Management Apps

Download OpenAPI specification:Download

View, create, and update your management applications. These are typically backend services accessing our platform to perform administrative actions. They can be used to generate client credentials that have tenant-level access to users, roles, apps, settings, and more.

Create management app

Create a management application

SecurityOAuth2: ClientAccessToken or OAuth2: AdminAccessToken

Request

Request Body schema: application/json
required

app_name required	string Name of the application
app_description	string Short description of the application
first_client_authentication_protocol	string Defines the first client authentication protocol. Enum: "oidc" "saml"
	ApiCreateOidcClientInput (object) or ApiCreateSamlClientInput (object) Creates first client for the application. Client can be OIDC or SAML, depending what is set in first_client_authentication_protocol
login_uri	string URI used to redirect the user to the login page of the application (when needed)
subdomain	string Subdomain of Org admin portal that can be offered for organizations to manage their users (when needed)
invite_member_email_expiration_minutes	number Default: 2880 Member invite email link expiration in minutes
custom_domain	string Domain of the application that can be offered for the application to be accessed from
pkce	string PKCE configuration for client Enum: "enforcePkceInsteadOfClientCredentials" "enforcePkceAlongsideClientCredentials" "allowPkceAlongsideClientCredentials"

Responses

201

400

post/v1/management/applications

Request samples

application/json

{"app_name": "My App",
"app_description": "string",
"first_client_authentication_protocol": "oidc",
"first_client": {"name": "My Client",
"description": "string",
"resources": ["string"
],
"authentication_protocol": "oidc",
"client_group_id": "string",
"redirect_uris": ["https://www.example.com/login"
],
"client_type": "web",
"response_types": ["code"
],
"token_endpoint_auth_method": "client_secret_basic",
"device_authorization": {"enabled": false,
"approval_uri": "https://www.example.com/device/approval",
"success_uri": "https://www.example.com/device/complete",
"input_uri": "https://www.example.com/device/start"
},
"ciba_authorization": {"enabled": false,
"login_uri": "https://www.example.com/ciba/login"
},
"pkce": "enforcePkceInsteadOfClientCredentials"
},
"login_uri": "https://www.example.com/login",
"subdomain": "myapp",
"invite_member_email_expiration_minutes": 2880,
"custom_domain": "myapp.com",
"pkce": "enforcePkceInsteadOfClientCredentials"
}

Response samples

application/json

{"result": {"app_id": "string",
"tenant_id": "string",
"app_name": "string",
"app_description": "string",
"client_type": "web",
"logo": "string",
"client_id": "string",
"client_display_name": "string",
"client_description": "string",
"client_secret": "string",
"redirect_uris": ["string"
],
"login_preferences": {"auth_methods": {"google": {"clientId": "string",
"clientSecret": "string"
},
"facebook": {"clientId": "string",
"clientSecret": "string"
},
"email": {"expiresIn": 0,
"message": {"primaryColor": "string",
"from": "string",
"subject": "string"
}
},
"email_otp": {"expiresIn": 0,
"lockoutDuration": 15,
"maxFailures": 3,
"codeLength": 6,
"message": {"primaryColor": "string",
"from": "string",
"subject": "string"
}
},
"apple": {"clientId": "string",
"clientSecret": "string",
"appleTeamId": "string",
"keyId": "string"
},
"sms": {"expiresIn": 0,
"lockoutDuration": 15,
"maxFailures": 3,
"codeLength": 6
},
"webauthn_api": {"rpId": "string",
"rpOrigin": "string",
"rpOrigins": ["string"
]
},
"line": {"clientId": "string",
"clientSecret": "string"
},
"password": {"resetValidityMinutes": 5,
"passwordComplexity": 5,
"passwordMinLength": 14,
"blockPreviousPasswords": 0,
"passwordExpiresIn": 90,
"ignoreExpiration": false,
"maxPasswordFailures": 5,
"passwordSuspensionDuration": 15,
"failuresExpireIn": 15,
"tempPasswordValidityHours": 24,
"message": {"primaryColor": "string",
"from": "string",
"subject": "string"
},
"requireMFA": false,
"codeLength": 6
},
"totp": {"algorithm": "sha1",
"digits": 6,
"period": 30,
"window": 2,
"issuer": "My Company",
"maxFailures": 3,
"lockoutDuration": 15
}
}
},
"created_at": "2019-08-24T14:15:22Z",
"created_by": "string",
"updated_at": "2019-08-24T14:15:22Z",
"resources": ["string"
],
"service_providers": ["string"
],
"authenticator_preferences": {"is_centralized": false,
"login_uri": "https://www.example.com/login"
},
"allow_public_signup": true,
"client_auth_method": "client_secret_basic",
"pkce": "enforcePkceInsteadOfClientCredentials",
"device_authorization": {"enabled": false,
"approval_uri": "https://www.example.com/device/approval",
"success_uri": "https://www.example.com/device/complete",
"input_uri": "https://www.example.com/device/start"
},
"ciba_authorization": {"enabled": false,
"login_uri": "https://www.example.com/ciba/login"
},
"password_sharing_group_id": "string",
"login_uri": "https://www.example.com/login",
"subdomain": "myapp",
"invite_member_email_expiration_minutes": 2880,
"custom_domain": {"domain": "myapp.com",
"updated_at": "2019-08-24T14:15:22Z",
"status": "pending",
"error": "string"
},
"external_communication": {"language": "en"
}
}
}

Get management apps

Retrieve a list of all management applications

SecurityOAuth2: ClientAccessToken or OAuth2: AdminAccessToken

Responses

200

400

get/v1/management/applications

Request samples

Response samples

application/json

{"result": [{"app_id": "string",
"tenant_id": "string",
"app_name": "string",
"app_description": "string",
"client_type": "web",
"client_id": "string",
"client_display_name": "string",
"client_description": "string",
"client_secret": "string",
"redirect_uris": ["string"
],
"login_preferences": {"auth_methods": {"google": {"clientId": "string",
"clientSecret": "string"
},
"facebook": {"clientId": "string",
"clientSecret": "string"
},
"email": {"expiresIn": 0,
"message": {"primaryColor": "string",
"from": "string",
"subject": "string"
}
},
"email_otp": {"expiresIn": 0,
"lockoutDuration": 15,
"maxFailures": 3,
"codeLength": 6,
"message": {"primaryColor": "string",
"from": "string",
"subject": "string"
}
},
"apple": {"clientId": "string",
"clientSecret": "string",
"appleTeamId": "string",
"keyId": "string"
},
"sms": {"expiresIn": 0,
"lockoutDuration": 15,
"maxFailures": 3,
"codeLength": 6
},
"webauthn_api": {"rpId": "string",
"rpOrigin": "string",
"rpOrigins": ["string"
]
},
"line": {"clientId": "string",
"clientSecret": "string"
},
"password": {"resetValidityMinutes": 5,
"passwordComplexity": 5,
"passwordMinLength": 14,
"blockPreviousPasswords": 0,
"passwordExpiresIn": 90,
"ignoreExpiration": false,
"maxPasswordFailures": 5,
"passwordSuspensionDuration": 15,
"failuresExpireIn": 15,
"tempPasswordValidityHours": 24,
"message": {"primaryColor": "string",
"from": "string",
"subject": "string"
},
"requireMFA": false,
"codeLength": 6
},
"totp": {"algorithm": "sha1",
"digits": 6,
"period": 30,
"window": 2,
"issuer": "My Company",
"maxFailures": 3,
"lockoutDuration": 15
}
}
},
"created_at": "2019-08-24T14:15:22Z",
"created_by": "string",
"updated_at": "2019-08-24T14:15:22Z",
"resources": ["string"
],
"service_providers": ["string"
],
"authenticator_preferences": {"is_centralized": false,
"login_uri": "https://www.example.com/login"
},
"allow_public_signup": true,
"client_auth_method": "client_secret_basic",
"pkce": "enforcePkceInsteadOfClientCredentials",
"device_authorization": {"enabled": false,
"approval_uri": "https://www.example.com/device/approval",
"success_uri": "https://www.example.com/device/complete",
"input_uri": "https://www.example.com/device/start"
},
"ciba_authorization": {"enabled": false,
"login_uri": "https://www.example.com/ciba/login"
},
"password_sharing_group_id": "string",
"login_uri": "https://www.example.com/login",
"subdomain": "myapp",
"invite_member_email_expiration_minutes": 2880,
"custom_domain": {"domain": "myapp.com",
"updated_at": "2019-08-24T14:15:22Z",
"status": "pending",
"error": "string"
},
"external_communication": {"language": "en"
}
}
]
}

Update management app

Update a management application. Note: Fields that are objects cannot be partially updated, since the new value you set will just replace the current one.

SecurityOAuth2: ClientAccessToken or OAuth2: AdminAccessToken

Request

path Parameters

app_id

required

string

Request Body schema: application/json
required

app_name	string Name of the application
app_description	string Short description of the application
first_client_authentication_protocol	string Defines the first client authentication protocol. Enum: "oidc" "saml"
	ApiCreateOidcClientInput (object) or ApiCreateSamlClientInput (object) Creates first client for the application. Client can be OIDC or SAML, depending what is set in first_client_authentication_protocol
login_uri	string URI used to redirect the user to the login page of the application (when needed)
subdomain	string Subdomain of Org admin portal that can be offered for organizations to manage their users (when needed)
invite_member_email_expiration_minutes	number Default: 2880 Member invite email link expiration in minutes
custom_domain	string Domain of the application that can be offered for the application to be accessed from
pkce	string PKCE configuration for client Enum: "enforcePkceInsteadOfClientCredentials" "enforcePkceAlongsideClientCredentials" "allowPkceAlongsideClientCredentials"

Responses

200

400

404

put/v1/management/applications/{app_id}

Request samples

application/json

{"app_name": "My App",
"app_description": "string",
"first_client_authentication_protocol": "oidc",
"first_client": {"name": "My Client",
"description": "string",
"resources": ["string"
],
"authentication_protocol": "oidc",
"client_group_id": "string",
"redirect_uris": ["https://www.example.com/login"
],
"client_type": "web",
"response_types": ["code"
],
"token_endpoint_auth_method": "client_secret_basic",
"device_authorization": {"enabled": false,
"approval_uri": "https://www.example.com/device/approval",
"success_uri": "https://www.example.com/device/complete",
"input_uri": "https://www.example.com/device/start"
},
"ciba_authorization": {"enabled": false,
"login_uri": "https://www.example.com/ciba/login"
},
"pkce": "enforcePkceInsteadOfClientCredentials"
},
"login_uri": "https://www.example.com/login",
"subdomain": "myapp",
"invite_member_email_expiration_minutes": 2880,
"custom_domain": "myapp.com",
"pkce": "enforcePkceInsteadOfClientCredentials"
}

Response samples

application/json

{"result": {"app_id": "string",
"tenant_id": "string",
"app_name": "string",
"app_description": "string",
"client_type": "web",
"logo": "string",
"client_id": "string",
"client_display_name": "string",
"client_description": "string",
"client_secret": "string",
"redirect_uris": ["string"
],
"login_preferences": {"auth_methods": {"google": {"clientId": "string",
"clientSecret": "string"
},
"facebook": {"clientId": "string",
"clientSecret": "string"
},
"email": {"expiresIn": 0,
"message": {"primaryColor": "string",
"from": "string",
"subject": "string"
}
},
"email_otp": {"expiresIn": 0,
"lockoutDuration": 15,
"maxFailures": 3,
"codeLength": 6,
"message": {"primaryColor": "string",
"from": "string",
"subject": "string"
}
},
"apple": {"clientId": "string",
"clientSecret": "string",
"appleTeamId": "string",
"keyId": "string"
},
"sms": {"expiresIn": 0,
"lockoutDuration": 15,
"maxFailures": 3,
"codeLength": 6
},
"webauthn_api": {"rpId": "string",
"rpOrigin": "string",
"rpOrigins": ["string"
]
},
"line": {"clientId": "string",
"clientSecret": "string"
},
"password": {"resetValidityMinutes": 5,
"passwordComplexity": 5,
"passwordMinLength": 14,
"blockPreviousPasswords": 0,
"passwordExpiresIn": 90,
"ignoreExpiration": false,
"maxPasswordFailures": 5,
"passwordSuspensionDuration": 15,
"failuresExpireIn": 15,
"tempPasswordValidityHours": 24,
"message": {"primaryColor": "string",
"from": "string",
"subject": "string"
},
"requireMFA": false,
"codeLength": 6
},
"totp": {"algorithm": "sha1",
"digits": 6,
"period": 30,
"window": 2,
"issuer": "My Company",
"maxFailures": 3,
"lockoutDuration": 15
}
}
},
"created_at": "2019-08-24T14:15:22Z",
"created_by": "string",
"updated_at": "2019-08-24T14:15:22Z",
"resources": ["string"
],
"service_providers": ["string"
],
"authenticator_preferences": {"is_centralized": false,
"login_uri": "https://www.example.com/login"
},
"allow_public_signup": true,
"client_auth_method": "client_secret_basic",
"pkce": "enforcePkceInsteadOfClientCredentials",
"device_authorization": {"enabled": false,
"approval_uri": "https://www.example.com/device/approval",
"success_uri": "https://www.example.com/device/complete",
"input_uri": "https://www.example.com/device/start"
},
"ciba_authorization": {"enabled": false,
"login_uri": "https://www.example.com/ciba/login"
},
"password_sharing_group_id": "string",
"login_uri": "https://www.example.com/login",
"subdomain": "myapp",
"invite_member_email_expiration_minutes": 2880,
"custom_domain": {"domain": "myapp.com",
"updated_at": "2019-08-24T14:15:22Z",
"status": "pending",
"error": "string"
},
"external_communication": {"language": "en"
}
}
}

Delete management app

Delete a management application and remove role assignments belonging to it.

SecurityOAuth2: ClientAccessToken or OAuth2: AdminAccessToken

Request

path Parameters

app_id

required

string

Responses

204

400

404

delete/v1/management/applications/{app_id}

Request samples

Response samples

application/json

{"message": "Bad request",
"error_code": 400
}

Management Apps

Create management app

Request Body schema: application/jsonrequired

Get management apps

Update management app

path Parameters

Request Body schema: application/jsonrequired

Delete management app

path Parameters

Request Body schema: application/json
required

Request Body schema: application/json
required