> ## Documentation Index
> Fetch the complete documentation index at: https://docs.stackone.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Connect InvGate Asset Management with OAuth 2.0 (Client Credentials) – StackOne Hub

> Link a InvGate Asset Management account in the StackOne Hub using OAuth 2.0 (Client Credentials). End-user guide to authorize the integration and start using InvGate Asset Management actions.

<section data-guide-section data-guide-scopes="">
  <h2>Generate OAuth Client Credentials in InvGate</h2>

  <p>Sign in to your InvGate Asset Management tenant as an administrator at `https://<your-instance>.cloud.invgate.net` and create an OAuth credential set. The Client ID and Client Secret only appear after you save the credential set for the first time.</p>

  <Steps>
    <Step title="Find your Instance Host">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>The subdomain of your InvGate tenant — the part before `.cloud.invgate.net` in your URL. e.g. for `https://gabbro.is.cloud.invgate.net` enter `gabbro.is`.</p>

        <ul>
          <li>The tenant URL is also included in your InvGate welcome email — use the <strong>Log in to Asset Management</strong> link there to get the full URL.</li>
        </ul>
      </div>
    </Step>

    <Step title="Open the API settings page">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>In your tenant, click the <strong>Settings</strong> gear icon in the left sidebar, then go to <strong>Integrations → API</strong> (the \</> icon labelled *Manage API access credentials*).</p>
      </div>
    </Step>

    <Step title="Create a credential set">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>In the <strong>Integrations</strong> section, click <strong>+ Add</strong> to open the credential creation form. Enter a <strong>Name</strong> (e.g. "StackOne Integrations"). Decide whether StackOne should have write access:</p>

        <ul>
          <li>Leave <strong>Read-only access</strong> *disabled* if you want StackOne to be able to create, update and delete records.</li>
          <li>Enable <strong>Read-only access</strong> if you want StackOne limited to `GET` requests.</li>
        </ul>
      </div>
    </Step>

    <Step title="Save and copy the Client ID and Client Secret">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>Click <strong>Save</strong>. Then click the <strong>Edit</strong> button (pencil icon) on the newly created integration to reveal the <strong>Client ID</strong> and <strong>Client Secret</strong> — copy both into the corresponding fields in the StackOne Hub.</p>
      </div>
    </Step>

    <Step title="Pick the Scope that matches your InvGate credential">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>The <strong>Scope</strong> dropdown in the StackOne Hub should reflect the <strong>Read-only access</strong> setting on the OAuth credential in InvGate. The account will connect either way — the scope only controls which actions actually run. If the OAuth credential in InvGate is read-only, write actions (create/update/delete) will return <strong>403 Forbidden</strong> at execution time regardless of what you pick here.</p>

        <ul>
          <li>Read-only access *disabled* in InvGate → select <strong>Read & Write</strong> in the Hub to enable create/update/delete actions.</li>
          <li>Read-only access *enabled* in InvGate → select <strong>Read only</strong> in the Hub. Write actions will return 403 because InvGate denies write access at the credential level.</li>
        </ul>
      </div>
    </Step>
  </Steps>
</section>

<div data-whitelabel-hide>
  <h2>Linking the Account from the Hub</h2>

  <Steps>
    <Step title="Navigate to the Hub">
      Use one of the three <a href="/guides/accounts-section#linking-accounts">Linking Account Methods</a> to access the Hub.
    </Step>

    <Step title="Fill out the fields">
      Fill out the following fields using details from your provider:

      <ul>
        <li><strong>Instance Host</strong></li>
        <li><strong>Client ID</strong></li>
        <li><strong>Client Secret</strong></li>
        <li><strong>Scope</strong></li>
      </ul>
    </Step>

    <Step title="Connect">
      <ul>
        <li>Click <strong>Connect</strong></li>
        <li>If applicable, the provider will redirect you to a sign-in or authorization page. Complete the provider's authorization flow.</li>
        <li>Once authorization is successful, you will see a confirmation popup</li>
      </ul>
    </Step>
  </Steps>

  <p>If the account linking is successful, you will see the newly linked account in your <a href="/guides/accounts-section">Accounts</a> page.</p>
</div>
