Clients

Download OpenAPI specification:Download

Allows an application to manage its clients, including updating existing clients and creating additional clients. To authorize API calls, use an access token for the relevant application. To manage apps and their clients as a tenant admin, see Application APIs.

Create client

Creates an additional client for the app. To authorize a request, use an access token for the relevant application.

SecurityOAuth2: ClientAccessToken
Request
Request Body schema: application/json
required
name
required
string

Name of the client

description
string

Short description of the client

redirect_uris
required
Array of strings

List of URIs approved for redirects for your client

client_type
string
Default: "web"

Client type

Enum: "web" "native"
response_types
Array of strings
Default: ["code","id_token"]
Items Enum: "code" "id_token"
token_endpoint_auth_method
string
Deprecated
Default: "client_secret_basic"

This field is deprecated- to configure pkce use "pkce" field instead

Enum: "client_secret_basic" "self_signed_tls_client_auth" "none" "private_key_jwt"
resources
Array of strings

List of resources IDs associated with this client

object

Configuration for an OAuth Device Authorization Flow

object

CIBA authorization flow configuration

pkce
string

PKCE configuration

Enum: "enforcePkceInsteadOfClientCredentials" "enforcePkceAlongsideClientCredentials" "allowPkceAlongsideClientCredentials"
Responses
201
400
409
post/v1/clients
Request samples
application/json
{}
Response samples
application/json
{
  • "app_id": "string",
  • "tenant_id": "string",
  • "client_id": "string",
  • "client_secret": "string",
  • "name": "string",
  • "description": "string",
  • "resources": [
    ],
  • "created_at": "2019-08-24T14:15:22Z",
  • "updated_at": "2019-08-24T14:15:22Z",
  • "authentication_protocol": "oidc",
  • "client_group_id": "string",
  • "default_custom_claims": [
    ],
  • "redirect_uris": [
    ],
  • "client_type": "web",
  • "response_types": [
    ],
  • "token_endpoint_auth_method": "client_secret_basic",
  • "pkce": "enforcePkceInsteadOfClientCredentials",
  • "device_authorization": {},
  • "ciba_authorization": {},
  • "supported_prompts": [
    ],
  • "authentication_configuration": {
    },
  • "token_expiration": {
    }
}

Get all clients

Retrieves a list of clients for the app. To authorize a request, use an access token for the relevant application.

SecurityOAuth2: ClientAccessToken
Responses
200
400
get/v1/clients
Request samples
Response samples
application/json
[
  • {
    }
]

Delete all clients

Deletes all clients associated with the app. To authorize a request, use an access token for the relevant application. Note that the application cannot be used without clients.

SecurityOAuth2: ClientAccessToken
Responses
204
400
404
delete/v1/clients
Request samples
Response samples
application/json
{
  • "message": "Bad request",
  • "error_code": 400
}

Get client by ID

Retrieves a client by client ID. To authorize a request, use an access token for the relevant application.

SecurityOAuth2: ClientAccessToken
Request
path Parameters
clientId
required
string

ID of the client to retrieve

Responses
200
400
404
get/v1/clients/{clientId}
Request samples
Response samples
application/json
{
  • "app_id": "string",
  • "tenant_id": "string",
  • "client_id": "string",
  • "client_secret": "string",
  • "name": "string",
  • "description": "string",
  • "resources": [
    ],
  • "created_at": "2019-08-24T14:15:22Z",
  • "updated_at": "2019-08-24T14:15:22Z",
  • "authentication_protocol": "oidc",
  • "client_group_id": "string",
  • "default_custom_claims": [
    ],
  • "redirect_uris": [
    ],
  • "client_type": "web",
  • "response_types": [
    ],
  • "token_endpoint_auth_method": "client_secret_basic",
  • "pkce": "enforcePkceInsteadOfClientCredentials",
  • "device_authorization": {},
  • "ciba_authorization": {},
  • "supported_prompts": [
    ],
  • "authentication_configuration": {
    },
  • "token_expiration": {
    }
}

Update client

Update a client by its ID. To authorize a request, use an access token for the relevant application. Note: Fields that are objects cannot be partially updated, since the new value you set will just replace the current one.

SecurityOAuth2: ClientAccessToken
Request
path Parameters
clientId
required
string

ID of the client to update

Request Body schema: application/json
required
name
string

Name of the client

description
string

Short description of the client

redirect_uris
Array of strings

List of URIs approved for redirects for your client

client_type
string
Default: "web"

Client type

Enum: "web" "native"
response_types
Array of strings
Default: ["code","id_token"]
Items Enum: "code" "id_token"
token_endpoint_auth_method
string
Deprecated
Default: "client_secret_basic"

This field is deprecated- to configure pkce use "pkce" field instead

Enum: "client_secret_basic" "self_signed_tls_client_auth" "none" "private_key_jwt"
resources
Array of strings

List of resources IDs associated with this client

object

Configuration for an OAuth Device Authorization Flow

object

CIBA authorization flow configuration

pkce
string

PKCE configuration

Enum: "enforcePkceInsteadOfClientCredentials" "enforcePkceAlongsideClientCredentials" "allowPkceAlongsideClientCredentials"
Responses
200
400
404
put/v1/clients/{clientId}
Request samples
application/json
{}
Response samples
application/json
{
  • "app_id": "string",
  • "tenant_id": "string",
  • "client_id": "string",
  • "client_secret": "string",
  • "name": "string",
  • "description": "string",
  • "resources": [
    ],
  • "created_at": "2019-08-24T14:15:22Z",
  • "updated_at": "2019-08-24T14:15:22Z",
  • "authentication_protocol": "oidc",
  • "client_group_id": "string",
  • "default_custom_claims": [
    ],
  • "redirect_uris": [
    ],
  • "client_type": "web",
  • "response_types": [
    ],
  • "token_endpoint_auth_method": "client_secret_basic",
  • "pkce": "enforcePkceInsteadOfClientCredentials",
  • "device_authorization": {},
  • "ciba_authorization": {},
  • "supported_prompts": [
    ],
  • "authentication_configuration": {
    },
  • "token_expiration": {
    }
}

Delete client

Deletes a client. To authorize a request, use an access token for the relevant application.

SecurityOAuth2: ClientAccessToken
Request
path Parameters
clientId
required
string

ID of the client to delete

Responses
204
400
404
delete/v1/clients/{clientId}
Request samples
Response samples
application/json
{
  • "message": "Bad request",
  • "error_code": 400
}

Update client resources

Updates the list of resources that a client is allowed to explicitly request access to. To authorize a request, use an access token for the relevant application.

SecurityOAuth2: ClientAccessToken
Request
path Parameters
clientId
required
string
Request Body schema: application/json
required
resource_ids
required
Array of strings

List of resources this application is allowed to explicitly request access to

Responses
200
put/v1/clients/{clientId}/resources
Request samples
application/json
{
  • "resource_ids": [
    ]
}
Response samples
application/json
{
  • "app_id": "string",
  • "tenant_id": "string",
  • "client_id": "string",
  • "client_secret": "string",
  • "name": "string",
  • "description": "string",
  • "resources": [
    ],
  • "created_at": "2019-08-24T14:15:22Z",
  • "updated_at": "2019-08-24T14:15:22Z",
  • "authentication_protocol": "oidc",
  • "client_group_id": "string",
  • "default_custom_claims": [
    ],
  • "redirect_uris": [
    ],
  • "client_type": "web",
  • "response_types": [
    ],
  • "token_endpoint_auth_method": "client_secret_basic",
  • "pkce": "enforcePkceInsteadOfClientCredentials",
  • "device_authorization": {},
  • "ciba_authorization": {},
  • "supported_prompts": [
    ],
  • "authentication_configuration": {
    },
  • "token_expiration": {
    }
}