Register an Internal Application on the Egnyte Developer Portal
To connect Egnyte with StackOne using the Resource Owner Password Credentials grant, you need to create an Internal Application on the Egnyte Developer Portal. This will generate the API Key and API Secret required for integration, which map to client_id and client_secret in the token request.
Sign in to the Egnyte Developer Portal
Open your browser and navigate to the Egnyte Developer Portal. Click Sign In in the top-right corner, then enter your Email and Password and click SIGN IN. Use an account tied to an active Egnyte Domain Admin — API keys requested by a non-admin will be declined.

Open the Apps page
Click your account email in the top-right corner to open the account dropdown, then click Apps. You land on the My Apps page.

Create a new App
On the My Apps page, click + NEW APP in the top-right corner to open the New App form.

Fill in the app details
Complete the Overview section of the New App form. The Registered OAuth
Redirect URI field is not required for Internal Applications — leave it blank — and
Current User Base and Platform can stay at their defaults.
- App Name — a display name for the app (for example,
Internal Integration). - Description — a short description of the integration.
- Egnyte Domain — the customer’s Egnyte subdomain, without the
.egnyte.comsuffix. For example, fromhttps://acme.egnyte.comenteracme. Trial domains are not eligible for API keys. - App Icon URL (optional) — URL to an image file (PNG, max 100px by 100px).
- Type — choose Internal Application. Egnyte reserves this type for apps “built by Egnyte customers for use within their own organization” and enables the Resource Owner Password Credentials grant on the issued key. The Redirect URI is only used by Publicly Available Application — leave it blank here.

Request access to the APIs
Scroll to the APIs section and click Request on the row for Prod Collaborate — this API grouping covers filesystem, comments, links, permissions, users, groups, search, trash, and events. Also request Prod_SnG if the integration needs Secure & Govern APIs. Enable the scopes required for your use case:

Save the app
Click SAVE at the bottom-right of the form. For Internal Applications Egnyte issues the API Key and API Secret immediately with Status: Approved — no external review queue applies to internal keys on eligible plans.
Copy the API Key and API Secret
Open the app from My Apps and scroll to the API Keys section on the app profile.
- In the Key column, click the copy icon (Copy API key) to copy the API Key. This value maps to
client_idin the token request. - In the Secret column, click Show secret to reveal the API Secret, then click the copy icon (Copy secret) to copy it. This value maps to
client_secretin the token request. All Egnyte keys issued after January 2015 require a secret. - Paste the API Key into the API Key field on the StackOne Linked Account.
- Paste the API Secret into the API Secret field on the StackOne Linked Account.

Find the Egnyte Domain
Every Egnyte account is scoped to a unique subdomain of egnyte.com. StackOne needs that subdomain to build the token URL (https://{domain}.egnyte.com/puboauth/token) and every subsequent API endpoint.
Sign in to the Egnyte account
Open your browser and go to the customer’s Egnyte sign-in URL — the address they normally use to reach Egnyte, in the form https://acme.egnyte.com (replace acme with the customer’s subdomain).
Locate the Egnyte subdomain
On the Egnyte Sign in page (and in the browser address bar) you will see the workspace URL. The part before .egnyte.com is the Egnyte Domain. For example, if the sign-in page shows app4stackone.egnyte.com, the Egnyte Domain is app4stackone.
- Enter only the subdomain part — omit any scheme prefix, the
.egnyte.comsuffix, and any trailing path. - The domain contains only letters, numbers, and hyphens — no spaces or special characters.
- Trial domains are not eligible for the Egnyte Public API.

Prepare Domain Admin credentials for the password grant
The Resource Owner Password Credentials grant exchanges a Domain Admin’s username and password for a token pair. Prefer a dedicated integration user account so token revocation doesn’t disrupt individual admins, and rotate the credentials if they are ever exposed.
Confirm the account is a Domain Admin
Only Domain Admins on the customer’s Egnyte tenant can be exchanged for tokens with the required API scopes. Record the account’s Egnyte login Username (not email address) and Password.
Enter the credentials on the StackOne Linked Account
Paste the Domain Admin username into the Egnyte Username field and the password into the Egnyte Password field. These values are sent as username and password in the grant_type=password request to /puboauth/token. If Egnyte returns a 403 INVALID_USERNAME_OR_PASSWORD error, retest with a password that has no special characters — Egnyte docs flag form-encoding edge cases here.
Linking the Account from the Hub
Navigate to the Hub
Fill out the fields
- Egnyte Domain
- API Key
- API Secret
- Egnyte Username
- Egnyte Password
- OAuth Scopes (Optional)
If the account linking is successful, you will see the newly linked account in your Accounts page.