XWMS Docs xwms.nl
On this page What a client user is Verification flow Why email alone is not enough Revoking access

XWMS API Client Users and Verification

How XWMS API client users, approvals, and verification work.

Client Users and Verification

Client users are XWMS users who approve an API client to access specific data or actions.

XWMS API page

What a client user is

A client user connects an XWMS account to an API client. The connection stores which client was approved, which scopes were granted, and whether the access is active.

Verification flow

  1. The user starts an OAuth or API authorization flow.
  2. XWMS shows the requested access.
  3. The user confirms the allowed scopes.
  4. XWMS stores the approved relationship.
  5. Future API requests can use the approved scopes until access is revoked or expires.

Why email alone is not enough

External providers can show the same email in different ways, and emails can change. XWMS should rely on stable provider identifiers, client user records, and stored approvals instead of only matching by email address.

Revoking access

Users can manage linked external accounts and API access from the account area. Sensitive changes can require account unlock.