# Internal Applications > **BETA** Internal Applications are a special class of Applications that are designed to access **just one** Organizational Unit. They are designed to allow developers of internal applications to have full access to the APIs for all members of an Organizational Unit without having to implement OAuth authorization flows. For example, if you are building an internal CRM application, you can use an Internal Application to access details for all members of your company's Cronofy Organizational Unit and generate scheduling requests for them. ### Creating an Internal Application When you create an Application in the Developer Dashboard you can specify that you want it to be an Internal Application. ![](/developers/application-management/internal-applications/ou-internal-application.06f06ecfcf1efef1600782185f14fc2ffd5447b3627868e34b79eaa6dfccd1be.png) ### Authentication Internal Applications **only** support using the `client_secret` as the Bearer token when authenticating with the API. You can additionally authenticate as an account linked to the Organizational Unit by passing the `sub` value in the `Cronofy-Impersonate` header, eg: ```http POST /v1/scheduler_requests HTTP/1.1 Host: {data_center_url} Authorization: Bearer {API_KEY} Content-Type: application/json; charset=utf-8 Cronofy-Impersonate: acc_5ba21743f408617d1269ea1e { ... } ``` You can obtain this value from the [List Organizational Unit Members](/developers/api-alpha/organizational-unit-members/index.md) end point. ### Supported End Points - [List Organizational Unit Members](/developers/api-alpha/organizational-unit-members/index.md) - [Create Scheduling Request](/developers/api/scheduling-requests/create/index.md) - [Cancel Scheduling Request](/developers/api/scheduling-requests/cancel/index.md) ### Restrictions of Internal Applications They **do not** support the [Individual Connect](/developers/authorization/individual-connect/index.md) or [Enterprise Connect](/developers/authorization/individual-connect/index.md) authorization flows. Any request for authorizations will be rejected --- [Read in HTML](/developers/application-management/internal-applications/)