> ## Documentation Index
> Fetch the complete documentation index at: https://docs.refold.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Using OpenAPI Spec doc

> Create a custom app by using the OpenAPI Spec doc link

To create a custom app using OpenAPI, click on `+ Add App` in the **Custom Apps** section of Refold, choose `Create using OpenAPI Spec`.

<img height="200" src="https://mintcdn.com/cobalt-55/yYFE4rj1UK1LIP4D/images/Guides/Platform/custom-app.png?fit=max&auto=format&n=yYFE4rj1UK1LIP4D&q=85&s=2866b2e61010bf55c7b3502d23856397" alt="Custom App in the Apps list in Refold" data-path="images/Guides/Platform/custom-app.png" />

Provide the **Name**, **Description** and **OpenAPI Spec URL** and click on `Create`.

<Note>
  If the OpenAPI Spec URL is not valid, the app creation will not be performed.
</Note>

Once done, this has created a Custom App for you and all the actions of API Endpoints by using the OpenAPI Spec documentation.

But you still need to configure the **Authorization** of your app.

## Configure Authorization

Custom Apps support multiple authentication methods. To setup the Authorization for the Custom App, navigate to `Authorization` in the App and choose the desired method.

The methods of **Authorization** are:

<Accordion title="Key Based ">
  If the Custom App requires API Key based authentication, select `Key Based`. It requires users to set up an API for generating access tokens.

  <img height="200" src="https://mintcdn.com/cobalt-55/vPGojg1WCLHlMpWZ/images/Guides/Platform/key.png?fit=max&auto=format&n=vPGojg1WCLHlMpWZ&q=85&s=6805e2b9da6dec492ae381102085c801" alt="Key-based authorization" data-path="images/Guides/Platform/key.png" />

  Follow the steps below to setup your custom app:

  <Steps>
    <Step title="Select Key Auth type">
      Select either of **Basic Auth**, **Bearer Token** or **API Key** as the auth mechanism.
    </Step>

    <Step title="Configure User Input Fields">
      Add the input fields that will be visible to your users asking for the required API credentials and click on `Save`.
    </Step>

    <Step title="Map Auth fields">
      Once you have added the required user input fields, map those fields now to setup auth data.

      <img height="200" src="https://mintcdn.com/cobalt-55/vPGojg1WCLHlMpWZ/images/Guides/Platform/key-setup.png?fit=max&auto=format&n=vPGojg1WCLHlMpWZ&q=85&s=75fec73dceef2f629a2a18c8dbff83f9" alt="Key-based authorization setup" data-path="images/Guides/Platform/key-setup.png" />
    </Step>

    <Step title="Add Base URL">
      Provide the Base URL of the API endpoints for the custom app and the key code for Invalid API Credentials.
    </Step>

    <Step title="Setup Identifier and Validation">
      Optionally, you can also provide an endpoint which will be called to perform validation of the provided credentials.

      <Tip>
        Its recommended to provide a GET API endpoint to perform validation, so as to avoid modifying any data using the credentials.
      </Tip>

      <img height="200" src="https://mintcdn.com/cobalt-55/vPGojg1WCLHlMpWZ/images/Guides/Platform/key-valid.png?fit=max&auto=format&n=vPGojg1WCLHlMpWZ&q=85&s=5f4cad9cea2243021019ef9d3504d151" alt="Key-based auth validation" data-path="images/Guides/Platform/key-valid.png" />
    </Step>
  </Steps>

  <Check>
    Congratulations!

    You have successfully setup a Key based Custom Application in Refold.
  </Check>
</Accordion>

<Accordion title="OAuth 2.0 ">
  If you want to provide OAuth 2.0 type authorization, select `OAuth 2.0` in the methods.

  <img height="200" src="https://mintcdn.com/cobalt-55/vPGojg1WCLHlMpWZ/images/Guides/Platform/oauth_setup.png?fit=max&auto=format&n=vPGojg1WCLHlMpWZ&q=85&s=cd2b6a44d16de6e207a5bd790ac97eca" alt="OAuth 2.0 authorization" data-path="images/Guides/Platform/oauth_setup.png" />

  Follow the steps below to configure OAuth mechanism for your custom app:

  <Steps>
    <Step title="Provide OAuth Credentials">
      Add the **Client ID**, **Client Secret** and the **Scopes** of the developer OAuth 2.0 app that you have created.

      <Warning>
        Ensure that you add the provided `Callback URL` in your developer OAuth 2.0 app.
      </Warning>
    </Step>

    <Step title="Add Authorization and Token URL">
      Add the Authorization and Token URL required for OAuth authentication in the provided fields, select `Client Authentication` type and `Save`.

      <Info>
        You can find both the URLs from the Authentication documentation of the custom app that you are setting up.
      </Info>
    </Step>

    <Step title="Setup Refresh Mechanism and API Base URL">
      In the `API Setup` section, provide the **Base URL** for the APIs and appropriate code i.e. **Expired Access Token Codes** which is received on token expiry for the Refresh mechanism to work.

      <img height="200" src="https://mintcdn.com/cobalt-55/vPGojg1WCLHlMpWZ/images/Guides/Platform/oauth_refresh.png?fit=max&auto=format&n=vPGojg1WCLHlMpWZ&q=85&s=8eb7594fbf6fe4cd928c33545115020b" alt="OAuth 2.0 Refresh mechanism" data-path="images/Guides/Platform/oauth_refresh.png" />
    </Step>

    <Step title="Extract Access Token & Refresh Token">
      In the `Auth Tokens Data` section, you will provide the mapping using which the tokens can be extracted once received on callback on successful authorization.

      Usually an object is received after authorization which will be saved as `access_token_response` on Refold's end and you need to provide the key mapping of the required fields from the object.
    </Step>

    <Step title="Setup Identifier">
      Optionally, you can also provide an endpoint which will be called and used to set a field from the API response to use as an identifier for the user.

      <Tip>
        Its recommended to provide a GET API endpoint to perform validation, so as to avoid modifying any data using the credentials.
      </Tip>

      <img height="200" src="https://mintcdn.com/cobalt-55/vPGojg1WCLHlMpWZ/images/Guides/Platform/oauth_tokens.png?fit=max&auto=format&n=vPGojg1WCLHlMpWZ&q=85&s=cd36b360eeed734e2b187c0536621f13" alt="Setup an Identifier of your users" data-path="images/Guides/Platform/oauth_tokens.png" />
    </Step>
  </Steps>

  <Check>
    Congratulations!

    You have successfully setup a OAuth 2.0 Custom Application in Refold.
  </Check>
</Accordion>

<Accordion title="No Auth">
  Select this option if no authentication is required for accessing the custom app.
</Accordion>

## Configure Actions

By using the OpenAPI Spec doc, actions were created in your integration. You can check all the actions that were created by navigating to **Custom Actions** tab of the app.

<img height="200" src="https://mintcdn.com/cobalt-55/vPGojg1WCLHlMpWZ/images/Guides/Platform/custom_app_actions.png?fit=max&auto=format&n=vPGojg1WCLHlMpWZ&q=85&s=cf2e9259eb930c29a8af841380123699" alt="Custom Actions created in Custom App" data-path="images/Guides/Platform/custom_app_actions.png" />

You can also edit an existing action or add a new action if required from this tab.

To create an action, click on the `New Action` button and provide a **Name** and **Description**.

Add any required or optional **Fields** for the API and add the API under `API Call` section.

<Note>
  Provide the API by breaking it into 2 parts i.e. Base URL and the Endpoint.
</Note>

<Tip>
  Adding a new action is similar process to how you add an API Proxy in Refold. Refer [here](https://docs.gocobalt.io/build/basics/proxies).
</Tip>

<Check>
  You have successfully created a Custom App in Refold using the OpenAPI Spec documentation.
</Check>