Create an application

POST /api/applications

OAuth2

Create a new application with the given data.

application/json

Body Required

name string Required

Minimum length is 1, maximum length is 256.
description string | null
type string Required

Values are Native, SPA, Traditional, MachineToMachine, or Protected.
oidcClientMetadata object

Additional properties are allowed.
Hide oidcClientMetadata attributes Show oidcClientMetadata attributes object
- redirectUris array[object] Required
  
  One of:
  object-1 object object-2 object
  
  Validator function
  
  Additional properties are allowed.
  
  Validator function
  
  Additional properties are allowed.
- postLogoutRedirectUris array[string(url)] Required
- backchannelLogoutUri string(url)
- backchannelLogoutSessionRequired boolean
- logoUri string
customClientMetadata object

Additional properties are allowed.
Hide customClientMetadata attributes Show customClientMetadata attributes object
- corsAllowedOrigins array[string]
  
  Minimum length of each is 1.
- idTokenTtl number
- refreshTokenTtl number
- refreshTokenTtlInDays number
- tenantId string
- alwaysIssueRefreshToken boolean
- rotateRefreshToken boolean
customData object

arbitrary

Additional properties are allowed.
isThirdParty boolean
protectedAppMetadata object

The data for protected app, this feature is not available for open source version.

Additional properties are allowed.
Hide protectedAppMetadata attributes Show protectedAppMetadata attributes object
- subDomain string Required
  
  The subdomain prefix, e.g., my-site.
- origin string Required
  
  The origin of target website, e.g., https://example.com.

Responses

200 application/json

The application was created successfully.
Hide response attributes Show response attributes object
- tenantId string Required
  
  Maximum length is 21.
- id string Required
  
  Minimum length is 1, maximum length is 21.
- name string Required
  
  Minimum length is 1, maximum length is 256.
- secret string Required Deprecated
  
  The internal client secret. Note it is only used for internal validation, and the actual secrets should be retrieved from /api/applications/{id}/secrets endpoints.
- description string | null Required
- type string Required
  
  Values are Native, SPA, Traditional, MachineToMachine, or Protected.
- oidcClientMetadata object Required
  
  Additional properties are allowed.
  
  Hide oidcClientMetadata attributes Show oidcClientMetadata attributes object
  
  redirectUris array[object] Required
  
  One of:
  object-1 object object-2 object
  
  Validator function
  
  Additional properties are allowed.
  
  Validator function
  
  Additional properties are allowed.
  
  postLogoutRedirectUris array[string(url)] Required
  
  backchannelLogoutUri string(url)
  
  backchannelLogoutSessionRequired boolean
  
  logoUri string
- customClientMetadata object Required
  
  Additional properties are allowed.
  
  Hide customClientMetadata attributes Show customClientMetadata attributes object
  
  corsAllowedOrigins array[string]
  
  Minimum length of each is 1.
  
  idTokenTtl number
  
  refreshTokenTtl number
  
  refreshTokenTtlInDays number
  
  tenantId string
  
  alwaysIssueRefreshToken boolean
  
  rotateRefreshToken boolean
- protectedAppMetadata object | null Required
  
  Additional properties are allowed.
  
  Hide protectedAppMetadata attributes Show protectedAppMetadata attributes object | null
  
  host string Required
  
  origin string Required
  
  sessionDuration number Required
  
  pageRules array[object] Required
  
  Hide pageRules attribute Show pageRules attribute object
  
  path string Required
  
  customDomains array[object]
  
  Hide customDomains attributes Show customDomains attributes object
  
  domain string Required
  
  status string Required
  
  Values are PendingVerification, PendingSsl, Active, or Error.
  
  errorMessage string | null Required
  
  dnsRecords array[object] Required
  
  Hide dnsRecords attributes Show dnsRecords attributes object
  
  name string Required
  
  type string Required
  
  value string Required
  
  cloudflareData object | null Required
  
  Additional properties are allowed.
  
  Hide cloudflareData attributes Show cloudflareData attributes object | null
  
  id string Required
  
  status string Required
  
  ssl object Required
  
  Additional properties are allowed.
  
  Hide ssl attributes Show ssl attributes object
  
  status string Required
  
  validation_errors array[object]
  
  Hide validation_errors attribute Show validation_errors attribute object
  
  message string Required
  
  verification_errors array[string]
- customData object Required
  
  arbitrary
  
  Additional properties are allowed.
- isThirdParty boolean Required
- createdAt number Required
400

Bad Request
401

Unauthorized
403

Forbidden
422

Validation error. Please check the request body.
500

Internal Server Error

POST /api/applications

curl \
 -X POST https://[tenant_id].logto.app/api/applications \
 -H "Authorization: Bearer $ACCESS_TOKEN" \
 -H "Content-Type: application/json" \
 -d '{"name":"string","description":"string","type":"Native","oidcClientMetadata":{"redirectUris":[{}],"postLogoutRedirectUris":["string"],"backchannelLogoutUri":"string","backchannelLogoutSessionRequired":true,"logoUri":"string"},"customClientMetadata":{"corsAllowedOrigins":["string"],"idTokenTtl":42.0,"refreshTokenTtl":42.0,"refreshTokenTtlInDays":42.0,"tenantId":"string","alwaysIssueRefreshToken":true,"rotateRefreshToken":true},"customData":{},"isThirdParty":true,"protectedAppMetadata":{"subDomain":"string","origin":"string"}}'

Request examples

{
  "name": "string",
  "description": "string",
  "type": "Native",
  "oidcClientMetadata": {
    "redirectUris": [
      {}
    ],
    "postLogoutRedirectUris": [
      "string"
    ],
    "backchannelLogoutUri": "string",
    "backchannelLogoutSessionRequired": true,
    "logoUri": "string"
  },
  "customClientMetadata": {
    "corsAllowedOrigins": [
      "string"
    ],
    "idTokenTtl": 42.0,
    "refreshTokenTtl": 42.0,
    "refreshTokenTtlInDays": 42.0,
    "tenantId": "string",
    "alwaysIssueRefreshToken": true,
    "rotateRefreshToken": true
  },
  "customData": {},
  "isThirdParty": true,
  "protectedAppMetadata": {
    "subDomain": "string",
    "origin": "string"
  }
}

Response examples (200)

{
  "tenantId": "string",
  "id": "string",
  "name": "string",
  "secret": "string",
  "description": "string",
  "type": "Native",
  "oidcClientMetadata": {
    "redirectUris": [
      {}
    ],
    "postLogoutRedirectUris": [
      "string"
    ],
    "backchannelLogoutUri": "string",
    "backchannelLogoutSessionRequired": true,
    "logoUri": "string"
  },
  "customClientMetadata": {
    "corsAllowedOrigins": [
      "string"
    ],
    "idTokenTtl": 42.0,
    "refreshTokenTtl": 42.0,
    "refreshTokenTtlInDays": 42.0,
    "tenantId": "string",
    "alwaysIssueRefreshToken": true,
    "rotateRefreshToken": true
  },
  "protectedAppMetadata": {
    "host": "string",
    "origin": "string",
    "sessionDuration": 42.0,
    "pageRules": [
      {
        "path": "string"
      }
    ],
    "customDomains": [
      {
        "domain": "string",
        "status": "PendingVerification",
        "errorMessage": "string",
        "dnsRecords": [
          {
            "name": "string",
            "type": "string",
            "value": "string"
          }
        ],
        "cloudflareData": {
          "id": "string",
          "status": "string",
          "ssl": {
            "status": "string",
            "validation_errors": [
              {
                "message": "string"
              }
            ]
          },
          "verification_errors": [
            "string"
          ]
        }
      }
    ]
  },
  "customData": {},
  "isThirdParty": true,
  "createdAt": 42.0
}