Skip to content

Applications

Manage your applications and their clients. An application requires at least one client, the first client is created automatically and set as default. The application can be configured to use additional clients which can be added later. Application APIs are authorized using an access token of a relevant app or using an admin access token of the management application.

Download OpenAPI description
apps.openapi.json
apps.openapi.yaml
Languages
Servers
Sandbox environment
https://api.sbx.transmitsecurity.io/cis/
Production environment (US)
https://api.transmitsecurity.io/cis/
Production environment (EU)
https://api.eu.transmitsecurity.io/cis/
Production environment (CA)
https://api.ca.transmitsecurity.io/cis/
Production environment (AU)
https://api.au.transmitsecurity.io/cis/

Create client

Request

Create a new client.

Required permissions: apps:create, apps:edit.

Security
ClientAccessToken or AdminAccessToken
Path
appIdstringrequired
Bodyapplication/jsonrequired
Any of:
namestringrequired

Name of the client

Example: "My Client"
descriptionstring

Short description of the client

resourcesArray of strings

List of resources IDs associated with this client

authentication_protocolstring

Authentication protocol used by the client

Default "oidc"
Enum"oidc""saml"
client_group_idstring

Id of client group to associate with

default_custom_claimsArray of strings

List of client default custom claims

Items Enum"tid""fname""lname""mname""email""email_verified""phone_number""phone_number_verified""groups""new_user"
short_cookies_samesite_typestring

Short cookies samesite type. Possible values: "none", "lax", "strict". Default: "lax"

Default "lax"
Enum"lax""none"
redirect_urisArray of stringsrequired

List of URIs approved for redirects for your client

Example: ["https://www.example.com/login"]
client_typestring

Client type

Default "web"
Enum"web""native"
device_authorizationobject
ciba_authorizationobject
is_third_partyboolean

Is third party client

allowed_scopesArray of strings

Allowed scopes

consent_uristring

Consent URI

consent_validity_periodnumber

Consent validity period

pkcestring

PKCE configuration

Enum"enforcePkceInsteadOfClientCredentials""enforcePkceAlongsideClientCredentials""allowPkceAlongsideClientCredentials"
supported_promptsArray of strings

Supported prompts for the OIDC authentication flow

Items Enum"login""consent""none"
Example: ["login","consent","none"]
token_expirationobject
session_expirationnumber

Session expiration time (seconds)

enforce_parboolean

enforce PAR (Pushed Authorization Request) for this client

role_idsArray of strings

Role IDs

fapi_version_compliancyboolean

FAPI 2.0 compliancy configuration

response_typesArray of strings
Default ["code","id_token"]
Items Enum"code""id_token"
Example: ["code"]
authentication_configurationobject
token_endpoint_auth_methodstringDeprecated

This field is deprecated- to configure pkce use "pkce" field instead

Default "client_secret_basic"
Enum"client_secret_basic""self_signed_tls_client_auth""tls_client_auth""none""private_key_jwt"
curl -i -X POST \
  'https://api.sbx.transmitsecurity.io/cis/v1/applications/{appId}/clients' \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{
    "name": "My Client",
    "description": "string",
    "resources": [
      "string"
    ],
    "authentication_protocol": "oidc",
    "client_group_id": "string",
    "default_custom_claims": [
      "tid"
    ],
    "short_cookies_samesite_type": "lax",
    "redirect_uris": [
      "https://www.example.com/login"
    ],
    "client_type": "web",
    "device_authorization": {
      "enabled": false,
      "approval_uri": "https://www.example.com/device/approval",
      "success_uri": "https://www.example.com/device/complete",
      "input_uri": "https://www.example.com/device/start"
    },
    "ciba_authorization": {
      "enabled": false,
      "login_uri": "https://www.example.com/ciba/login"
    },
    "is_third_party": true,
    "allowed_scopes": [
      "string"
    ],
    "consent_uri": "string",
    "consent_validity_period": 0,
    "pkce": "enforcePkceInsteadOfClientCredentials",
    "supported_prompts": [
      "login",
      "consent",
      "none"
    ],
    "token_expiration": {
      "access_token_ttl": 0,
      "refresh_token_ttl": 0,
      "max_refresh_rotate": 0
    },
    "session_expiration": 0,
    "enforce_par": true,
    "role_ids": [
      "string"
    ],
    "fapi_version_compliancy": true,
    "token_endpoint_auth_method": "client_secret_basic",
    "response_types": [
      "code"
    ],
    "authentication_configuration": {
      "method": "client_secret_basic",
      "tls_client_auth": {
        "certificate_chain": "string",
        "distinguished_name": 6,
        "ocsp_on": true,
        "ocsp_responder_uri": "string",
        "ocsp_responder_certificate": "string",
        "ocsp_fail_open": true
      },
      "isMtlsCertTokenBound": true,
      "jwks": {}
    }
  }'

Responses

Bodyapplication/json
Any of:
app_idstringrequired

Application ID

tenant_idstringrequired

Tenant ID

client_idstringrequired

Client ID used for API requests

client_secretstringrequired

Client secret used to obtain tokens for API authorization

namestringrequired

Client name displayed in the Admin Portal

descriptionstringrequired

Short description of your client, displayed in the Admin Portal

resourcesArray of stringsrequired

List of resources this client is allowed to explicitly request access to

created_atstring(date-time)required

Date the client was created

updated_atstring(date-time)required

Date the client was last updated

authentication_protocolstringrequired

Authentication protocol used by the client

Enum"oidc""saml"
client_group_idstringrequired

Id of client group where client is assigned

default_custom_claimsArray of stringsrequired

List of all the custom claims the client wants to receive by default

Items Enum"tid""fname""lname""mname""email""email_verified""phone_number""phone_number_verified""groups""new_user"
short_cookies_samesite_typestring

Short cookies samesite type. Possible values: "none", "lax", "strict". Default: "lax"

Default "lax"
Enum"lax""none"
redirect_urisArray of stringsrequired

List of URIs approved for redirects for your client

client_typestring

Type of client

Default "web"
Enum"web""native"
response_typesArray of strings
Default ["code","id_token","none"]
Items Enum"code""id_token"
Example: ["code"]
pkcestring

PKCE configuration

Enum"enforcePkceInsteadOfClientCredentials""enforcePkceAlongsideClientCredentials""allowPkceAlongsideClientCredentials"
device_authorizationobjectrequired
device_authorization.​enabledbooleanrequired

Determines if the client is allowed to use the OAuth device authorization flow

Default false
device_authorization.​approval_uristringrequired

The URI of the page that allows the user to approve the access request

Example: "https://www.example.com/device/approval"
device_authorization.​success_uristringrequired

Callback URI that receives an indication of whether the end-user authentication was completed successfully.

Example: "https://www.example.com/device/complete"
device_authorization.​input_uristringrequired

The URI of the page that allows the user to enter the code

Example: "https://www.example.com/device/start"
ciba_authorizationobjectrequired
ciba_authorization.​enabledbooleanrequired

Determines if the client is allowed to use the OAuth CIBA authorization flow

Default false
ciba_authorization.​login_uristring

The URI of the page that allows the user to log-in and verify the access request

Example: "https://www.example.com/ciba/login"
supported_promptsArray of stringsrequired

Supported prompts for oidc authentication flow

Items Enum"login""consent""none"
authentication_configurationobject
token_expirationobjectrequired
token_expiration.​access_token_ttlnumber

Access token time-to-live

token_expiration.​refresh_token_ttlnumber

Refresh token time-to-live

token_expiration.​max_refresh_rotatenumber

Maximum time the refresh token can be rotated

session_expirationnumberrequired

Session expiration time (seconds)

enforce_parbooleanrequired

Enforce PAR (Pushed Authorization Request) for this client

fapi_version_compliancybooleanrequired

FAPI compliance

token_endpoint_auth_methodstringDeprecated

This field is deprecated- to configure pkce use "pkce" field instead

Enum"client_secret_basic""self_signed_tls_client_auth""tls_client_auth""none""private_key_jwt"
Response
application/json
{
  "app_id": "string",
  "tenant_id": "string",
  "client_id": "string",
  "client_secret": "string",
  "name": "string",
  "description": "string",
  "resources": [
    "string"
  ],
  "created_at": "2019-08-24T14:15:22Z",
  "updated_at": "2019-08-24T14:15:22Z",
  "authentication_protocol": "oidc",
  "client_group_id": "string",
  "default_custom_claims": [
    "tid"
  ],
  "short_cookies_samesite_type": "lax",
  "redirect_uris": [
    "string"
  ],
  "client_type": "web",
  "response_types": [
    "code"
  ],
  "token_endpoint_auth_method": "client_secret_basic",
  "pkce": "enforcePkceInsteadOfClientCredentials",
  "device_authorization": {
    "enabled": false,
    "approval_uri": "https://www.example.com/device/approval",
    "success_uri": "https://www.example.com/device/complete",
    "input_uri": "https://www.example.com/device/start"
  },
  "ciba_authorization": {
    "enabled": false,
    "login_uri": "https://www.example.com/ciba/login"
  },
  "supported_prompts": [
    "login"
  ],
  "authentication_configuration": {
    "method": "client_secret_basic",
    "tls_client_auth": {},
    "isMtlsCertTokenBound": true,
    "jwks": {}
  },
  "token_expiration": {
    "access_token_ttl": 0,
    "refresh_token_ttl": 0,
    "max_refresh_rotate": 0
  },
  "session_expiration": 0,
  "enforce_par": true,
  "fapi_version_compliancy": true
}

Get all clients

Request

Retrieves a list of clients for an application.

Required permissions: apps:read.

Security
ClientAccessToken or AdminAccessToken
Path
appIdstringrequired
curl -i -X GET \
  'https://api.sbx.transmitsecurity.io/cis/v1/applications/{appId}/clients' \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>'

Responses

Bodyapplication/jsonArray [
Any of:
app_idstringrequired

Application ID

tenant_idstringrequired

Tenant ID

client_idstringrequired

Client ID used for API requests

client_secretstringrequired

Client secret used to obtain tokens for API authorization

namestringrequired

Client name displayed in the Admin Portal

descriptionstringrequired

Short description of your client, displayed in the Admin Portal

resourcesArray of stringsrequired

List of resources this client is allowed to explicitly request access to

created_atstring(date-time)required

Date the client was created

updated_atstring(date-time)required

Date the client was last updated

authentication_protocolstringrequired

Authentication protocol used by the client

Enum"oidc""saml"
client_group_idstringrequired

Id of client group where client is assigned

default_custom_claimsArray of stringsrequired

List of all the custom claims the client wants to receive by default

Items Enum"tid""fname""lname""mname""email""email_verified""phone_number""phone_number_verified""groups""new_user"
short_cookies_samesite_typestring

Short cookies samesite type. Possible values: "none", "lax", "strict". Default: "lax"

Default "lax"
Enum"lax""none"
redirect_urisArray of stringsrequired

List of URIs approved for redirects for your client

client_typestring

Type of client

Default "web"
Enum"web""native"
response_typesArray of strings
Default ["code","id_token","none"]
Items Enum"code""id_token"
Example: ["code"]
pkcestring

PKCE configuration

Enum"enforcePkceInsteadOfClientCredentials""enforcePkceAlongsideClientCredentials""allowPkceAlongsideClientCredentials"
device_authorizationobjectrequired
device_authorization.​enabledbooleanrequired

Determines if the client is allowed to use the OAuth device authorization flow

Default false
device_authorization.​approval_uristringrequired

The URI of the page that allows the user to approve the access request

Example: "https://www.example.com/device/approval"
device_authorization.​success_uristringrequired

Callback URI that receives an indication of whether the end-user authentication was completed successfully.

Example: "https://www.example.com/device/complete"
device_authorization.​input_uristringrequired

The URI of the page that allows the user to enter the code

Example: "https://www.example.com/device/start"
ciba_authorizationobjectrequired
ciba_authorization.​enabledbooleanrequired

Determines if the client is allowed to use the OAuth CIBA authorization flow

Default false
ciba_authorization.​login_uristring

The URI of the page that allows the user to log-in and verify the access request

Example: "https://www.example.com/ciba/login"
supported_promptsArray of stringsrequired

Supported prompts for oidc authentication flow

Items Enum"login""consent""none"
authentication_configurationobject
token_expirationobjectrequired
token_expiration.​access_token_ttlnumber

Access token time-to-live

token_expiration.​refresh_token_ttlnumber

Refresh token time-to-live

token_expiration.​max_refresh_rotatenumber

Maximum time the refresh token can be rotated

session_expirationnumberrequired

Session expiration time (seconds)

enforce_parbooleanrequired

Enforce PAR (Pushed Authorization Request) for this client

fapi_version_compliancybooleanrequired

FAPI compliance

token_endpoint_auth_methodstringDeprecated

This field is deprecated- to configure pkce use "pkce" field instead

Enum"client_secret_basic""self_signed_tls_client_auth""tls_client_auth""none""private_key_jwt"
]
Response
application/json
[
  {
    "app_id": "string",
    "tenant_id": "string",
    "client_id": "string",
    "client_secret": "string",
    "name": "string",
    "description": "string",
    "resources": [],
    "created_at": "2019-08-24T14:15:22Z",
    "updated_at": "2019-08-24T14:15:22Z",
    "authentication_protocol": "oidc",
    "client_group_id": "string",
    "default_custom_claims": [],
    "short_cookies_samesite_type": "lax",
    "redirect_uris": [],
    "client_type": "web",
    "response_types": [],
    "token_endpoint_auth_method": "client_secret_basic",
    "pkce": "enforcePkceInsteadOfClientCredentials",
    "device_authorization": {},
    "ciba_authorization": {},
    "supported_prompts": [],
    "authentication_configuration": {},
    "token_expiration": {},
    "session_expiration": 0,
    "enforce_par": true,
    "fapi_version_compliancy": true
  }
]

Delete all clients

Request

Deletes all clients for an application.

Security
ClientAccessToken or AdminAccessToken
Path
appIdstringrequired
curl -i -X DELETE \
  'https://api.sbx.transmitsecurity.io/cis/v1/applications/{appId}/clients' \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>'

Responses

Response
No content

Get client by ID

Request

Retrieves a client by client ID.

Required permissions: apps:read.

Security
ClientAccessToken or AdminAccessToken
Path
clientIdstringrequired

ID of the client to retrieve

appIdstringrequired
curl -i -X GET \
  'https://api.sbx.transmitsecurity.io/cis/v1/applications/{appId}/clients/{clientId}' \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>'

Responses

Bodyapplication/json
Any of:
app_idstringrequired

Application ID

tenant_idstringrequired

Tenant ID

client_idstringrequired

Client ID used for API requests

client_secretstringrequired

Client secret used to obtain tokens for API authorization

namestringrequired

Client name displayed in the Admin Portal

descriptionstringrequired

Short description of your client, displayed in the Admin Portal

resourcesArray of stringsrequired

List of resources this client is allowed to explicitly request access to

created_atstring(date-time)required

Date the client was created

updated_atstring(date-time)required

Date the client was last updated

authentication_protocolstringrequired

Authentication protocol used by the client

Enum"oidc""saml"
client_group_idstringrequired

Id of client group where client is assigned

default_custom_claimsArray of stringsrequired

List of all the custom claims the client wants to receive by default

Items Enum"tid""fname""lname""mname""email""email_verified""phone_number""phone_number_verified""groups""new_user"
short_cookies_samesite_typestring

Short cookies samesite type. Possible values: "none", "lax", "strict". Default: "lax"

Default "lax"
Enum"lax""none"
redirect_urisArray of stringsrequired

List of URIs approved for redirects for your client

client_typestring

Type of client

Default "web"
Enum"web""native"
response_typesArray of strings
Default ["code","id_token","none"]
Items Enum"code""id_token"
Example: ["code"]
pkcestring

PKCE configuration

Enum"enforcePkceInsteadOfClientCredentials""enforcePkceAlongsideClientCredentials""allowPkceAlongsideClientCredentials"
device_authorizationobjectrequired
device_authorization.​enabledbooleanrequired

Determines if the client is allowed to use the OAuth device authorization flow

Default false
device_authorization.​approval_uristringrequired

The URI of the page that allows the user to approve the access request

Example: "https://www.example.com/device/approval"
device_authorization.​success_uristringrequired

Callback URI that receives an indication of whether the end-user authentication was completed successfully.

Example: "https://www.example.com/device/complete"
device_authorization.​input_uristringrequired

The URI of the page that allows the user to enter the code

Example: "https://www.example.com/device/start"
ciba_authorizationobjectrequired
ciba_authorization.​enabledbooleanrequired

Determines if the client is allowed to use the OAuth CIBA authorization flow

Default false
ciba_authorization.​login_uristring

The URI of the page that allows the user to log-in and verify the access request

Example: "https://www.example.com/ciba/login"
supported_promptsArray of stringsrequired

Supported prompts for oidc authentication flow

Items Enum"login""consent""none"
authentication_configurationobject
token_expirationobjectrequired
token_expiration.​access_token_ttlnumber

Access token time-to-live

token_expiration.​refresh_token_ttlnumber

Refresh token time-to-live

token_expiration.​max_refresh_rotatenumber

Maximum time the refresh token can be rotated

session_expirationnumberrequired

Session expiration time (seconds)

enforce_parbooleanrequired

Enforce PAR (Pushed Authorization Request) for this client

fapi_version_compliancybooleanrequired

FAPI compliance

token_endpoint_auth_methodstringDeprecated

This field is deprecated- to configure pkce use "pkce" field instead

Enum"client_secret_basic""self_signed_tls_client_auth""tls_client_auth""none""private_key_jwt"
Response
application/json
{
  "app_id": "string",
  "tenant_id": "string",
  "client_id": "string",
  "client_secret": "string",
  "name": "string",
  "description": "string",
  "resources": [
    "string"
  ],
  "created_at": "2019-08-24T14:15:22Z",
  "updated_at": "2019-08-24T14:15:22Z",
  "authentication_protocol": "oidc",
  "client_group_id": "string",
  "default_custom_claims": [
    "tid"
  ],
  "short_cookies_samesite_type": "lax",
  "redirect_uris": [
    "string"
  ],
  "client_type": "web",
  "response_types": [
    "code"
  ],
  "token_endpoint_auth_method": "client_secret_basic",
  "pkce": "enforcePkceInsteadOfClientCredentials",
  "device_authorization": {
    "enabled": false,
    "approval_uri": "https://www.example.com/device/approval",
    "success_uri": "https://www.example.com/device/complete",
    "input_uri": "https://www.example.com/device/start"
  },
  "ciba_authorization": {
    "enabled": false,
    "login_uri": "https://www.example.com/ciba/login"
  },
  "supported_prompts": [
    "login"
  ],
  "authentication_configuration": {
    "method": "client_secret_basic",
    "tls_client_auth": {},
    "isMtlsCertTokenBound": true,
    "jwks": {}
  },
  "token_expiration": {
    "access_token_ttl": 0,
    "refresh_token_ttl": 0,
    "max_refresh_rotate": 0
  },
  "session_expiration": 0,
  "enforce_par": true,
  "fapi_version_compliancy": true
}

Update client

Request

Update a client. Note: Fields that are objects cannot be partially updated, since the new value you set will just replace the current one.

Required permissions: apps:edit, apps:create.

Security
ClientAccessToken or AdminAccessToken
Path
clientIdstringrequired

ID of the client to update

appIdstringrequired
Bodyapplication/jsonrequired
Any of:
namestring

Name of the client

Example: "My Client"
descriptionstring

Short description of the client

resourcesArray of strings

List of resources IDs associated with this client

client_group_idstring

Id of client group to associate with

default_custom_claimsArray of strings

List of client default custom claims

Items Enum"tid""fname""lname""mname""email""email_verified""phone_number""phone_number_verified""groups""new_user"
short_cookies_samesite_typestring

Short cookies samesite type. Possible values: "none", "lax", "strict". Default: "lax"

Default "lax"
Enum"lax""none"
redirect_urisArray of strings

List of URIs approved for redirects for your client

Example: ["https://www.example.com/login"]
client_typestring

Client type

Default "web"
Enum"web""native"
device_authorizationobject
ciba_authorizationobject
is_third_partyboolean

Is third party client

allowed_scopesArray of strings

Allowed scopes

consent_uristring

Consent URI

consent_validity_periodnumber

Consent validity period

pkcestring

PKCE configuration

Enum"enforcePkceInsteadOfClientCredentials""enforcePkceAlongsideClientCredentials""allowPkceAlongsideClientCredentials"
supported_promptsArray of strings

Supported prompts for the OIDC authentication flow

Items Enum"login""consent""none"
Example: ["login","consent","none"]
token_expirationobject
session_expirationnumber

Session expiration time (seconds)

enforce_parboolean

enforce PAR (Pushed Authorization Request) for this client

role_idsArray of strings

Role IDs

fapi_version_compliancyboolean

FAPI 2.0 compliancy configuration

response_typesArray of strings
Default ["code","id_token"]
Items Enum"code""id_token"
Example: ["code"]
authentication_configurationobject
token_endpoint_auth_methodstringDeprecated

This field is deprecated- to configure pkce use "pkce" field instead

Default "client_secret_basic"
Enum"client_secret_basic""self_signed_tls_client_auth""tls_client_auth""none""private_key_jwt"
curl -i -X PUT \
  'https://api.sbx.transmitsecurity.io/cis/v1/applications/{appId}/clients/{clientId}' \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{
    "name": "My Client",
    "description": "string",
    "resources": [
      "string"
    ],
    "client_group_id": "string",
    "default_custom_claims": [
      "tid"
    ],
    "short_cookies_samesite_type": "lax",
    "redirect_uris": [
      "https://www.example.com/login"
    ],
    "client_type": "web",
    "device_authorization": {
      "enabled": false,
      "approval_uri": "https://www.example.com/device/approval",
      "success_uri": "https://www.example.com/device/complete",
      "input_uri": "https://www.example.com/device/start"
    },
    "ciba_authorization": {
      "enabled": false,
      "login_uri": "https://www.example.com/ciba/login"
    },
    "is_third_party": true,
    "allowed_scopes": [
      "string"
    ],
    "consent_uri": "string",
    "consent_validity_period": 0,
    "pkce": "enforcePkceInsteadOfClientCredentials",
    "supported_prompts": [
      "login",
      "consent",
      "none"
    ],
    "token_expiration": {
      "access_token_ttl": 0,
      "refresh_token_ttl": 0,
      "max_refresh_rotate": 0
    },
    "session_expiration": 0,
    "enforce_par": true,
    "role_ids": [
      "string"
    ],
    "fapi_version_compliancy": true,
    "token_endpoint_auth_method": "client_secret_basic",
    "response_types": [
      "code"
    ],
    "authentication_configuration": {
      "method": "client_secret_basic",
      "tls_client_auth": {
        "certificate_chain": "string",
        "distinguished_name": 6,
        "ocsp_on": true,
        "ocsp_responder_uri": "string",
        "ocsp_responder_certificate": "string",
        "ocsp_fail_open": true
      },
      "isMtlsCertTokenBound": true,
      "jwks": {}
    }
  }'

Responses

Bodyapplication/json
Any of:
app_idstringrequired

Application ID

tenant_idstringrequired

Tenant ID

client_idstringrequired

Client ID used for API requests

client_secretstringrequired

Client secret used to obtain tokens for API authorization

namestringrequired

Client name displayed in the Admin Portal

descriptionstringrequired

Short description of your client, displayed in the Admin Portal

resourcesArray of stringsrequired

List of resources this client is allowed to explicitly request access to

created_atstring(date-time)required

Date the client was created

updated_atstring(date-time)required

Date the client was last updated

authentication_protocolstringrequired

Authentication protocol used by the client

Enum"oidc""saml"
client_group_idstringrequired

Id of client group where client is assigned

default_custom_claimsArray of stringsrequired

List of all the custom claims the client wants to receive by default

Items Enum"tid""fname""lname""mname""email""email_verified""phone_number""phone_number_verified""groups""new_user"
short_cookies_samesite_typestring

Short cookies samesite type. Possible values: "none", "lax", "strict". Default: "lax"

Default "lax"
Enum"lax""none"
redirect_urisArray of stringsrequired

List of URIs approved for redirects for your client

client_typestring

Type of client

Default "web"
Enum"web""native"
response_typesArray of strings
Default ["code","id_token","none"]
Items Enum"code""id_token"
Example: ["code"]
pkcestring

PKCE configuration

Enum"enforcePkceInsteadOfClientCredentials""enforcePkceAlongsideClientCredentials""allowPkceAlongsideClientCredentials"
device_authorizationobjectrequired
device_authorization.​enabledbooleanrequired

Determines if the client is allowed to use the OAuth device authorization flow

Default false
device_authorization.​approval_uristringrequired

The URI of the page that allows the user to approve the access request

Example: "https://www.example.com/device/approval"
device_authorization.​success_uristringrequired

Callback URI that receives an indication of whether the end-user authentication was completed successfully.

Example: "https://www.example.com/device/complete"
device_authorization.​input_uristringrequired

The URI of the page that allows the user to enter the code

Example: "https://www.example.com/device/start"
ciba_authorizationobjectrequired
ciba_authorization.​enabledbooleanrequired

Determines if the client is allowed to use the OAuth CIBA authorization flow

Default false
ciba_authorization.​login_uristring

The URI of the page that allows the user to log-in and verify the access request

Example: "https://www.example.com/ciba/login"
supported_promptsArray of stringsrequired

Supported prompts for oidc authentication flow

Items Enum"login""consent""none"
authentication_configurationobject
token_expirationobjectrequired
token_expiration.​access_token_ttlnumber

Access token time-to-live

token_expiration.​refresh_token_ttlnumber

Refresh token time-to-live

token_expiration.​max_refresh_rotatenumber

Maximum time the refresh token can be rotated

session_expirationnumberrequired

Session expiration time (seconds)

enforce_parbooleanrequired

Enforce PAR (Pushed Authorization Request) for this client

fapi_version_compliancybooleanrequired

FAPI compliance

token_endpoint_auth_methodstringDeprecated

This field is deprecated- to configure pkce use "pkce" field instead

Enum"client_secret_basic""self_signed_tls_client_auth""tls_client_auth""none""private_key_jwt"
Response
application/json
{
  "app_id": "string",
  "tenant_id": "string",
  "client_id": "string",
  "client_secret": "string",
  "name": "string",
  "description": "string",
  "resources": [
    "string"
  ],
  "created_at": "2019-08-24T14:15:22Z",
  "updated_at": "2019-08-24T14:15:22Z",
  "authentication_protocol": "oidc",
  "client_group_id": "string",
  "default_custom_claims": [
    "tid"
  ],
  "short_cookies_samesite_type": "lax",
  "redirect_uris": [
    "string"
  ],
  "client_type": "web",
  "response_types": [
    "code"
  ],
  "token_endpoint_auth_method": "client_secret_basic",
  "pkce": "enforcePkceInsteadOfClientCredentials",
  "device_authorization": {
    "enabled": false,
    "approval_uri": "https://www.example.com/device/approval",
    "success_uri": "https://www.example.com/device/complete",
    "input_uri": "https://www.example.com/device/start"
  },
  "ciba_authorization": {
    "enabled": false,
    "login_uri": "https://www.example.com/ciba/login"
  },
  "supported_prompts": [
    "login"
  ],
  "authentication_configuration": {
    "method": "client_secret_basic",
    "tls_client_auth": {},
    "isMtlsCertTokenBound": true,
    "jwks": {}
  },
  "token_expiration": {
    "access_token_ttl": 0,
    "refresh_token_ttl": 0,
    "max_refresh_rotate": 0
  },
  "session_expiration": 0,
  "enforce_par": true,
  "fapi_version_compliancy": true
}

Delete client

Request

Delete a client.

Required permissions: apps:delete, apps:create, apps:edit.

Security
ClientAccessToken or AdminAccessToken
Path
clientIdstringrequired

ID of the client to delete

appIdstringrequired
curl -i -X DELETE \
  'https://api.sbx.transmitsecurity.io/cis/v1/applications/{appId}/clients/{clientId}' \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>'

Responses

Response
No content

Update client resources

Request

Update the list of resources that a client is allowed to explicitly request access to

Security
ClientAccessToken or AdminAccessToken
Path
clientIdstringrequired
appIdstringrequired
Bodyapplication/jsonrequired
resource_idsArray of stringsrequired

List of resources this application is allowed to explicitly request access to

curl -i -X PUT \
  'https://api.sbx.transmitsecurity.io/cis/v1/applications/{appId}/clients/{clientId}/resources' \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{
    "resource_ids": [
      "string"
    ]
  }'

Responses

Bodyapplication/json
Any of:
app_idstringrequired

Application ID

tenant_idstringrequired

Tenant ID

client_idstringrequired

Client ID used for API requests

client_secretstringrequired

Client secret used to obtain tokens for API authorization

namestringrequired

Client name displayed in the Admin Portal

descriptionstringrequired

Short description of your client, displayed in the Admin Portal

resourcesArray of stringsrequired

List of resources this client is allowed to explicitly request access to

created_atstring(date-time)required

Date the client was created

updated_atstring(date-time)required

Date the client was last updated

authentication_protocolstringrequired

Authentication protocol used by the client

Enum"oidc""saml"
client_group_idstringrequired

Id of client group where client is assigned

default_custom_claimsArray of stringsrequired

List of all the custom claims the client wants to receive by default

Items Enum"tid""fname""lname""mname""email""email_verified""phone_number""phone_number_verified""groups""new_user"
short_cookies_samesite_typestring

Short cookies samesite type. Possible values: "none", "lax", "strict". Default: "lax"

Default "lax"
Enum"lax""none"
redirect_urisArray of stringsrequired

List of URIs approved for redirects for your client

client_typestring

Type of client

Default "web"
Enum"web""native"
response_typesArray of strings
Default ["code","id_token","none"]
Items Enum"code""id_token"
Example: ["code"]
pkcestring

PKCE configuration

Enum"enforcePkceInsteadOfClientCredentials""enforcePkceAlongsideClientCredentials""allowPkceAlongsideClientCredentials"
device_authorizationobjectrequired
device_authorization.​enabledbooleanrequired

Determines if the client is allowed to use the OAuth device authorization flow

Default false
device_authorization.​approval_uristringrequired

The URI of the page that allows the user to approve the access request

Example: "https://www.example.com/device/approval"
device_authorization.​success_uristringrequired

Callback URI that receives an indication of whether the end-user authentication was completed successfully.

Example: "https://www.example.com/device/complete"
device_authorization.​input_uristringrequired

The URI of the page that allows the user to enter the code

Example: "https://www.example.com/device/start"
ciba_authorizationobjectrequired
ciba_authorization.​enabledbooleanrequired

Determines if the client is allowed to use the OAuth CIBA authorization flow

Default false
ciba_authorization.​login_uristring

The URI of the page that allows the user to log-in and verify the access request

Example: "https://www.example.com/ciba/login"
supported_promptsArray of stringsrequired

Supported prompts for oidc authentication flow

Items Enum"login""consent""none"
authentication_configurationobject
token_expirationobjectrequired
token_expiration.​access_token_ttlnumber

Access token time-to-live

token_expiration.​refresh_token_ttlnumber

Refresh token time-to-live

token_expiration.​max_refresh_rotatenumber

Maximum time the refresh token can be rotated

session_expirationnumberrequired

Session expiration time (seconds)

enforce_parbooleanrequired

Enforce PAR (Pushed Authorization Request) for this client

fapi_version_compliancybooleanrequired

FAPI compliance

token_endpoint_auth_methodstringDeprecated

This field is deprecated- to configure pkce use "pkce" field instead

Enum"client_secret_basic""self_signed_tls_client_auth""tls_client_auth""none""private_key_jwt"
Response
application/json
{
  "app_id": "string",
  "tenant_id": "string",
  "client_id": "string",
  "client_secret": "string",
  "name": "string",
  "description": "string",
  "resources": [
    "string"
  ],
  "created_at": "2019-08-24T14:15:22Z",
  "updated_at": "2019-08-24T14:15:22Z",
  "authentication_protocol": "oidc",
  "client_group_id": "string",
  "default_custom_claims": [
    "tid"
  ],
  "short_cookies_samesite_type": "lax",
  "redirect_uris": [
    "string"
  ],
  "client_type": "web",
  "response_types": [
    "code"
  ],
  "token_endpoint_auth_method": "client_secret_basic",
  "pkce": "enforcePkceInsteadOfClientCredentials",
  "device_authorization": {
    "enabled": false,
    "approval_uri": "https://www.example.com/device/approval",
    "success_uri": "https://www.example.com/device/complete",
    "input_uri": "https://www.example.com/device/start"
  },
  "ciba_authorization": {
    "enabled": false,
    "login_uri": "https://www.example.com/ciba/login"
  },
  "supported_prompts": [
    "login"
  ],
  "authentication_configuration": {
    "method": "client_secret_basic",
    "tls_client_auth": {},
    "isMtlsCertTokenBound": true,
    "jwks": {}
  },
  "token_expiration": {
    "access_token_ttl": 0,
    "refresh_token_ttl": 0,
    "max_refresh_rotate": 0
  },
  "session_expiration": 0,
  "enforce_par": true,
  "fapi_version_compliancy": true
}

Create app

Request

Create a new application with a default client. The fields marked as deprecated are now managed on the client level. To update a default client, create additional clients, or fetch all app clients, use /clients or applications/{appId}/clients endpoints.

Required permissions: apps:create, [appId]:create.

Security
ClientAccessToken
Bodyapplication/jsonrequired
app_namestringrequired

Name of the application

Example: "My App"
app_descriptionstring

Short description of the application

service_providersArray of strings

List of service provider IDs associated with this application

allow_public_signupboolean

Determines if the application is allowed to request to create new users via login flows

Default false
authenticator_preferencesobject
login_uristring

URI used to redirect the user to the login page of the application (when needed)

Example: "https://www.example.com/login"
invite_member_uristring

URI used to redirect the member to the login page of the application (when needed)

Example: "https://www.example.com/login"
invite_member_email_expiration_minutesnumber

Member invite email link expiration in minutes

Default 2880
refresh_token_invalidation_trigger_configurationobject
first_client_authentication_protocolstring

Defines the first client authentication protocol.

Enum"oidc""saml"
first_clientobject
One of:

Creates first client for the application. Client can be OIDC or SAML, depending what is set in first_client_authentication_protocol

logostring

URI of your application's logo, such as for email templates

subdomainstring

Subdomain of Org admin portal that can be offered for organizations to manage their users (when needed)

Example: "myapp"
custom_domainstring

Domain of the application that can be offered for the application to be accessed from

Example: "myapp.com"
pkcestring

PKCE configuration for client

Enum"enforcePkceInsteadOfClientCredentials""enforcePkceAlongsideClientCredentials""allowPkceAlongsideClientCredentials"
should_delete_signing_keyboolean

Determines whether the application-specific signing key should be deleted when disabled. If deleted, any tokens previously issued with this key will no longer be valid.

Default false
signing_key_enabledboolean

Determines if application specific signing key is enabled

Default false
invite_client_idstring

Client used for the email magic link invitation flow

client_typestringDeprecated

Client type of the default client

Default "web"
Enum"web""native"
client_display_namestringDeprecatedrequired

Client name of the default client to display when needed

client_descriptionstringDeprecated

Short description of the default client

redirect_urisArray of stringsDeprecated

List of URI approved for redirects for your default client

Example: ["https://www.example.com/login"]
resourcesArray of stringsDeprecated

List of resources IDs associated with the default client

device_authorizationobjectDeprecated
ciba_authorizationobjectDeprecated
client_auth_methodstringDeprecated

This field is deprecated- to configure pkce use "pkce" field instead

Default "client_secret_basic"
Enum"client_secret_basic""self_signed_tls_client_auth""tls_client_auth""none""private_key_jwt"
curl -i -X POST \
  https://api.sbx.transmitsecurity.io/cis/v1/applications \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{
    "app_name": "My App",
    "app_description": "string",
    "service_providers": [
      "string"
    ],
    "allow_public_signup": false,
    "authenticator_preferences": {
      "is_centralized": false,
      "login_uri": "https://www.example.com/login"
    },
    "login_uri": "https://www.example.com/login",
    "invite_member_uri": "https://www.example.com/login",
    "invite_member_email_expiration_minutes": 2880,
    "refresh_token_invalidation_trigger_configuration": {
      "invalidateOnMemberSuspension": true,
      "invalidateOnMemberPasswordReset": true,
      "invalidateOnMemberRoleUpdate": true
    },
    "client_type": "web",
    "client_display_name": "string",
    "client_description": "string",
    "first_client_authentication_protocol": "oidc",
    "first_client": {
      "name": "My Client",
      "description": "string",
      "resources": [
        "string"
      ],
      "authentication_protocol": "oidc",
      "client_group_id": "string",
      "default_custom_claims": [
        "tid"
      ],
      "short_cookies_samesite_type": "lax",
      "redirect_uris": [
        "https://www.example.com/login"
      ],
      "client_type": "web",
      "device_authorization": {
        "enabled": false,
        "approval_uri": "https://www.example.com/device/approval",
        "success_uri": "https://www.example.com/device/complete",
        "input_uri": "https://www.example.com/device/start"
      },
      "ciba_authorization": {
        "enabled": false,
        "login_uri": "https://www.example.com/ciba/login"
      },
      "is_third_party": true,
      "allowed_scopes": [
        "string"
      ],
      "consent_uri": "string",
      "consent_validity_period": 0,
      "pkce": "enforcePkceInsteadOfClientCredentials",
      "supported_prompts": [
        "login",
        "consent",
        "none"
      ],
      "token_expiration": {
        "access_token_ttl": 0,
        "refresh_token_ttl": 0,
        "max_refresh_rotate": 0
      },
      "session_expiration": 0,
      "enforce_par": true,
      "role_ids": [
        "string"
      ],
      "fapi_version_compliancy": true,
      "token_endpoint_auth_method": "client_secret_basic",
      "response_types": [
        "code"
      ],
      "authentication_configuration": {
        "method": "client_secret_basic",
        "tls_client_auth": {
          "certificate_chain": "string",
          "distinguished_name": 6,
          "ocsp_on": true,
          "ocsp_responder_uri": "string",
          "ocsp_responder_certificate": "string",
          "ocsp_fail_open": true
        },
        "isMtlsCertTokenBound": true,
        "jwks": {}
      }
    },
    "redirect_uris": [
      "https://www.example.com/login"
    ],
    "logo": "string",
    "resources": [
      "string"
    ],
    "device_authorization": {
      "enabled": false,
      "approval_uri": "https://www.example.com/device/approval",
      "success_uri": "https://www.example.com/device/complete",
      "input_uri": "https://www.example.com/device/start"
    },
    "ciba_authorization": {
      "enabled": false,
      "login_uri": "https://www.example.com/ciba/login"
    },
    "client_auth_method": "client_secret_basic",
    "subdomain": "myapp",
    "custom_domain": "myapp.com",
    "pkce": "enforcePkceInsteadOfClientCredentials",
    "should_delete_signing_key": false,
    "signing_key_enabled": false,
    "invite_client_id": "string"
  }'

Responses

Bodyapplication/json
resultobjectrequired
result.​app_idstringrequired

Application ID

result.​tenant_idstringrequired

Tenant ID

result.​app_namestringrequired

Application name displayed in the Admin Portal

result.​app_descriptionstringrequired

Short description of your application, displayed in the Admin Portal

result.​logostringrequired

URI of your application's logo, such as for email templates

result.​login_preferencesobjectrequired
result.​login_preferences.​auth_methodsobjectrequired
result.​login_preferences.​auth_methods.​googleobject
result.​login_preferences.​auth_methods.​facebookobject
result.​login_preferences.​auth_methods.​emailobject
result.​login_preferences.​auth_methods.​email_otpobject
result.​login_preferences.​auth_methods.​appleobject
result.​login_preferences.​auth_methods.​smsobject
result.​login_preferences.​auth_methods.​webauthn_apiobject
result.​login_preferences.​auth_methods.​lineobject
result.​login_preferences.​auth_methods.​passwordobject
result.​login_preferences.​auth_methods.​totpobject
result.​login_preferences.​auth_methods.​pushobject
result.​login_preferences.​auth_methods.​tiktokobject
result.​login_preferences.​auth_methods.​pin_authenticatorobject
result.​login_preferences.​auth_methods.​faceobject
result.​created_atstring(date-time)required

Date the application was created

result.​created_bystringrequired

The user that created the application

result.​updated_atstring(date-time)required

Date the application was last updated

result.​service_providersArray of stringsrequired

List of service providers this application is allowed to explicitly redirect to

result.​authenticator_preferencesobjectrequired
result.​authenticator_preferences.​is_centralizedbooleanrequired

Indicates whether to set the application as the Authentication Hub for this tenant

Default false
result.​authenticator_preferences.​login_uristringrequired

URI of the application that will initiate an authentication flow when centralized login is requested

Example: "https://www.example.com/login"
result.​allow_public_signupbooleanrequired

Determines if the application is allowed to request to create new users via login flows

result.​pkcestring

PKCE configuration

Enum"enforcePkceInsteadOfClientCredentials""enforcePkceAlongsideClientCredentials""allowPkceAlongsideClientCredentials"
result.​password_sharing_group_idstring

If the app has opted in to password sharing, this identifies the group of apps that it shares passwords with.

result.​login_uristring

URI used to redirect the user to the login page of the application (when needed)

Example: "https://www.example.com/login"
result.​invite_member_uristring

URI used to redirect the member to the login page of the application (when needed)

Example: "https://www.example.com/login"
result.​invite_client_idstring

Client used for the email magic link invitation flow

result.​subdomainstring

Subdomain of Org admin portal that can be offered for organizations to manage their users (when needed)

Example: "myapp"
result.​invite_member_email_expiration_minutesnumber

Member invite email link expiration in minutes

Default 2880
result.​custom_domainobject
result.​external_communicationobject
result.​signing_key_enabledboolean

Determines if application specific signing key is enabled

result.​refresh_token_invalidation_trigger_configurationobject
result.​client_typestringDeprecated

Type of the default client

Default "web"
Enum"web""native"
result.​client_idstringDeprecated

Client ID of the default client used for API requests

result.​client_display_namestringDeprecated

Client name of the default client to display when needed

result.​client_descriptionstringDeprecated

Short description of the default client

result.​client_secretstringDeprecated

Client secret of the default client used to obtain tokens for API authorization

result.​redirect_urisArray of stringsDeprecated

List of URI approved for redirects for your default client

result.​resourcesArray of stringsDeprecated

List of resources the default client is allowed to explicitly request access to

result.​client_auth_methodstringDeprecated

This field is deprecated- to configure pkce use "pkce" field instead

Enum"client_secret_basic""self_signed_tls_client_auth""tls_client_auth""none""private_key_jwt"
result.​device_authorizationobjectDeprecated
result.​ciba_authorizationobjectDeprecated
Response
application/json
{
  "result": {
    "app_id": "string",
    "tenant_id": "string",
    "app_name": "string",
    "app_description": "string",
    "client_type": "web",
    "logo": "string",
    "client_id": "string",
    "client_display_name": "string",
    "client_description": "string",
    "client_secret": "string",
    "redirect_uris": [],
    "login_preferences": {},
    "created_at": "2019-08-24T14:15:22Z",
    "created_by": "string",
    "updated_at": "2019-08-24T14:15:22Z",
    "resources": [],
    "service_providers": [],
    "authenticator_preferences": {},
    "allow_public_signup": true,
    "client_auth_method": "client_secret_basic",
    "pkce": "enforcePkceInsteadOfClientCredentials",
    "device_authorization": {},
    "ciba_authorization": {},
    "password_sharing_group_id": "string",
    "login_uri": "https://www.example.com/login",
    "invite_member_uri": "https://www.example.com/login",
    "invite_client_id": "string",
    "subdomain": "myapp",
    "invite_member_email_expiration_minutes": 2880,
    "custom_domain": {},
    "external_communication": {},
    "signing_key_enabled": true,
    "refresh_token_invalidation_trigger_configuration": {}
  }
}

Get all apps

Request

Retrieves a list of all applications with their default clients. The fields marked as deprecated are now managed on the client level. To update a default client, create additional clients, or fetch all app clients, use /clients or applications/{appId}/clients endpoints.

Required permissions: apps:read, apps:list, [appId]:read, [appId]:list.

Security
ClientAccessToken
curl -i -X GET \
  https://api.sbx.transmitsecurity.io/cis/v1/applications \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>'

Responses

Bodyapplication/json
resultArray of objectsrequired
result[].​app_idstringrequired

Application ID

result[].​tenant_idstringrequired

Tenant ID

result[].​app_namestringrequired

Application name displayed in the Admin Portal

result[].​app_descriptionstringrequired

Short description of your application, displayed in the Admin Portal

result[].​login_preferencesobjectrequired
result[].​login_preferences.​auth_methodsobjectrequired
result[].​login_preferences.​auth_methods.​googleobject
result[].​login_preferences.​auth_methods.​facebookobject
result[].​login_preferences.​auth_methods.​emailobject
result[].​login_preferences.​auth_methods.​email_otpobject
result[].​login_preferences.​auth_methods.​appleobject
result[].​login_preferences.​auth_methods.​smsobject
result[].​login_preferences.​auth_methods.​webauthn_apiobject
result[].​login_preferences.​auth_methods.​lineobject
result[].​login_preferences.​auth_methods.​passwordobject
result[].​login_preferences.​auth_methods.​totpobject
result[].​login_preferences.​auth_methods.​pushobject
result[].​login_preferences.​auth_methods.​tiktokobject
result[].​login_preferences.​auth_methods.​pin_authenticatorobject
result[].​login_preferences.​auth_methods.​faceobject
result[].​created_atstring(date-time)required

Date the application was created

result[].​created_bystringrequired

The user that created the application

result[].​updated_atstring(date-time)required

Date the application was last updated

result[].​service_providersArray of stringsrequired

List of service providers this application is allowed to explicitly redirect to

result[].​authenticator_preferencesobjectrequired
result[].​authenticator_preferences.​is_centralizedbooleanrequired

Indicates whether to set the application as the Authentication Hub for this tenant

Default false
result[].​authenticator_preferences.​login_uristringrequired

URI of the application that will initiate an authentication flow when centralized login is requested

Example: "https://www.example.com/login"
result[].​allow_public_signupbooleanrequired

Determines if the application is allowed to request to create new users via login flows

result[].​pkcestring

PKCE configuration

Enum"enforcePkceInsteadOfClientCredentials""enforcePkceAlongsideClientCredentials""allowPkceAlongsideClientCredentials"
result[].​password_sharing_group_idstring

If the app has opted in to password sharing, this identifies the group of apps that it shares passwords with.

result[].​login_uristring

URI used to redirect the user to the login page of the application (when needed)

Example: "https://www.example.com/login"
result[].​invite_member_uristring

URI used to redirect the member to the login page of the application (when needed)

Example: "https://www.example.com/login"
result[].​invite_client_idstring

Client used for the email magic link invitation flow

result[].​subdomainstring

Subdomain of Org admin portal that can be offered for organizations to manage their users (when needed)

Example: "myapp"
result[].​invite_member_email_expiration_minutesnumber

Member invite email link expiration in minutes

Default 2880
result[].​custom_domainobject
result[].​external_communicationobject
result[].​signing_key_enabledboolean

Determines if application specific signing key is enabled

result[].​refresh_token_invalidation_trigger_configurationobject
result[].​client_typestringDeprecated

Type of the default client

Default "web"
Enum"web""native"
result[].​client_idstringDeprecated

Client ID of the default client used for API requests

result[].​client_display_namestringDeprecated

Client name of the default client to display when needed

result[].​client_descriptionstringDeprecated

Short description of the default client

result[].​client_secretstringDeprecated

Client secret of the default client used to obtain tokens for API authorization

result[].​redirect_urisArray of stringsDeprecated

List of URI approved for redirects for your default client

result[].​resourcesArray of stringsDeprecated

List of resources the default client is allowed to explicitly request access to

result[].​client_auth_methodstringDeprecated

This field is deprecated- to configure pkce use "pkce" field instead

Enum"client_secret_basic""self_signed_tls_client_auth""tls_client_auth""none""private_key_jwt"
result[].​device_authorizationobjectDeprecated
result[].​ciba_authorizationobjectDeprecated
Response
application/json
{
  "result": [
    {}
  ]
}

Get all apps basic information

Request

Retrieves a list of all applications with their basic information.

Required permissions: apps:list, users:read, organizations:read, roles:read, orgs:read, [appId]:list.

Security
ClientAccessToken
curl -i -X GET \
  https://api.sbx.transmitsecurity.io/cis/v1/applications/list \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>'

Responses

Bodyapplication/json
resultArray of objectsrequired
result[].​app_idstringrequired

Application ID

result[].​tenant_idstringrequired

Tenant ID

result[].​app_namestringrequired

Application name displayed in the Admin Portal

result[].​app_descriptionstringrequired

Short description of your application, displayed in the Admin Portal

result[].​login_uristring

URI used to redirect the user to the login page of the application (when needed)

Example: "https://www.example.com/login"
Response
application/json
{
  "result": [
    {}
  ]
}

Get app by ID

Request

Retrieves an application by application ID with the default client. The fields marked as deprecated are now managed on the client level. To update a default client, create additional clients, or fetch all app clients, use /clients or applications/{appId}/clients endpoints.

Required permissions: apps:read, [appId]:read.

Security
ClientAccessToken
Path
appIdstringrequired

ID of the application to retrieve

curl -i -X GET \
  'https://api.sbx.transmitsecurity.io/cis/v1/applications/{appId}' \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>'

Responses

Bodyapplication/json
resultobjectrequired
result.​app_idstringrequired

Application ID

result.​tenant_idstringrequired

Tenant ID

result.​app_namestringrequired

Application name displayed in the Admin Portal

result.​app_descriptionstringrequired

Short description of your application, displayed in the Admin Portal

result.​logostringrequired

URI of your application's logo, such as for email templates

result.​login_preferencesobjectrequired
result.​login_preferences.​auth_methodsobjectrequired
result.​login_preferences.​auth_methods.​googleobject
result.​login_preferences.​auth_methods.​facebookobject
result.​login_preferences.​auth_methods.​emailobject
result.​login_preferences.​auth_methods.​email_otpobject
result.​login_preferences.​auth_methods.​appleobject
result.​login_preferences.​auth_methods.​smsobject
result.​login_preferences.​auth_methods.​webauthn_apiobject
result.​login_preferences.​auth_methods.​lineobject
result.​login_preferences.​auth_methods.​passwordobject
result.​login_preferences.​auth_methods.​totpobject
result.​login_preferences.​auth_methods.​pushobject
result.​login_preferences.​auth_methods.​tiktokobject
result.​login_preferences.​auth_methods.​pin_authenticatorobject
result.​login_preferences.​auth_methods.​faceobject
result.​created_atstring(date-time)required

Date the application was created

result.​created_bystringrequired

The user that created the application

result.​updated_atstring(date-time)required

Date the application was last updated

result.​service_providersArray of stringsrequired

List of service providers this application is allowed to explicitly redirect to

result.​authenticator_preferencesobjectrequired
result.​authenticator_preferences.​is_centralizedbooleanrequired

Indicates whether to set the application as the Authentication Hub for this tenant

Default false
result.​authenticator_preferences.​login_uristringrequired

URI of the application that will initiate an authentication flow when centralized login is requested

Example: "https://www.example.com/login"
result.​allow_public_signupbooleanrequired

Determines if the application is allowed to request to create new users via login flows

result.​pkcestring

PKCE configuration

Enum"enforcePkceInsteadOfClientCredentials""enforcePkceAlongsideClientCredentials""allowPkceAlongsideClientCredentials"
result.​password_sharing_group_idstring

If the app has opted in to password sharing, this identifies the group of apps that it shares passwords with.

result.​login_uristring

URI used to redirect the user to the login page of the application (when needed)

Example: "https://www.example.com/login"
result.​invite_member_uristring

URI used to redirect the member to the login page of the application (when needed)

Example: "https://www.example.com/login"
result.​invite_client_idstring

Client used for the email magic link invitation flow

result.​subdomainstring

Subdomain of Org admin portal that can be offered for organizations to manage their users (when needed)

Example: "myapp"
result.​invite_member_email_expiration_minutesnumber

Member invite email link expiration in minutes

Default 2880
result.​custom_domainobject
result.​external_communicationobject
result.​signing_key_enabledboolean

Determines if application specific signing key is enabled

result.​refresh_token_invalidation_trigger_configurationobject
result.​client_typestringDeprecated

Type of the default client

Default "web"
Enum"web""native"
result.​client_idstringDeprecated

Client ID of the default client used for API requests

result.​client_display_namestringDeprecated

Client name of the default client to display when needed

result.​client_descriptionstringDeprecated

Short description of the default client

result.​client_secretstringDeprecated

Client secret of the default client used to obtain tokens for API authorization

result.​redirect_urisArray of stringsDeprecated

List of URI approved for redirects for your default client

result.​resourcesArray of stringsDeprecated

List of resources the default client is allowed to explicitly request access to

result.​client_auth_methodstringDeprecated

This field is deprecated- to configure pkce use "pkce" field instead

Enum"client_secret_basic""self_signed_tls_client_auth""tls_client_auth""none""private_key_jwt"
result.​device_authorizationobjectDeprecated
result.​ciba_authorizationobjectDeprecated
Response
application/json
{
  "result": {
    "app_id": "string",
    "tenant_id": "string",
    "app_name": "string",
    "app_description": "string",
    "client_type": "web",
    "logo": "string",
    "client_id": "string",
    "client_display_name": "string",
    "client_description": "string",
    "client_secret": "string",
    "redirect_uris": [],
    "login_preferences": {},
    "created_at": "2019-08-24T14:15:22Z",
    "created_by": "string",
    "updated_at": "2019-08-24T14:15:22Z",
    "resources": [],
    "service_providers": [],
    "authenticator_preferences": {},
    "allow_public_signup": true,
    "client_auth_method": "client_secret_basic",
    "pkce": "enforcePkceInsteadOfClientCredentials",
    "device_authorization": {},
    "ciba_authorization": {},
    "password_sharing_group_id": "string",
    "login_uri": "https://www.example.com/login",
    "invite_member_uri": "https://www.example.com/login",
    "invite_client_id": "string",
    "subdomain": "myapp",
    "invite_member_email_expiration_minutes": 2880,
    "custom_domain": {},
    "external_communication": {},
    "signing_key_enabled": true,
    "refresh_token_invalidation_trigger_configuration": {}
  }
}

Update app

Request

Updates an application. The fields marked as deprecated are now managed on the client level. To update a default client, create additional clients, or fetch all app clients, use /clients or applications/{appId}/clients endpoints. Note: Fields that are objects cannot be partially updated, since the new value you set will just replace the current one.

Required permissions: apps:edit, [appId]:edit.

Security
ClientAccessToken
Path
appIdstringrequired

ID of the application to update

Bodyapplication/jsonrequired
app_namestring

Name of the application

Example: "My App"
app_descriptionstring

Short description of the application

service_providersArray of strings

List of service provider IDs associated with this application

allow_public_signupboolean

Determines if the application is allowed to request to create new users via login flows

Default false
authenticator_preferencesobject
login_uristring

URI used to redirect the user to the login page of the application (when needed)

Example: "https://www.example.com/login"
invite_member_uristring

URI used to redirect the member to the login page of the application (when needed)

Example: "https://www.example.com/login"
invite_member_email_expiration_minutesnumber

Member invite email link expiration in minutes

Default 2880
refresh_token_invalidation_trigger_configurationobject
first_client_authentication_protocolstring

Defines the first client authentication protocol.

Enum"oidc""saml"
first_clientobject
One of:

Creates first client for the application. Client can be OIDC or SAML, depending what is set in first_client_authentication_protocol

logostring

URI of your application's logo, such as for email templates

subdomainstring

Subdomain of Org admin portal that can be offered for organizations to manage their users (when needed)

Example: "myapp"
custom_domainstring

Domain of the application that can be offered for the application to be accessed from

Example: "myapp.com"
pkcestring

PKCE configuration for client

Enum"enforcePkceInsteadOfClientCredentials""enforcePkceAlongsideClientCredentials""allowPkceAlongsideClientCredentials"
should_delete_signing_keyboolean

Determines whether the application-specific signing key should be deleted when disabled. If deleted, any tokens previously issued with this key will no longer be valid.

Default false
signing_key_enabledboolean

Determines if application specific signing key is enabled

Default false
invite_client_idstring

Client used for the email magic link invitation flow

client_typestringDeprecated

Client type of the default client

Default "web"
Enum"web""native"
client_display_namestringDeprecated

Client name of the default client to display when needed

client_descriptionstringDeprecated

Short description of the default client

redirect_urisArray of stringsDeprecated

List of URI approved for redirects for your default client

Example: ["https://www.example.com/login"]
resourcesArray of stringsDeprecated

List of resources IDs associated with the default client

device_authorizationobjectDeprecated
ciba_authorizationobjectDeprecated
client_auth_methodstringDeprecated

This field is deprecated- to configure pkce use "pkce" field instead

Default "client_secret_basic"
Enum"client_secret_basic""self_signed_tls_client_auth""tls_client_auth""none""private_key_jwt"
curl -i -X PUT \
  'https://api.sbx.transmitsecurity.io/cis/v1/applications/{appId}' \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{
    "app_name": "My App",
    "app_description": "string",
    "service_providers": [
      "string"
    ],
    "allow_public_signup": false,
    "authenticator_preferences": {
      "is_centralized": false,
      "login_uri": "https://www.example.com/login"
    },
    "login_uri": "https://www.example.com/login",
    "invite_member_uri": "https://www.example.com/login",
    "invite_member_email_expiration_minutes": 2880,
    "refresh_token_invalidation_trigger_configuration": {
      "invalidateOnMemberSuspension": true,
      "invalidateOnMemberPasswordReset": true,
      "invalidateOnMemberRoleUpdate": true
    },
    "client_type": "web",
    "client_display_name": "string",
    "client_description": "string",
    "first_client_authentication_protocol": "oidc",
    "first_client": {
      "name": "My Client",
      "description": "string",
      "resources": [
        "string"
      ],
      "authentication_protocol": "oidc",
      "client_group_id": "string",
      "default_custom_claims": [
        "tid"
      ],
      "short_cookies_samesite_type": "lax",
      "redirect_uris": [
        "https://www.example.com/login"
      ],
      "client_type": "web",
      "device_authorization": {
        "enabled": false,
        "approval_uri": "https://www.example.com/device/approval",
        "success_uri": "https://www.example.com/device/complete",
        "input_uri": "https://www.example.com/device/start"
      },
      "ciba_authorization": {
        "enabled": false,
        "login_uri": "https://www.example.com/ciba/login"
      },
      "is_third_party": true,
      "allowed_scopes": [
        "string"
      ],
      "consent_uri": "string",
      "consent_validity_period": 0,
      "pkce": "enforcePkceInsteadOfClientCredentials",
      "supported_prompts": [
        "login",
        "consent",
        "none"
      ],
      "token_expiration": {
        "access_token_ttl": 0,
        "refresh_token_ttl": 0,
        "max_refresh_rotate": 0
      },
      "session_expiration": 0,
      "enforce_par": true,
      "role_ids": [
        "string"
      ],
      "fapi_version_compliancy": true,
      "token_endpoint_auth_method": "client_secret_basic",
      "response_types": [
        "code"
      ],
      "authentication_configuration": {
        "method": "client_secret_basic",
        "tls_client_auth": {
          "certificate_chain": "string",
          "distinguished_name": 6,
          "ocsp_on": true,
          "ocsp_responder_uri": "string",
          "ocsp_responder_certificate": "string",
          "ocsp_fail_open": true
        },
        "isMtlsCertTokenBound": true,
        "jwks": {}
      }
    },
    "redirect_uris": [
      "https://www.example.com/login"
    ],
    "logo": "string",
    "resources": [
      "string"
    ],
    "device_authorization": {
      "enabled": false,
      "approval_uri": "https://www.example.com/device/approval",
      "success_uri": "https://www.example.com/device/complete",
      "input_uri": "https://www.example.com/device/start"
    },
    "ciba_authorization": {
      "enabled": false,
      "login_uri": "https://www.example.com/ciba/login"
    },
    "client_auth_method": "client_secret_basic",
    "subdomain": "myapp",
    "custom_domain": "myapp.com",
    "pkce": "enforcePkceInsteadOfClientCredentials",
    "should_delete_signing_key": false,
    "signing_key_enabled": false,
    "invite_client_id": "string"
  }'

Responses

Bodyapplication/json
resultobjectrequired
result.​app_idstringrequired

Application ID

result.​tenant_idstringrequired

Tenant ID

result.​app_namestringrequired

Application name displayed in the Admin Portal

result.​app_descriptionstringrequired

Short description of your application, displayed in the Admin Portal

result.​logostringrequired

URI of your application's logo, such as for email templates

result.​login_preferencesobjectrequired
result.​login_preferences.​auth_methodsobjectrequired
result.​login_preferences.​auth_methods.​googleobject
result.​login_preferences.​auth_methods.​facebookobject
result.​login_preferences.​auth_methods.​emailobject
result.​login_preferences.​auth_methods.​email_otpobject
result.​login_preferences.​auth_methods.​appleobject
result.​login_preferences.​auth_methods.​smsobject
result.​login_preferences.​auth_methods.​webauthn_apiobject
result.​login_preferences.​auth_methods.​lineobject
result.​login_preferences.​auth_methods.​passwordobject
result.​login_preferences.​auth_methods.​totpobject
result.​login_preferences.​auth_methods.​pushobject
result.​login_preferences.​auth_methods.​tiktokobject
result.​login_preferences.​auth_methods.​pin_authenticatorobject
result.​login_preferences.​auth_methods.​faceobject
result.​created_atstring(date-time)required

Date the application was created

result.​created_bystringrequired

The user that created the application

result.​updated_atstring(date-time)required

Date the application was last updated

result.​service_providersArray of stringsrequired

List of service providers this application is allowed to explicitly redirect to

result.​authenticator_preferencesobjectrequired
result.​authenticator_preferences.​is_centralizedbooleanrequired

Indicates whether to set the application as the Authentication Hub for this tenant

Default false
result.​authenticator_preferences.​login_uristringrequired

URI of the application that will initiate an authentication flow when centralized login is requested

Example: "https://www.example.com/login"
result.​allow_public_signupbooleanrequired

Determines if the application is allowed to request to create new users via login flows

result.​pkcestring

PKCE configuration

Enum"enforcePkceInsteadOfClientCredentials""enforcePkceAlongsideClientCredentials""allowPkceAlongsideClientCredentials"
result.​password_sharing_group_idstring

If the app has opted in to password sharing, this identifies the group of apps that it shares passwords with.

result.​login_uristring

URI used to redirect the user to the login page of the application (when needed)

Example: "https://www.example.com/login"
result.​invite_member_uristring

URI used to redirect the member to the login page of the application (when needed)

Example: "https://www.example.com/login"
result.​invite_client_idstring

Client used for the email magic link invitation flow

result.​subdomainstring

Subdomain of Org admin portal that can be offered for organizations to manage their users (when needed)

Example: "myapp"
result.​invite_member_email_expiration_minutesnumber

Member invite email link expiration in minutes

Default 2880
result.​custom_domainobject
result.​external_communicationobject
result.​signing_key_enabledboolean

Determines if application specific signing key is enabled

result.​refresh_token_invalidation_trigger_configurationobject
result.​client_typestringDeprecated

Type of the default client

Default "web"
Enum"web""native"
result.​client_idstringDeprecated

Client ID of the default client used for API requests

result.​client_display_namestringDeprecated

Client name of the default client to display when needed

result.​client_descriptionstringDeprecated

Short description of the default client

result.​client_secretstringDeprecated

Client secret of the default client used to obtain tokens for API authorization

result.​redirect_urisArray of stringsDeprecated

List of URI approved for redirects for your default client

result.​resourcesArray of stringsDeprecated

List of resources the default client is allowed to explicitly request access to

result.​client_auth_methodstringDeprecated

This field is deprecated- to configure pkce use "pkce" field instead

Enum"client_secret_basic""self_signed_tls_client_auth""tls_client_auth""none""private_key_jwt"
result.​device_authorizationobjectDeprecated
result.​ciba_authorizationobjectDeprecated
Response
application/json
{
  "result": {
    "app_id": "string",
    "tenant_id": "string",
    "app_name": "string",
    "app_description": "string",
    "client_type": "web",
    "logo": "string",
    "client_id": "string",
    "client_display_name": "string",
    "client_description": "string",
    "client_secret": "string",
    "redirect_uris": [],
    "login_preferences": {},
    "created_at": "2019-08-24T14:15:22Z",
    "created_by": "string",
    "updated_at": "2019-08-24T14:15:22Z",
    "resources": [],
    "service_providers": [],
    "authenticator_preferences": {},
    "allow_public_signup": true,
    "client_auth_method": "client_secret_basic",
    "pkce": "enforcePkceInsteadOfClientCredentials",
    "device_authorization": {},
    "ciba_authorization": {},
    "password_sharing_group_id": "string",
    "login_uri": "https://www.example.com/login",
    "invite_member_uri": "https://www.example.com/login",
    "invite_client_id": "string",
    "subdomain": "myapp",
    "invite_member_email_expiration_minutes": 2880,
    "custom_domain": {},
    "external_communication": {},
    "signing_key_enabled": true,
    "refresh_token_invalidation_trigger_configuration": {}
  }
}

Delete app

Request

Delete an application.

Required permissions: apps:delete, [appId]:delete.

Security
ClientAccessToken
Path
appIdstringrequired

ID of the application to delete

curl -i -X DELETE \
  'https://api.sbx.transmitsecurity.io/cis/v1/applications/{appId}' \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>'

Responses

Response
No content

Create signing key

Request

Create a new signing key.

Required permissions: apps:create, [appId]:create, apps:edit, [appId]:edit.

Security
ClientAccessToken
Bodyapplication/jsonrequired
namestringrequired

Name of the signing key

curl -i -X POST \
  https://api.sbx.transmitsecurity.io/cis/v1/applications/signing-keys \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{
    "name": "string"
  }'

Responses

Bodyapplication/json
messageArray of stringsrequired
Example: "Bad request"
error_codenumberrequired
Example: 400
Response
application/json
{
  "message": "Bad request",
  "error_code": 400
}

Get all token signing keys

Request

Retrieves a list of token signing keys for an application.

Required permissions: apps:read, [appId]:read.

Security
ClientAccessToken
curl -i -X GET \
  https://api.sbx.transmitsecurity.io/cis/v1/applications/signing-keys \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>'

Responses

Bodyapplication/jsonArray [
object
]
Response
application/json
[
  {
    "id": "string",
    "app_id": "string",
    "tenant_id": "string",
    "kid": "string",
    "name": "string",
    "status": "signing",
    "source": "global",
    "created_at": "2019-08-24T14:15:22Z",
    "updated_at": "2019-08-24T14:15:22Z",
    "deleted_at": "2019-08-24T14:15:22Z"
  }
]

Upload signing key

Request

Upload a new signing key.

Required permissions: apps:create, [appId]:create, apps:edit, [appId]:edit.

Security
ClientAccessToken
Bodyapplication/jsonrequired
namestringrequired

Name of the signing key

jwkobjectrequired

JWK of the signing key

curl -i -X POST \
  https://api.sbx.transmitsecurity.io/cis/v1/applications/signing-keys/upload \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{
    "name": "string",
    "jwk": {}
  }'

Responses

Bodyapplication/json
messageArray of stringsrequired
Example: "Bad request"
error_codenumberrequired
Example: 400
Response
application/json
{
  "message": "Bad request",
  "error_code": 400
}

Update a signing key

Request

Update a signing key.

Required permissions: apps:create, [appId]:create, apps:edit, [appId]:edit.

Security
ClientAccessToken
Path
idstringrequired
Bodyapplication/jsonrequired
statusstring

Status of the signing key

Enum"signing""disabled""validating"
namestring

Name of the signing key

curl -i -X PUT \
  'https://api.sbx.transmitsecurity.io/cis/v1/applications/signing-keys/{id}' \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{
    "status": "signing",
    "name": "string"
  }'

Responses

Bodyapplication/json
idstringrequired

ID of the signing key

app_idstringrequired

Application ID

tenant_idstringrequired

Tenant ID

kidstringrequired

KID of the signing key

namestringrequired

Name of the signing key

statusstringrequired

Status of the signing key

Enum"signing""disabled""validating"
sourcestringrequired

Source of the signing key

Enum"global""mosaic""uploaded"
created_atstring(date-time)required

Date the signing key was created

updated_atstring(date-time)required

Date the signing key was updated

deleted_atstring(date-time)required

Date the signing key was deleted

Response
application/json
{
  "id": "string",
  "app_id": "string",
  "tenant_id": "string",
  "kid": "string",
  "name": "string",
  "status": "signing",
  "source": "global",
  "created_at": "2019-08-24T14:15:22Z",
  "updated_at": "2019-08-24T14:15:22Z",
  "deleted_at": "2019-08-24T14:15:22Z"
}

Delete signing key

Request

Delete a signing key.

Required permissions: apps:delete, [appId]:delete, apps:create, [appId]:create, apps:edit, [appId]:edit.

Security
ClientAccessToken
Path
idstringrequired

ID of the signing key to delete

curl -i -X DELETE \
  'https://api.sbx.transmitsecurity.io/cis/v1/applications/signing-keys/{id}' \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>'

Responses

Response
No content

Update app resourcesDeprecated

Request

Update the list of resources that a default client of the application is allowed to explicitly request access to

Security
ClientAccessToken
Path
appIdstringrequired
Bodyapplication/jsonrequired
resource_idsArray of stringsrequired

List of resources this application is allowed to explicitly request access to

curl -i -X PUT \
  'https://api.sbx.transmitsecurity.io/cis/v1/applications/{appId}/resources' \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{
    "resource_ids": [
      "string"
    ]
  }'

Responses

Bodyapplication/json
resultobjectrequired
result.​app_idstringrequired

Application ID

result.​tenant_idstringrequired

Tenant ID

result.​app_namestringrequired

Application name displayed in the Admin Portal

result.​app_descriptionstringrequired

Short description of your application, displayed in the Admin Portal

result.​logostringrequired

URI of your application's logo, such as for email templates

result.​login_preferencesobjectrequired
result.​login_preferences.​auth_methodsobjectrequired
result.​login_preferences.​auth_methods.​googleobject
result.​login_preferences.​auth_methods.​facebookobject
result.​login_preferences.​auth_methods.​emailobject
result.​login_preferences.​auth_methods.​email_otpobject
result.​login_preferences.​auth_methods.​appleobject
result.​login_preferences.​auth_methods.​smsobject
result.​login_preferences.​auth_methods.​webauthn_apiobject
result.​login_preferences.​auth_methods.​lineobject
result.​login_preferences.​auth_methods.​passwordobject
result.​login_preferences.​auth_methods.​totpobject
result.​login_preferences.​auth_methods.​pushobject
result.​login_preferences.​auth_methods.​tiktokobject
result.​login_preferences.​auth_methods.​pin_authenticatorobject
result.​login_preferences.​auth_methods.​faceobject
result.​created_atstring(date-time)required

Date the application was created

result.​created_bystringrequired

The user that created the application

result.​updated_atstring(date-time)required

Date the application was last updated

result.​service_providersArray of stringsrequired

List of service providers this application is allowed to explicitly redirect to

result.​authenticator_preferencesobjectrequired
result.​authenticator_preferences.​is_centralizedbooleanrequired

Indicates whether to set the application as the Authentication Hub for this tenant

Default false
result.​authenticator_preferences.​login_uristringrequired

URI of the application that will initiate an authentication flow when centralized login is requested

Example: "https://www.example.com/login"
result.​allow_public_signupbooleanrequired

Determines if the application is allowed to request to create new users via login flows

result.​pkcestring

PKCE configuration

Enum"enforcePkceInsteadOfClientCredentials""enforcePkceAlongsideClientCredentials""allowPkceAlongsideClientCredentials"
result.​password_sharing_group_idstring

If the app has opted in to password sharing, this identifies the group of apps that it shares passwords with.

result.​login_uristring

URI used to redirect the user to the login page of the application (when needed)

Example: "https://www.example.com/login"
result.​invite_member_uristring

URI used to redirect the member to the login page of the application (when needed)

Example: "https://www.example.com/login"
result.​invite_client_idstring

Client used for the email magic link invitation flow

result.​subdomainstring

Subdomain of Org admin portal that can be offered for organizations to manage their users (when needed)

Example: "myapp"
result.​invite_member_email_expiration_minutesnumber

Member invite email link expiration in minutes

Default 2880
result.​custom_domainobject
result.​external_communicationobject
result.​signing_key_enabledboolean

Determines if application specific signing key is enabled

result.​refresh_token_invalidation_trigger_configurationobject
result.​client_typestringDeprecated

Type of the default client

Default "web"
Enum"web""native"
result.​client_idstringDeprecated

Client ID of the default client used for API requests

result.​client_display_namestringDeprecated

Client name of the default client to display when needed

result.​client_descriptionstringDeprecated

Short description of the default client

result.​client_secretstringDeprecated

Client secret of the default client used to obtain tokens for API authorization

result.​redirect_urisArray of stringsDeprecated

List of URI approved for redirects for your default client

result.​resourcesArray of stringsDeprecated

List of resources the default client is allowed to explicitly request access to

result.​client_auth_methodstringDeprecated

This field is deprecated- to configure pkce use "pkce" field instead

Enum"client_secret_basic""self_signed_tls_client_auth""tls_client_auth""none""private_key_jwt"
result.​device_authorizationobjectDeprecated
result.​ciba_authorizationobjectDeprecated
Response
application/json
{
  "result": {
    "app_id": "string",
    "tenant_id": "string",
    "app_name": "string",
    "app_description": "string",
    "client_type": "web",
    "logo": "string",
    "client_id": "string",
    "client_display_name": "string",
    "client_description": "string",
    "client_secret": "string",
    "redirect_uris": [],
    "login_preferences": {},
    "created_at": "2019-08-24T14:15:22Z",
    "created_by": "string",
    "updated_at": "2019-08-24T14:15:22Z",
    "resources": [],
    "service_providers": [],
    "authenticator_preferences": {},
    "allow_public_signup": true,
    "client_auth_method": "client_secret_basic",
    "pkce": "enforcePkceInsteadOfClientCredentials",
    "device_authorization": {},
    "ciba_authorization": {},
    "password_sharing_group_id": "string",
    "login_uri": "https://www.example.com/login",
    "invite_member_uri": "https://www.example.com/login",
    "invite_client_id": "string",
    "subdomain": "myapp",
    "invite_member_email_expiration_minutes": 2880,
    "custom_domain": {},
    "external_communication": {},
    "signing_key_enabled": true,
    "refresh_token_invalidation_trigger_configuration": {}
  }
}