/getting-started/application-accounts/index.htmlOverview Application accounts (service accounts) let you run server-to-server workflows with OAuth 2.0 client credentials. Tokens issued for these accounts carry the role and ABAC scopes configured when the account was created, so they enforce the same permissions as user tokens. Prerequisites Access to the Bloomeo web app and the permissions to create application accounts. The application account’s clientId and clientSecret. The secret is only shown once when you create the account. The Cognito domain for your environment (for example app.auth.eu-west-3.amazoncognito.com). The API host you will call (for example api.app.bloomeo-app.com). Scope: bloomeo-services/all. Create an application account In the Bloomeo web app, open Configuration → Users → Application accounts. Click Create application account, fill the name/description, pick the role, and choose the ABAC toggles you need. After creation, copy the clientId and clientSecret. Store them securely (password manager, secret store). If the secret is lost, delete the account and create a new one to rotate credentials. Warning Keep the client secret private. Tokens minted with the secret inherit the permissions of the associated role.Hugoen-us