Skip to content

Clients

Allows an application to manage its clients, including updating existing clients and creating additional clients. To authorize API calls, use an access token for the relevant application. To manage apps and their clients as a tenant admin, see Application APIs.

Download OpenAPI description
clients.openapi.json
clients.openapi.yaml
Languages
Servers
Sandbox environment
https://api.sbx.transmitsecurity.io/cis/
Production environment (US)
https://api.transmitsecurity.io/cis/
Production environment (EU)
https://api.eu.transmitsecurity.io/cis/
Production environment (CA)
https://api.ca.transmitsecurity.io/cis/
Production environment (AU)
https://api.au.transmitsecurity.io/cis/

Create client

Request

Creates an additional client for the app. To authorize a request, use an access token for the relevant application.

Required permissions: apps:create, [appId]:create, apps:edit, [appId]:edit.

Security
ClientAccessToken
Bodyapplication/jsonrequired
Any of:
namestringrequired

Name of the client

Example: "My Client"
descriptionstring

Short description of the client

resourcesArray of strings

List of resources IDs associated with this client

authentication_protocolstring

Authentication protocol used by the client

Default "oidc"
Enum"oidc""saml"
client_group_idstring

Id of client group to associate with

default_custom_claimsArray of strings

List of client default custom claims

Items Enum"tid""fname""lname""mname""email""email_verified""phone_number""phone_number_verified""groups""new_user"
short_cookies_samesite_typestring

Short cookies samesite type. Possible values: "none", "lax", "strict". Default: "lax"

Default "lax"
Enum"lax""none"
redirect_urisArray of stringsrequired

List of URIs approved for redirects for your client

Example: ["https://www.example.com/login"]
client_typestring

Client type

Default "web"
Enum"web""native"
device_authorizationobject
ciba_authorizationobject
is_third_partyboolean

Is third party client

allowed_scopesArray of strings

Allowed scopes

consent_uristring

Consent URI

consent_validity_periodnumber

Consent validity period

pkcestring

PKCE configuration

Enum"enforcePkceInsteadOfClientCredentials""enforcePkceAlongsideClientCredentials""allowPkceAlongsideClientCredentials"
supported_promptsArray of strings

Supported prompts for the OIDC authentication flow

Items Enum"login""consent""none"
Example: ["login","consent","none"]
token_expirationobject
session_expirationnumber

Session expiration time (seconds)

enforce_parboolean

enforce PAR (Pushed Authorization Request) for this client

role_idsArray of strings

Role IDs

fapi_version_compliancyboolean

FAPI 2.0 compliancy configuration

response_typesArray of strings
Default ["code","id_token"]
Items Enum"code""id_token"
Example: ["code"]
authentication_configurationobject
token_endpoint_auth_methodstringDeprecated

This field is deprecated- to configure pkce use "pkce" field instead

Default "client_secret_basic"
Enum"client_secret_basic""self_signed_tls_client_auth""tls_client_auth""none""private_key_jwt"
curl -i -X POST \
  https://api.sbx.transmitsecurity.io/cis/v1/clients \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{
    "name": "My Client",
    "description": "string",
    "resources": [
      "string"
    ],
    "authentication_protocol": "oidc",
    "client_group_id": "string",
    "default_custom_claims": [
      "tid"
    ],
    "short_cookies_samesite_type": "lax",
    "redirect_uris": [
      "https://www.example.com/login"
    ],
    "client_type": "web",
    "device_authorization": {
      "enabled": false,
      "approval_uri": "https://www.example.com/device/approval",
      "success_uri": "https://www.example.com/device/complete",
      "input_uri": "https://www.example.com/device/start"
    },
    "ciba_authorization": {
      "enabled": false,
      "login_uri": "https://www.example.com/ciba/login"
    },
    "is_third_party": true,
    "allowed_scopes": [
      "string"
    ],
    "consent_uri": "string",
    "consent_validity_period": 0,
    "pkce": "enforcePkceInsteadOfClientCredentials",
    "supported_prompts": [
      "login",
      "consent",
      "none"
    ],
    "token_expiration": {
      "access_token_ttl": 0,
      "refresh_token_ttl": 0,
      "max_refresh_rotate": 0
    },
    "session_expiration": 0,
    "enforce_par": true,
    "role_ids": [
      "string"
    ],
    "fapi_version_compliancy": true,
    "token_endpoint_auth_method": "client_secret_basic",
    "response_types": [
      "code"
    ],
    "authentication_configuration": {
      "method": "client_secret_basic",
      "tls_client_auth": {
        "certificate_chain": "string",
        "distinguished_name": 6,
        "ocsp_on": true,
        "ocsp_responder_uri": "string",
        "ocsp_responder_certificate": "string",
        "ocsp_fail_open": true
      },
      "isMtlsCertTokenBound": true,
      "jwks": {}
    }
  }'

Responses

Bodyapplication/json
Any of:
app_idstringrequired

Application ID

tenant_idstringrequired

Tenant ID

client_idstringrequired

Client ID used for API requests

client_secretstringrequired

Client secret used to obtain tokens for API authorization

namestringrequired

Client name displayed in the Admin Portal

descriptionstringrequired

Short description of your client, displayed in the Admin Portal

resourcesArray of stringsrequired

List of resources this client is allowed to explicitly request access to

created_atstring(date-time)required

Date the client was created

updated_atstring(date-time)required

Date the client was last updated

authentication_protocolstringrequired

Authentication protocol used by the client

Enum"oidc""saml"
client_group_idstringrequired

Id of client group where client is assigned

default_custom_claimsArray of stringsrequired

List of all the custom claims the client wants to receive by default

Items Enum"tid""fname""lname""mname""email""email_verified""phone_number""phone_number_verified""groups""new_user"
short_cookies_samesite_typestring

Short cookies samesite type. Possible values: "none", "lax", "strict". Default: "lax"

Default "lax"
Enum"lax""none"
redirect_urisArray of stringsrequired

List of URIs approved for redirects for your client

client_typestring

Type of client

Default "web"
Enum"web""native"
response_typesArray of strings
Default ["code","id_token","none"]
Items Enum"code""id_token"
Example: ["code"]
pkcestring

PKCE configuration

Enum"enforcePkceInsteadOfClientCredentials""enforcePkceAlongsideClientCredentials""allowPkceAlongsideClientCredentials"
device_authorizationobjectrequired
device_authorization.​enabledbooleanrequired

Determines if the client is allowed to use the OAuth device authorization flow

Default false
device_authorization.​approval_uristringrequired

The URI of the page that allows the user to approve the access request

Example: "https://www.example.com/device/approval"
device_authorization.​success_uristringrequired

Callback URI that receives an indication of whether the end-user authentication was completed successfully.

Example: "https://www.example.com/device/complete"
device_authorization.​input_uristringrequired

The URI of the page that allows the user to enter the code

Example: "https://www.example.com/device/start"
ciba_authorizationobjectrequired
ciba_authorization.​enabledbooleanrequired

Determines if the client is allowed to use the OAuth CIBA authorization flow

Default false
ciba_authorization.​login_uristring

The URI of the page that allows the user to log-in and verify the access request

Example: "https://www.example.com/ciba/login"
supported_promptsArray of stringsrequired

Supported prompts for oidc authentication flow

Items Enum"login""consent""none"
authentication_configurationobject
token_expirationobjectrequired
token_expiration.​access_token_ttlnumber

Access token time-to-live

token_expiration.​refresh_token_ttlnumber

Refresh token time-to-live

token_expiration.​max_refresh_rotatenumber

Maximum time the refresh token can be rotated

session_expirationnumberrequired

Session expiration time (seconds)

enforce_parbooleanrequired

Enforce PAR (Pushed Authorization Request) for this client

fapi_version_compliancybooleanrequired

FAPI compliance

token_endpoint_auth_methodstringDeprecated

This field is deprecated- to configure pkce use "pkce" field instead

Enum"client_secret_basic""self_signed_tls_client_auth""tls_client_auth""none""private_key_jwt"
Response
application/json
{
  "app_id": "string",
  "tenant_id": "string",
  "client_id": "string",
  "client_secret": "string",
  "name": "string",
  "description": "string",
  "resources": [
    "string"
  ],
  "created_at": "2019-08-24T14:15:22Z",
  "updated_at": "2019-08-24T14:15:22Z",
  "authentication_protocol": "oidc",
  "client_group_id": "string",
  "default_custom_claims": [
    "tid"
  ],
  "short_cookies_samesite_type": "lax",
  "redirect_uris": [
    "string"
  ],
  "client_type": "web",
  "response_types": [
    "code"
  ],
  "token_endpoint_auth_method": "client_secret_basic",
  "pkce": "enforcePkceInsteadOfClientCredentials",
  "device_authorization": {
    "enabled": false,
    "approval_uri": "https://www.example.com/device/approval",
    "success_uri": "https://www.example.com/device/complete",
    "input_uri": "https://www.example.com/device/start"
  },
  "ciba_authorization": {
    "enabled": false,
    "login_uri": "https://www.example.com/ciba/login"
  },
  "supported_prompts": [
    "login"
  ],
  "authentication_configuration": {
    "method": "client_secret_basic",
    "tls_client_auth": {},
    "isMtlsCertTokenBound": true,
    "jwks": {}
  },
  "token_expiration": {
    "access_token_ttl": 0,
    "refresh_token_ttl": 0,
    "max_refresh_rotate": 0
  },
  "session_expiration": 0,
  "enforce_par": true,
  "fapi_version_compliancy": true
}

Get all clients

Request

Retrieves a list of clients for the app. To authorize a request, use an access token for the relevant application.

Required permissions: apps:read, [appId]:read.

Security
ClientAccessToken
curl -i -X GET \
  https://api.sbx.transmitsecurity.io/cis/v1/clients \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>'

Responses

Bodyapplication/jsonArray [
Any of:
app_idstringrequired

Application ID

tenant_idstringrequired

Tenant ID

client_idstringrequired

Client ID used for API requests

client_secretstringrequired

Client secret used to obtain tokens for API authorization

namestringrequired

Client name displayed in the Admin Portal

descriptionstringrequired

Short description of your client, displayed in the Admin Portal

resourcesArray of stringsrequired

List of resources this client is allowed to explicitly request access to

created_atstring(date-time)required

Date the client was created

updated_atstring(date-time)required

Date the client was last updated

authentication_protocolstringrequired

Authentication protocol used by the client

Enum"oidc""saml"
client_group_idstringrequired

Id of client group where client is assigned

default_custom_claimsArray of stringsrequired

List of all the custom claims the client wants to receive by default

Items Enum"tid""fname""lname""mname""email""email_verified""phone_number""phone_number_verified""groups""new_user"
short_cookies_samesite_typestring

Short cookies samesite type. Possible values: "none", "lax", "strict". Default: "lax"

Default "lax"
Enum"lax""none"
redirect_urisArray of stringsrequired

List of URIs approved for redirects for your client

client_typestring

Type of client

Default "web"
Enum"web""native"
response_typesArray of strings
Default ["code","id_token","none"]
Items Enum"code""id_token"
Example: ["code"]
pkcestring

PKCE configuration

Enum"enforcePkceInsteadOfClientCredentials""enforcePkceAlongsideClientCredentials""allowPkceAlongsideClientCredentials"
device_authorizationobjectrequired
device_authorization.​enabledbooleanrequired

Determines if the client is allowed to use the OAuth device authorization flow

Default false
device_authorization.​approval_uristringrequired

The URI of the page that allows the user to approve the access request

Example: "https://www.example.com/device/approval"
device_authorization.​success_uristringrequired

Callback URI that receives an indication of whether the end-user authentication was completed successfully.

Example: "https://www.example.com/device/complete"
device_authorization.​input_uristringrequired

The URI of the page that allows the user to enter the code

Example: "https://www.example.com/device/start"
ciba_authorizationobjectrequired
ciba_authorization.​enabledbooleanrequired

Determines if the client is allowed to use the OAuth CIBA authorization flow

Default false
ciba_authorization.​login_uristring

The URI of the page that allows the user to log-in and verify the access request

Example: "https://www.example.com/ciba/login"
supported_promptsArray of stringsrequired

Supported prompts for oidc authentication flow

Items Enum"login""consent""none"
authentication_configurationobject
token_expirationobjectrequired
token_expiration.​access_token_ttlnumber

Access token time-to-live

token_expiration.​refresh_token_ttlnumber

Refresh token time-to-live

token_expiration.​max_refresh_rotatenumber

Maximum time the refresh token can be rotated

session_expirationnumberrequired

Session expiration time (seconds)

enforce_parbooleanrequired

Enforce PAR (Pushed Authorization Request) for this client

fapi_version_compliancybooleanrequired

FAPI compliance

token_endpoint_auth_methodstringDeprecated

This field is deprecated- to configure pkce use "pkce" field instead

Enum"client_secret_basic""self_signed_tls_client_auth""tls_client_auth""none""private_key_jwt"
]
Response
application/json
[
  {
    "app_id": "string",
    "tenant_id": "string",
    "client_id": "string",
    "client_secret": "string",
    "name": "string",
    "description": "string",
    "resources": [],
    "created_at": "2019-08-24T14:15:22Z",
    "updated_at": "2019-08-24T14:15:22Z",
    "authentication_protocol": "oidc",
    "client_group_id": "string",
    "default_custom_claims": [],
    "short_cookies_samesite_type": "lax",
    "redirect_uris": [],
    "client_type": "web",
    "response_types": [],
    "token_endpoint_auth_method": "client_secret_basic",
    "pkce": "enforcePkceInsteadOfClientCredentials",
    "device_authorization": {},
    "ciba_authorization": {},
    "supported_prompts": [],
    "authentication_configuration": {},
    "token_expiration": {},
    "session_expiration": 0,
    "enforce_par": true,
    "fapi_version_compliancy": true
  }
]

Delete all clients

Request

Deletes all clients associated with the app. To authorize a request, use an access token for the relevant application. Note that the application cannot be used without clients.

Required permissions: apps:create, [appId]:create, apps:edit, [appId]:edit, apps:delete, [appId]:delete.

Security
ClientAccessToken
curl -i -X DELETE \
  https://api.sbx.transmitsecurity.io/cis/v1/clients \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>'

Responses

Response
No content

Get client by ID

Request

Retrieves a client by client ID. To authorize a request, use an access token for the relevant application.

Required permissions: apps:read, [appId]:read.

Security
ClientAccessToken
Path
clientIdstringrequired

ID of the client to retrieve

curl -i -X GET \
  'https://api.sbx.transmitsecurity.io/cis/v1/clients/{clientId}' \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>'

Responses

Bodyapplication/json
Any of:
app_idstringrequired

Application ID

tenant_idstringrequired

Tenant ID

client_idstringrequired

Client ID used for API requests

client_secretstringrequired

Client secret used to obtain tokens for API authorization

namestringrequired

Client name displayed in the Admin Portal

descriptionstringrequired

Short description of your client, displayed in the Admin Portal

resourcesArray of stringsrequired

List of resources this client is allowed to explicitly request access to

created_atstring(date-time)required

Date the client was created

updated_atstring(date-time)required

Date the client was last updated

authentication_protocolstringrequired

Authentication protocol used by the client

Enum"oidc""saml"
client_group_idstringrequired

Id of client group where client is assigned

default_custom_claimsArray of stringsrequired

List of all the custom claims the client wants to receive by default

Items Enum"tid""fname""lname""mname""email""email_verified""phone_number""phone_number_verified""groups""new_user"
short_cookies_samesite_typestring

Short cookies samesite type. Possible values: "none", "lax", "strict". Default: "lax"

Default "lax"
Enum"lax""none"
redirect_urisArray of stringsrequired

List of URIs approved for redirects for your client

client_typestring

Type of client

Default "web"
Enum"web""native"
response_typesArray of strings
Default ["code","id_token","none"]
Items Enum"code""id_token"
Example: ["code"]
pkcestring

PKCE configuration

Enum"enforcePkceInsteadOfClientCredentials""enforcePkceAlongsideClientCredentials""allowPkceAlongsideClientCredentials"
device_authorizationobjectrequired
device_authorization.​enabledbooleanrequired

Determines if the client is allowed to use the OAuth device authorization flow

Default false
device_authorization.​approval_uristringrequired

The URI of the page that allows the user to approve the access request

Example: "https://www.example.com/device/approval"
device_authorization.​success_uristringrequired

Callback URI that receives an indication of whether the end-user authentication was completed successfully.

Example: "https://www.example.com/device/complete"
device_authorization.​input_uristringrequired

The URI of the page that allows the user to enter the code

Example: "https://www.example.com/device/start"
ciba_authorizationobjectrequired
ciba_authorization.​enabledbooleanrequired

Determines if the client is allowed to use the OAuth CIBA authorization flow

Default false
ciba_authorization.​login_uristring

The URI of the page that allows the user to log-in and verify the access request

Example: "https://www.example.com/ciba/login"
supported_promptsArray of stringsrequired

Supported prompts for oidc authentication flow

Items Enum"login""consent""none"
authentication_configurationobject
token_expirationobjectrequired
token_expiration.​access_token_ttlnumber

Access token time-to-live

token_expiration.​refresh_token_ttlnumber

Refresh token time-to-live

token_expiration.​max_refresh_rotatenumber

Maximum time the refresh token can be rotated

session_expirationnumberrequired

Session expiration time (seconds)

enforce_parbooleanrequired

Enforce PAR (Pushed Authorization Request) for this client

fapi_version_compliancybooleanrequired

FAPI compliance

token_endpoint_auth_methodstringDeprecated

This field is deprecated- to configure pkce use "pkce" field instead

Enum"client_secret_basic""self_signed_tls_client_auth""tls_client_auth""none""private_key_jwt"
Response
application/json
{
  "app_id": "string",
  "tenant_id": "string",
  "client_id": "string",
  "client_secret": "string",
  "name": "string",
  "description": "string",
  "resources": [
    "string"
  ],
  "created_at": "2019-08-24T14:15:22Z",
  "updated_at": "2019-08-24T14:15:22Z",
  "authentication_protocol": "oidc",
  "client_group_id": "string",
  "default_custom_claims": [
    "tid"
  ],
  "short_cookies_samesite_type": "lax",
  "redirect_uris": [
    "string"
  ],
  "client_type": "web",
  "response_types": [
    "code"
  ],
  "token_endpoint_auth_method": "client_secret_basic",
  "pkce": "enforcePkceInsteadOfClientCredentials",
  "device_authorization": {
    "enabled": false,
    "approval_uri": "https://www.example.com/device/approval",
    "success_uri": "https://www.example.com/device/complete",
    "input_uri": "https://www.example.com/device/start"
  },
  "ciba_authorization": {
    "enabled": false,
    "login_uri": "https://www.example.com/ciba/login"
  },
  "supported_prompts": [
    "login"
  ],
  "authentication_configuration": {
    "method": "client_secret_basic",
    "tls_client_auth": {},
    "isMtlsCertTokenBound": true,
    "jwks": {}
  },
  "token_expiration": {
    "access_token_ttl": 0,
    "refresh_token_ttl": 0,
    "max_refresh_rotate": 0
  },
  "session_expiration": 0,
  "enforce_par": true,
  "fapi_version_compliancy": true
}

Update client

Request

Update a client by its ID. To authorize a request, use an access token for the relevant application. Note: Fields that are objects cannot be partially updated, since the new value you set will just replace the current one.

Required permissions: apps:create, [appId]:create, apps:edit, [appId]:edit.

Security
ClientAccessToken
Path
clientIdstringrequired

ID of the client to update

Bodyapplication/jsonrequired
Any of:
namestring

Name of the client

Example: "My Client"
descriptionstring

Short description of the client

resourcesArray of strings

List of resources IDs associated with this client

client_group_idstring

Id of client group to associate with

default_custom_claimsArray of strings

List of client default custom claims

Items Enum"tid""fname""lname""mname""email""email_verified""phone_number""phone_number_verified""groups""new_user"
short_cookies_samesite_typestring

Short cookies samesite type. Possible values: "none", "lax", "strict". Default: "lax"

Default "lax"
Enum"lax""none"
redirect_urisArray of strings

List of URIs approved for redirects for your client

Example: ["https://www.example.com/login"]
client_typestring

Client type

Default "web"
Enum"web""native"
device_authorizationobject
ciba_authorizationobject
is_third_partyboolean

Is third party client

allowed_scopesArray of strings

Allowed scopes

consent_uristring

Consent URI

consent_validity_periodnumber

Consent validity period

pkcestring

PKCE configuration

Enum"enforcePkceInsteadOfClientCredentials""enforcePkceAlongsideClientCredentials""allowPkceAlongsideClientCredentials"
supported_promptsArray of strings

Supported prompts for the OIDC authentication flow

Items Enum"login""consent""none"
Example: ["login","consent","none"]
token_expirationobject
session_expirationnumber

Session expiration time (seconds)

enforce_parboolean

enforce PAR (Pushed Authorization Request) for this client

role_idsArray of strings

Role IDs

fapi_version_compliancyboolean

FAPI 2.0 compliancy configuration

response_typesArray of strings
Default ["code","id_token"]
Items Enum"code""id_token"
Example: ["code"]
authentication_configurationobject
token_endpoint_auth_methodstringDeprecated

This field is deprecated- to configure pkce use "pkce" field instead

Default "client_secret_basic"
Enum"client_secret_basic""self_signed_tls_client_auth""tls_client_auth""none""private_key_jwt"
curl -i -X PUT \
  'https://api.sbx.transmitsecurity.io/cis/v1/clients/{clientId}' \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{
    "name": "My Client",
    "description": "string",
    "resources": [
      "string"
    ],
    "client_group_id": "string",
    "default_custom_claims": [
      "tid"
    ],
    "short_cookies_samesite_type": "lax",
    "redirect_uris": [
      "https://www.example.com/login"
    ],
    "client_type": "web",
    "device_authorization": {
      "enabled": false,
      "approval_uri": "https://www.example.com/device/approval",
      "success_uri": "https://www.example.com/device/complete",
      "input_uri": "https://www.example.com/device/start"
    },
    "ciba_authorization": {
      "enabled": false,
      "login_uri": "https://www.example.com/ciba/login"
    },
    "is_third_party": true,
    "allowed_scopes": [
      "string"
    ],
    "consent_uri": "string",
    "consent_validity_period": 0,
    "pkce": "enforcePkceInsteadOfClientCredentials",
    "supported_prompts": [
      "login",
      "consent",
      "none"
    ],
    "token_expiration": {
      "access_token_ttl": 0,
      "refresh_token_ttl": 0,
      "max_refresh_rotate": 0
    },
    "session_expiration": 0,
    "enforce_par": true,
    "role_ids": [
      "string"
    ],
    "fapi_version_compliancy": true,
    "token_endpoint_auth_method": "client_secret_basic",
    "response_types": [
      "code"
    ],
    "authentication_configuration": {
      "method": "client_secret_basic",
      "tls_client_auth": {
        "certificate_chain": "string",
        "distinguished_name": 6,
        "ocsp_on": true,
        "ocsp_responder_uri": "string",
        "ocsp_responder_certificate": "string",
        "ocsp_fail_open": true
      },
      "isMtlsCertTokenBound": true,
      "jwks": {}
    }
  }'

Responses

Bodyapplication/json
Any of:
app_idstringrequired

Application ID

tenant_idstringrequired

Tenant ID

client_idstringrequired

Client ID used for API requests

client_secretstringrequired

Client secret used to obtain tokens for API authorization

namestringrequired

Client name displayed in the Admin Portal

descriptionstringrequired

Short description of your client, displayed in the Admin Portal

resourcesArray of stringsrequired

List of resources this client is allowed to explicitly request access to

created_atstring(date-time)required

Date the client was created

updated_atstring(date-time)required

Date the client was last updated

authentication_protocolstringrequired

Authentication protocol used by the client

Enum"oidc""saml"
client_group_idstringrequired

Id of client group where client is assigned

default_custom_claimsArray of stringsrequired

List of all the custom claims the client wants to receive by default

Items Enum"tid""fname""lname""mname""email""email_verified""phone_number""phone_number_verified""groups""new_user"
short_cookies_samesite_typestring

Short cookies samesite type. Possible values: "none", "lax", "strict". Default: "lax"

Default "lax"
Enum"lax""none"
redirect_urisArray of stringsrequired

List of URIs approved for redirects for your client

client_typestring

Type of client

Default "web"
Enum"web""native"
response_typesArray of strings
Default ["code","id_token","none"]
Items Enum"code""id_token"
Example: ["code"]
pkcestring

PKCE configuration

Enum"enforcePkceInsteadOfClientCredentials""enforcePkceAlongsideClientCredentials""allowPkceAlongsideClientCredentials"
device_authorizationobjectrequired
device_authorization.​enabledbooleanrequired

Determines if the client is allowed to use the OAuth device authorization flow

Default false
device_authorization.​approval_uristringrequired

The URI of the page that allows the user to approve the access request

Example: "https://www.example.com/device/approval"
device_authorization.​success_uristringrequired

Callback URI that receives an indication of whether the end-user authentication was completed successfully.

Example: "https://www.example.com/device/complete"
device_authorization.​input_uristringrequired

The URI of the page that allows the user to enter the code

Example: "https://www.example.com/device/start"
ciba_authorizationobjectrequired
ciba_authorization.​enabledbooleanrequired

Determines if the client is allowed to use the OAuth CIBA authorization flow

Default false
ciba_authorization.​login_uristring

The URI of the page that allows the user to log-in and verify the access request

Example: "https://www.example.com/ciba/login"
supported_promptsArray of stringsrequired

Supported prompts for oidc authentication flow

Items Enum"login""consent""none"
authentication_configurationobject
token_expirationobjectrequired
token_expiration.​access_token_ttlnumber

Access token time-to-live

token_expiration.​refresh_token_ttlnumber

Refresh token time-to-live

token_expiration.​max_refresh_rotatenumber

Maximum time the refresh token can be rotated

session_expirationnumberrequired

Session expiration time (seconds)

enforce_parbooleanrequired

Enforce PAR (Pushed Authorization Request) for this client

fapi_version_compliancybooleanrequired

FAPI compliance

token_endpoint_auth_methodstringDeprecated

This field is deprecated- to configure pkce use "pkce" field instead

Enum"client_secret_basic""self_signed_tls_client_auth""tls_client_auth""none""private_key_jwt"
Response
application/json
{
  "app_id": "string",
  "tenant_id": "string",
  "client_id": "string",
  "client_secret": "string",
  "name": "string",
  "description": "string",
  "resources": [
    "string"
  ],
  "created_at": "2019-08-24T14:15:22Z",
  "updated_at": "2019-08-24T14:15:22Z",
  "authentication_protocol": "oidc",
  "client_group_id": "string",
  "default_custom_claims": [
    "tid"
  ],
  "short_cookies_samesite_type": "lax",
  "redirect_uris": [
    "string"
  ],
  "client_type": "web",
  "response_types": [
    "code"
  ],
  "token_endpoint_auth_method": "client_secret_basic",
  "pkce": "enforcePkceInsteadOfClientCredentials",
  "device_authorization": {
    "enabled": false,
    "approval_uri": "https://www.example.com/device/approval",
    "success_uri": "https://www.example.com/device/complete",
    "input_uri": "https://www.example.com/device/start"
  },
  "ciba_authorization": {
    "enabled": false,
    "login_uri": "https://www.example.com/ciba/login"
  },
  "supported_prompts": [
    "login"
  ],
  "authentication_configuration": {
    "method": "client_secret_basic",
    "tls_client_auth": {},
    "isMtlsCertTokenBound": true,
    "jwks": {}
  },
  "token_expiration": {
    "access_token_ttl": 0,
    "refresh_token_ttl": 0,
    "max_refresh_rotate": 0
  },
  "session_expiration": 0,
  "enforce_par": true,
  "fapi_version_compliancy": true
}

Delete client

Request

Deletes a client. To authorize a request, use an access token for the relevant application.

Required permissions: apps:create, [appId]:create, apps:edit, [appId]:edit, apps:delete, [appId]:delete.

Security
ClientAccessToken
Path
clientIdstringrequired

ID of the client to delete

curl -i -X DELETE \
  'https://api.sbx.transmitsecurity.io/cis/v1/clients/{clientId}' \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>'

Responses

Response
No content

Update client resources

Request

Updates the list of resources that a client is allowed to explicitly request access to. To authorize a request, use an access token for the relevant application.

Required permissions: apps:create, [appId]:create, apps:edit, [appId]:edit.

Security
ClientAccessToken
Path
clientIdstringrequired
Bodyapplication/jsonrequired
resource_idsArray of stringsrequired

List of resources this application is allowed to explicitly request access to

curl -i -X PUT \
  'https://api.sbx.transmitsecurity.io/cis/v1/clients/{clientId}/resources' \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{
    "resource_ids": [
      "string"
    ]
  }'

Responses

Bodyapplication/json
Any of:
app_idstringrequired

Application ID

tenant_idstringrequired

Tenant ID

client_idstringrequired

Client ID used for API requests

client_secretstringrequired

Client secret used to obtain tokens for API authorization

namestringrequired

Client name displayed in the Admin Portal

descriptionstringrequired

Short description of your client, displayed in the Admin Portal

resourcesArray of stringsrequired

List of resources this client is allowed to explicitly request access to

created_atstring(date-time)required

Date the client was created

updated_atstring(date-time)required

Date the client was last updated

authentication_protocolstringrequired

Authentication protocol used by the client

Enum"oidc""saml"
client_group_idstringrequired

Id of client group where client is assigned

default_custom_claimsArray of stringsrequired

List of all the custom claims the client wants to receive by default

Items Enum"tid""fname""lname""mname""email""email_verified""phone_number""phone_number_verified""groups""new_user"
short_cookies_samesite_typestring

Short cookies samesite type. Possible values: "none", "lax", "strict". Default: "lax"

Default "lax"
Enum"lax""none"
redirect_urisArray of stringsrequired

List of URIs approved for redirects for your client

client_typestring

Type of client

Default "web"
Enum"web""native"
response_typesArray of strings
Default ["code","id_token","none"]
Items Enum"code""id_token"
Example: ["code"]
pkcestring

PKCE configuration

Enum"enforcePkceInsteadOfClientCredentials""enforcePkceAlongsideClientCredentials""allowPkceAlongsideClientCredentials"
device_authorizationobjectrequired
device_authorization.​enabledbooleanrequired

Determines if the client is allowed to use the OAuth device authorization flow

Default false
device_authorization.​approval_uristringrequired

The URI of the page that allows the user to approve the access request

Example: "https://www.example.com/device/approval"
device_authorization.​success_uristringrequired

Callback URI that receives an indication of whether the end-user authentication was completed successfully.

Example: "https://www.example.com/device/complete"
device_authorization.​input_uristringrequired

The URI of the page that allows the user to enter the code

Example: "https://www.example.com/device/start"
ciba_authorizationobjectrequired
ciba_authorization.​enabledbooleanrequired

Determines if the client is allowed to use the OAuth CIBA authorization flow

Default false
ciba_authorization.​login_uristring

The URI of the page that allows the user to log-in and verify the access request

Example: "https://www.example.com/ciba/login"
supported_promptsArray of stringsrequired

Supported prompts for oidc authentication flow

Items Enum"login""consent""none"
authentication_configurationobject
token_expirationobjectrequired
token_expiration.​access_token_ttlnumber

Access token time-to-live

token_expiration.​refresh_token_ttlnumber

Refresh token time-to-live

token_expiration.​max_refresh_rotatenumber

Maximum time the refresh token can be rotated

session_expirationnumberrequired

Session expiration time (seconds)

enforce_parbooleanrequired

Enforce PAR (Pushed Authorization Request) for this client

fapi_version_compliancybooleanrequired

FAPI compliance

token_endpoint_auth_methodstringDeprecated

This field is deprecated- to configure pkce use "pkce" field instead

Enum"client_secret_basic""self_signed_tls_client_auth""tls_client_auth""none""private_key_jwt"
Response
application/json
{
  "app_id": "string",
  "tenant_id": "string",
  "client_id": "string",
  "client_secret": "string",
  "name": "string",
  "description": "string",
  "resources": [
    "string"
  ],
  "created_at": "2019-08-24T14:15:22Z",
  "updated_at": "2019-08-24T14:15:22Z",
  "authentication_protocol": "oidc",
  "client_group_id": "string",
  "default_custom_claims": [
    "tid"
  ],
  "short_cookies_samesite_type": "lax",
  "redirect_uris": [
    "string"
  ],
  "client_type": "web",
  "response_types": [
    "code"
  ],
  "token_endpoint_auth_method": "client_secret_basic",
  "pkce": "enforcePkceInsteadOfClientCredentials",
  "device_authorization": {
    "enabled": false,
    "approval_uri": "https://www.example.com/device/approval",
    "success_uri": "https://www.example.com/device/complete",
    "input_uri": "https://www.example.com/device/start"
  },
  "ciba_authorization": {
    "enabled": false,
    "login_uri": "https://www.example.com/ciba/login"
  },
  "supported_prompts": [
    "login"
  ],
  "authentication_configuration": {
    "method": "client_secret_basic",
    "tls_client_auth": {},
    "isMtlsCertTokenBound": true,
    "jwks": {}
  },
  "token_expiration": {
    "access_token_ttl": 0,
    "refresh_token_ttl": 0,
    "max_refresh_rotate": 0
  },
  "session_expiration": 0,
  "enforce_par": true,
  "fapi_version_compliancy": true
}