Code Exchange)
A security mechanism that protects OAuth authorization flows, especially for public clients.

How Custom Apps Fit Into OnePlan

Integrations
Custom Apps are the mechanism used for all external integrations with OnePlan APIs.

Security and Access Control
Authentication is based on user identity and permissions rather than shared credentials, improving security and auditability.

Cross-Group Collaboration
Custom Apps registered at Organization scope can be shared across groups within your organization and enabled where needed using the Browse App Registrations panel.

Common Scenarios: When to Use Custom Apps

A team creates a Custom App registration that connects an internal application to OnePlan APIs using Group scope.
An organization creates a Custom App registration with Organization scope so other groups can enable it.
A group administrator enables a platform-provided Custom App (for example, Claude or Postman) from the Global tab in the Browse App Registrations panel.
A development team configures a public client Custom App using PKCE for a browser-based application.
An organization implements AI-driven workflows that require secure, permission-based access to OnePlan data.

Frequently Asked Questions: Custom Apps

What is the role of Custom Apps in OnePlan integrations?

In OnePlan, Custom Apps are the primary way to create integrations, providing OAuth 2.0-based authentication and user-context API access without requiring a separate integration setup process.

What does the Scope setting control in OnePlan?

In OnePlan, the Scope setting determines where a Custom App is available. Group scope limits the Custom App to the creating group. Organization scope makes it discoverable by other groups in your organization. Global scope applies to Custom Apps published by OnePlan Platform and available across all customers.

What is the difference between the Global and Organization tabs in the Browse App Registrations panel?

In OnePlan, the Global tab shows Custom Apps published by OnePlan Platform (such as Claude and Postman), while the Organization tab shows Custom Apps registered within your organization that have been shared across groups.

Why do I need to use Add Consent for a Custom App?

In OnePlan, selecting Add Consent enables a Custom App for a specific group so users can authenticate and use the integration within that group. Custom Apps are not enabled automatically, even when registered at Organization or Global scope.

Do Custom Apps automatically have access to all data in OnePlan?

No. In OnePlan, all API access is limited to the permissions of the authenticated user and the group selected during sign-in, ensuring controlled and secure access.

What to Do Next: Custom Apps

Get started with related tasks

Related to