diff --git a/src/Identity/IdentityServer/DynamicClientStore.cs b/src/Identity/IdentityServer/DynamicClientStore.cs
index 9d7764bf42..d7e589a093 100644
--- a/src/Identity/IdentityServer/DynamicClientStore.cs
+++ b/src/Identity/IdentityServer/DynamicClientStore.cs
@@ -37,7 +37,7 @@ internal class DynamicClientStore : IClientStore
         if (firstPeriod == -1)
         {
             // No splitter, attempt but don't fail for a static client
-            if (_staticClientStore.ApiClients.TryGetValue(clientId, out var client))
+            if (_staticClientStore.Clients.TryGetValue(clientId, out var client))
             {
                 return Task.FromResult<Client?>(client);
             }
diff --git a/src/Identity/IdentityServer/StaticClientStore.cs b/src/Identity/IdentityServer/StaticClientStore.cs
index e6880b7670..cab7844f47 100644
--- a/src/Identity/IdentityServer/StaticClientStore.cs
+++ b/src/Identity/IdentityServer/StaticClientStore.cs
@@ -1,6 +1,7 @@
 using System.Collections.Frozen;
 using Bit.Core.Enums;
 using Bit.Core.Settings;
+using Bit.Identity.IdentityServer.StaticClients;
 using Duende.IdentityServer.Models;
 
 namespace Bit.Identity.IdentityServer;
@@ -9,16 +10,17 @@ public class StaticClientStore
 {
     public StaticClientStore(GlobalSettings globalSettings)
     {
-        ApiClients = new List<Client>
+        Clients = new List<Client>
         {
             new ApiClient(globalSettings, BitwardenClient.Mobile, 60, 1),
             new ApiClient(globalSettings, BitwardenClient.Web, 7, 1),
             new ApiClient(globalSettings, BitwardenClient.Browser, 30, 1),
             new ApiClient(globalSettings, BitwardenClient.Desktop, 30, 1),
             new ApiClient(globalSettings, BitwardenClient.Cli, 30, 1),
-            new ApiClient(globalSettings, BitwardenClient.DirectoryConnector, 30, 24)
+            new ApiClient(globalSettings, BitwardenClient.DirectoryConnector, 30, 24),
+            SendClientBuilder.Build(globalSettings),
         }.ToFrozenDictionary(c => c.ClientId);
     }
 
-    public FrozenDictionary<string, Client> ApiClients { get; }
+    public FrozenDictionary<string, Client> Clients { get; }
 }
diff --git a/src/Identity/IdentityServer/ApiClient.cs b/src/Identity/IdentityServer/StaticClients/ApiClient.cs
similarity index 100%
rename from src/Identity/IdentityServer/ApiClient.cs
rename to src/Identity/IdentityServer/StaticClients/ApiClient.cs
diff --git a/src/Identity/IdentityServer/StaticClients/SendClientBuilder.cs b/src/Identity/IdentityServer/StaticClients/SendClientBuilder.cs
new file mode 100644
index 0000000000..55e5e9a1e9
--- /dev/null
+++ b/src/Identity/IdentityServer/StaticClients/SendClientBuilder.cs
@@ -0,0 +1,31 @@
+using Bit.Core.Enums;
+using Bit.Core.IdentityServer;
+using Bit.Core.Settings;
+using Bit.Identity.IdentityServer.RequestValidators;
+using Duende.IdentityServer.Models;
+
+namespace Bit.Identity.IdentityServer.StaticClients;
+public static class SendClientBuilder
+{
+    public static Client Build(GlobalSettings globalSettings)
+    {
+        return new Client()
+        {
+            ClientId = BitwardenClient.Send,
+            AllowedGrantTypes = new[] { SendAccessGrantValidator.GrantType },
+            AccessTokenLifetime = 60 * 5, // 5 minutes
+
+            // Do not allow refresh tokens to be issued.
+            AllowOfflineAccess = false,
+
+            // Send is a public anonymous client, so no secret is required (or really possible to use securely).
+            RequireClientSecret = false,
+
+            // Allow web vault to use this client.
+            AllowedCorsOrigins = new[] { globalSettings.BaseServiceUri.Vault },
+
+            // Setup API scopes that the client can request in the scope property of the token request.
+            AllowedScopes = new string[] { ApiScopes.Send },
+        };
+    }
+}