Skip to main content

Applications

API docs by Redocly

Application Management Rest API (v1)

Download OpenAPI specification:Download

This document specifies an Application Management RESTful API for WSO2 Identity Server.

Applications

List applications

This API provides the capability to retrieve the list of applications.
Scope(Permission) required: internal_application_mgt_view

Authorizations:
OAuth2BasicAuth
query Parameters
limit
integer >= 1
Default: 30

Maximum number of records to return.

offset
integer
Default: 0

Number of records to skip for pagination.

filter
string

Condition to filter the retrieval of records. Supports 'sw', 'co', 'ew', and 'eq' operations with 'and', 'or' logical operators. Note that 'and' and 'or' operators in filters follow the general precedence of logical operators. For example, A and B or C and D = (A and B) or (C and D)). Currently supports only filtering based on the 'name', the 'clientId', and the 'issuer' attributes.

/applications?filter=name+eq+user_portal
/applications?filter=name+co+prod+or+clientId+co+123

sortOrder
string
Enum: "ASC" "DESC"

Define the order in which the retrieved records should be sorted. This parameter is not supported yet.

sortBy
string

Attribute by which the retrieved records should be sorted. This parameter is not supported yet.

attributes
string

Specifies the required parameters in the response. Only 'advancedConfigurations', 'templateId', 'clientId', and 'issuer' attributes are currently supported.

/applications?attributes=advancedConfigurations,templateId,clientId,issuer

Responses

Request samples 

curl -X 'GET' \
'https://localhost:9443/api/server/v1/applications?limit=30&offset=0' \
-H 'accept: application/json' \
-H 'Authorization: Basic YWRtaW46YWRtaW4='

Response samples

Content type
application/json
{
  • "totalResults": 1,
  • "startIndex": 1,
  • "count": 10,
  • "applications": [
    ],
  • "links": [
    ]
}

Add application

This API provides the capability to store the application information that is provided by users.
Scope(Permission) required: internal_application_mgt_create

Authorizations:
OAuth2BasicAuth
query Parameters
template
string

Pre-defined template to use when creating the application.

Request Body schema: application/json
required

This represents the application to be created.

name
required
string
description
string
imageUrl
string
accessUrl
string
logoutReturnUrl
string
templateId
string
isManagementApp
boolean
Default: false

Decides whether the application used to access System APIs

object (ClaimConfiguration)
object (InboundProtocols)
object (AuthenticationSequence)
object (AdvancedApplicationConfiguration)
object (ProvisioningConfiguration)

Responses

Request samples

Content type
application/json
{
  • "name": "pickup",
  • "description": "This is the configuration for Pickup application.",
  • "imageUrl": "https://example.com/logo/my-logo.png",
  • "accessUrl": "https://example.com/login",
  • "logoutReturnUrl": "https://example.com/app/logout",
  • "templateId": "980b8tester24c64a8a09a0d80abf8c337bd2555",
  • "isManagementApp": false,
  • "claimConfiguration": {},
  • "inboundProtocolConfiguration": {
    },
  • "authenticationSequence": {
    },
  • "advancedConfigurations": {
    },
  • "provisioningConfigurations": {
    }
}

Response samples

Content type
application/json
{
  • "code": "AAA-00000",
  • "message": "Some error message.",
  • "description": "Some error description.",
  • "traceId": "e0fbcfeb-3617-43c4-8dd0-7b7d38e13047"
}

Create application from an exported XML file

This API provides the capability to store the application information, provided as a file.
Scope(Permission) required: internal_application_mgt_create

Authorizations:
OAuth2BasicAuth
Request Body schema: multipart/form-data

This represents the application to be created.

file
string <binary>

file to upload

Responses

Request samples 

curl -X 'POST' \
'https://localhost:9443/api/server/v1/applications/import' \
-H 'accept: */*' \
-H 'Authorization: Basic YWRtaW46YWRtaW4=' \
-H 'Content-Type: multipart/form-data' \
-F 'file=@application.xml;type=text/xml'

Response samples

Content type
application/json
{
  • "code": "AAA-00000",
  • "message": "Some error message.",
  • "description": "Some error description.",
  • "traceId": "e0fbcfeb-3617-43c4-8dd0-7b7d38e13047"
}

Update application from an exported XML file

This API provides the capability to update an application from information that has been exported as an XML file.
Scope(Permission) required: internal_application_mgt_update

Authorizations:
OAuth2BasicAuth
Request Body schema: multipart/form-data

This represents the application to be updated.

file
string <binary>

file to upload

Responses

Request samples 

curl -X 'PUT' \
'https://localhost:9443/api/server/v1/applications/import' \
-H 'accept: */*' \
-H 'Authorization: Basic YWRtaW46YWRtaW4=' \
-H 'Content-Type: multipart/form-data' \
-F 'file=@application.xml;type=text/xml'

Response samples

Content type
application/json
{
  • "code": "AAA-00000",
  • "message": "Some error message.",
  • "description": "Some error description.",
  • "traceId": "e0fbcfeb-3617-43c4-8dd0-7b7d38e13047"
}

Retrieve application by ID

This API provides the capability to retrieve the application information by ID.
Scope(Permission) required: internal_application_mgt_view

Authorizations:
OAuth2BasicAuth
path Parameters
applicationId
required
string

ID of the application.

Responses

Request samples 

curl -X 'GET' \
'https://localhost:9443/api/server/v1/applications/{application-id}' \
-H 'accept: application/json' \
-H 'Authorization: Basic YWRtaW46YWRtaW4='

Response samples

Content type
application/json
{
  • "id": "394b8adcce24c64a8a09a0d80abf8c337bd253de",
  • "name": "pickup",
  • "description": "This is the configuration for Pickup application.",
  • "imageUrl": "https://example.com/logo/my-logo.png",
  • "accessUrl": "https://example.com/login",
  • "logoutReturnUrl": "https://example.com/app/logout",
  • "clientId": "SmrrDNXRYf1lMmDlnleeHTuXx_Ea",
  • "issuer": "http://idp.example.com/metadata.php",
  • "templateId": "adwefi2429asdfdf94444rraf44",
  • "isManagementApp": false,
  • "claimConfiguration": {
    },
  • "inboundProtocols": [
    ],
  • "authenticationSequence": {
    },
  • "advancedConfigurations": {
    },
  • "provisioningConfigurations": {
    },
  • "access": "READ"
}

Partially update application by ID

This API provides the capability to partially update an application by ID.
Scope(Permission) required: internal_application_mgt_update

Authorizations:
OAuth2BasicAuth
path Parameters
applicationId
required
string

ID of the application.

Request Body schema: application/json
required

This represents the application details to be updated.

name
string
description
string
imageUrl
string
accessUrl
string
logoutReturnUrl
string
templateId
string
object (ClaimConfiguration)
object (AuthenticationSequence)
object (AdvancedApplicationConfiguration)
object (ProvisioningConfiguration)

Responses

Request samples

Content type
application/json
{
  • "name": "pickup",
  • "description": "This is the configuration for Pickup application.",
  • "imageUrl": "https://example.com/logo/my-logo.png",
  • "accessUrl": "https://example.com/login",
  • "logoutReturnUrl": "https://example.com/app/logout",
  • "templateId": "adwefi2429asdfdf94444rraf44",
  • "claimConfiguration": {},
  • "authenticationSequence": {
    },
  • "advancedConfigurations": {
    },
  • "provisioningConfigurations": {
    }
}

Response samples

Content type
application/json
{
  • "code": "AAA-00000",
  • "message": "Some error message.",
  • "description": "Some error description.",
  • "traceId": "e0fbcfeb-3617-43c4-8dd0-7b7d38e13047"
}

Delete application by ID

This API provides the capability to delete an application by ID.
Scope(Permission) required: internal_application_mgt_delete

Authorizations:
OAuth2BasicAuth
path Parameters
applicationId
required
string

ID of the application.

Responses

Request samples 

curl -X 'DELETE' \
'https://localhost:9443/api/server/v1/applications/{application-id}' \
-H 'accept: */*' \
-H 'Authorization: Basic YWRtaW46YWRtaW4='

Response samples

Content type
application/json
{
  • "code": "AAA-00000",
  • "message": "Some error message.",
  • "description": "Some error description.",
  • "traceId": "e0fbcfeb-3617-43c4-8dd0-7b7d38e13047"
}

Export application as an XML file

This API provides the capability to retrieve the application as an XML file.
Scope(Permission) required: internal_application_mgt_view

Authorizations:
OAuth2BasicAuth
path Parameters
applicationId
required
string

ID of the application.

query Parameters
exportSecrets
boolean
Default: false

Specifies whether to export secrets when exporting an application.

Responses

Request samples 

curl -X 'GET' \
'https://localhost:9443/api/server/v1/applications/{application-id}/export?exportSecrets=false' \
-H 'accept: application/octet-stream' \
-H 'Authorization: Basic YWRtaW46YWRtaW4='

Response samples

Content type
application/json
{
  • "code": "AAA-00000",
  • "message": "Some error message.",
  • "description": "Some error description.",
  • "traceId": "e0fbcfeb-3617-43c4-8dd0-7b7d38e13047"
}

Change application owner

This API provides the capability to change the application owner.
Scope(Permission) required: internal_organization_admin

Authorizations:
OAuth2BasicAuth
path Parameters
applicationId
required
string

ID of the application.

Request Body schema: application/json
id
required
string

Responses

Request samples

Content type
application/json
{
  • "id": "85e3f4b8-0d22-4181-b1e3-1651f71b88bd"
}

Response samples

Content type
application/json
{
  • "code": "AAA-00000",
  • "message": "Some error message.",
  • "description": "Some error description.",
  • "traceId": "e0fbcfeb-3617-43c4-8dd0-7b7d38e13047"
}

Authenticators

Get configured authenticators

This API provides the capability to retrieve the configured authenticators. Scope(Permission) required: internal_application_mgt_view

Authorizations:
OAuth2BasicAuth
path Parameters
applicationId
required
string

ID of the application.

Responses

Request samples 

curl -X 'GET' \
'https://localhost:9443/api/server/v1/applications/{application-id}/authenticators' \
-H 'accept: application/json' \
-H 'Authorization: Basic YWRtaW46YWRtaW4='

Response samples

Content type
application/json
[
  • {
    }
]

Authorized APIs

Get authorized APIs of the application.

This API provides the capability to retrieve all the authorized APIs of the application.

Scope(Permission) required: internal_application_mgt_view

Authorizations:
OAuth2BasicAuth
path Parameters
applicationId
required
string

ID of the application.

Responses

Request samples 

curl --location 'https://localhost:9443/api/server/v1/applications/{application-id}/authorized-apis' \
-H 'Authorization: Basic YWRtaW46YWRtaW4='

Response samples

Content type
application/json
[
  • {
    }
]

Authorized an API to the application

This API provides the capability to authorized an API to the application.

Scope(Permission) required: internal_application_mgt_update

Authorizations:
OAuth2BasicAuth
path Parameters
applicationId
required
string

ID of the application.

Request Body schema: application/json
id
string
policyIdentifier
string
scopes
Array of strings

Responses

Request samples

Content type
application/json
{
  • "id": "65b52595-9ca1-4539-aca2-56178643c58b",
  • "policyIdentifier": "RBAC",
  • "scopes": [
    ]
}

Response samples

Content type
application/json
{
  • "code": "AAA-00000",
  • "message": "Some error message.",
  • "description": "Some error description.",
  • "traceId": "e0fbcfeb-3617-43c4-8dd0-7b7d38e13047"
}

Update authorized API scopes

This API provides the capability to update an authorized API of the application.

Scope(Permission) required: internal_application_mgt_update

Authorizations:
OAuth2BasicAuth
path Parameters
applicationId
required
string

ID of the application.

apiId
required
string

ID of the API resource.

Request Body schema: application/json
addedScopes
Array of strings
removedScopes
Array of strings

Responses

Request samples

Content type
application/json
{
  • "addedScopes": [
    ],
  • "removedScopes": [
    ]
}

Response samples

Content type
application/json
{
  • "code": "AAA-00000",
  • "message": "Some error message.",
  • "description": "Some error description.",
  • "traceId": "e0fbcfeb-3617-43c4-8dd0-7b7d38e13047"
}

Remove API authorization from the application

This API provides the capability to delete an authorized API of the application.

Scope(Permission) required: internal_application_mgt_update

Authorizations:
OAuth2BasicAuth
path Parameters
applicationId
required
string

ID of the application.

apiId
required
string

ID of the API resource.

Responses

Request samples 

curl --location --request DELETE 'https://localhost:9443/api/server/v1/applications/{application-id}/authorized-apis/{api-id}' \
-H 'Authorization: Basic YWRtaW46YWRtaW4='

Response samples

Content type
application/json
{
  • "code": "AAA-00000",
  • "message": "Some error message.",
  • "description": "Some error description.",
  • "traceId": "e0fbcfeb-3617-43c4-8dd0-7b7d38e13047"
}

Resident Application

Get Resident application

This API provides the capability to retrieve the resident application information.
Scope(Permission) required: internal_application_mgt_view

Authorizations:
OAuth2BasicAuth

Responses

Request samples 

curl -X 'GET' \
'https://localhost:9443/api/server/v1/applications/resident' \
-H 'accept: application/json' \
-H 'Authorization: Basic YWRtaW46YWRtaW4='

Response samples

Content type
application/json
{
  • "provisioningConfigurations": {
    }
}

Update resident application

This API provides the capability to update the Resident Application Configuration.
Scope(Permission) required: internal_application_mgt_update

Authorizations:
OAuth2BasicAuth
Request Body schema: application/json
required

This represents the provisioning configuration of the resident application.

object (InboundSCIMProvisioningConfiguration)
Array of objects (OutboundProvisioningConfiguration)

Responses

Request samples

Content type
application/json
{
  • "inboundProvisioning": {
    },
  • "outboundProvisioningIdps": [
    ]
}

Response samples

Content type
application/json
{
  • "code": "AAA-00000",
  • "message": "Some error message.",
  • "description": "Some error description.",
  • "traceId": "e0fbcfeb-3617-43c4-8dd0-7b7d38e13047"
}

Inbound Protocols

Retrieve inbound protocol configurations

This API provides the capability to retrieve authentication protocol configurations of an application.
Scope(Permission) required: internal_application_mgt_view

Authorizations:
OAuth2BasicAuth
path Parameters
applicationId
required
string

ID of the application.

Responses

Request samples 

curl -X 'GET' \
'https://localhost:9443/api/server/v1/applications/{application-id}/inbound-protocols/' \
-H 'accept: application/json' \
-H 'Authorization: Basic YWRtaW46YWRtaW4='

Response samples

Content type
application/json
[
  • {
    }
]

Inbound Protocols - SAML

Retrieve SAML2 authentication protocol parameters

This API provides the capability to retrieve SAML2 authentication protocol parameters of an application.
Scope(Permission) required: internal_application_mgt_view

Authorizations:
OAuth2BasicAuth
path Parameters
applicationId
required
string

ID of the application.

Responses

Request samples 

curl -X 'GET' \
'https://localhost:9443/api/server/v1/applications/{application-id}/inbound-protocols/saml' \
-H 'accept: application/json' \
-H 'Authorization: Basic YWRtaW46YWRtaW4='

Response samples

Content type
application/json
{
  • "issuer": "string",
  • "serviceProviderQualifier": "string",
  • "assertionConsumerUrls": [
    ],
  • "defaultAssertionConsumerUrl": "string",
  • "idpEntityIdAlias": "string",
  • "singleSignOnProfile": {},
  • "attributeProfile": {
    },
  • "singleLogoutProfile": {
    },
  • "requestValidation": {
    },
  • "responseSigning": {
    },
  • "enableAssertionQueryProfile": false
}

Update SAML2 authentication protocol parameters

This API provides the capability to store SAML2 authentication protocol parameters of an application.
Scope(Permission) required: internal_application_mgt_update

  • There are three methods to create/update SAML2 authentication protocol configuration.
    1. Metadata File (by sending the Base64 encoded content of the metadata file.)
    2. Metadata URL
    3. Manual configuration
Authorizations:
OAuth2BasicAuth
path Parameters
applicationId
required
string

ID of the application.

Request Body schema: application/json
required

This represents the SAML2 protocol attributes of the application.

metadataFile
string
metadataURL
string
object (SAML2ServiceProvider)

Responses

Request samples

Content type
application/json
{
  • "metadataFile": "Base64 encoded metadata file content",
  • "metadataURL": "https://example.com/samlsso/meta",
  • "manualConfiguration": {
    }
}

Response samples

Content type
application/json
{
  • "code": "AAA-00000",
  • "message": "Some error message.",
  • "description": "Some error description.",
  • "traceId": "e0fbcfeb-3617-43c4-8dd0-7b7d38e13047"
}

Delete SAML2 authentication protocol parameters

This API provides the capability to delete SAML2 authentication protocol parameters of an application.
Scope(Permission) required: internal_application_mgt_delete

Authorizations:
OAuth2BasicAuth
path Parameters
applicationId
required
string

ID of the application.

Responses

Request samples 

curl -X 'DELETE' \
'https://localhost:9443/api/server/v1/applications/{application-id}/inbound-protocols/saml' \
-H 'accept: */*' \
-H 'Authorization: Basic YWRtaW46YWRtaW4='

Response samples

Content type
application/json
{
  • "code": "AAA-00000",
  • "message": "Some error message.",
  • "description": "Some error description.",
  • "traceId": "e0fbcfeb-3617-43c4-8dd0-7b7d38e13047"
}

Inbound Protocols - OAuth / OIDC

Retrieve OIDC authentication protocol parameters

This API provides the capability to retrieve OIDC authentication protocol parameters of an application.
Scope(Permission) required: internal_application_mgt_view

Authorizations:
OAuth2BasicAuth
path Parameters
applicationId
required
string

ID of the application

Responses

Request samples 

curl -X 'GET' \
'https://localhost:9443/api/server/v1/applications/{application-id}/inbound-protocols/oidc' \
-H 'accept: application/json' \
-H 'Authorization: Basic YWRtaW46YWRtaW4='

Response samples

Content type
application/json
{
  • "clientId": "string",
  • "clientSecret": "string",
  • "state": "ACTIVE",
  • "grantTypes": [
    ],
  • "callbackURLs": [
    ],
  • "allowedOrigins": [],
  • "publicClient": false,
  • "pkce": {
    },
  • "accessToken": {
    },
  • "refreshToken": {
    },
  • "idToken": {},
  • "logout": {},
  • "validateRequestObjectSignature": false,
  • "scopeValidators": [
    ]
}

Update OIDC authentication protocol parameters

This API provides the capability to store OIDC authentication protocol parameters of an application.
Scope(Permission) required: internal_application_mgt_update

Authorizations:
OAuth2BasicAuth
path Parameters
applicationId
required
string

ID of the application.

Request Body schema: application/json
required

This represents the OIDC authentication protocol parameters of an application.

clientId
string
clientSecret
string
grantTypes
required
Array of strings non-empty
callbackURLs
Array of strings

Authorized redirect URIs

allowedOrigins
Array of strings

Authorized JavaScript origins. CORS requests will be allowed to these origins.

publicClient
boolean
Default: false

Enabling this option will allow the client to authenticate without a client secret.

object (OAuth2PKCEConfiguration)
object (AccessTokenConfiguration)
object (RefreshTokenConfiguration)
object (IdTokenConfiguration)
object (OIDCLogoutConfiguration)
validateRequestObjectSignature
boolean
Default: false
scopeValidators
Array of strings

Responses

Request samples

Content type
application/json
{
  • "clientId": "string",
  • "clientSecret": "string",
  • "grantTypes": [
    ],
  • "callbackURLs": [
    ],
  • "allowedOrigins": [],
  • "publicClient": false,
  • "pkce": {
    },
  • "accessToken": {
    },
  • "refreshToken": {
    },
  • "idToken": {},
  • "logout": {},
  • "validateRequestObjectSignature": false,
  • "scopeValidators": [
    ]
}

Response samples

Content type
application/json
{
  • "code": "AAA-00000",
  • "message": "Some error message.",
  • "description": "Some error description.",
  • "traceId": "e0fbcfeb-3617-43c4-8dd0-7b7d38e13047"
}

Delete OIDC authentication protocol parameters

This API provides the capability to delete OIDC authentication protocol parameters of an application.
Scope(Permission) required: internal_application_mgt_delete

Authorizations:
OAuth2BasicAuth
path Parameters
applicationId
required
string

ID of the application.

Responses

Request samples 

curl -X 'DELETE' \
'https://localhost:9443/api/server/v1/applications/{application-id}/inbound-protocols/oidc' \
-H 'accept: */*' \
-H 'Authorization: Basic YWRtaW46YWRtaW4='

Response samples

Content type
application/json
{
  • "code": "AAA-00000",
  • "message": "Some error message.",
  • "description": "Some error description.",
  • "traceId": "e0fbcfeb-3617-43c4-8dd0-7b7d38e13047"
}

Regenerate the OAuth2/OIDC client secret

This API regenerates the OAuth2/OIDC client secret.
Scope(Permission) required: internal_application_mgt_create

Authorizations:
OAuth2BasicAuth
path Parameters
applicationId
required
string

ID of the application

Responses

Request samples 

curl -X 'POST' \
'https://localhost:9443/api/server/v1/applications/{application-id}/inbound-protocols/oidc/regenerate-secret' \
-H 'accept: application/json' \
-H 'Authorization: Basic YWRtaW46YWRtaW4=' \
-d ''

Response samples

Content type
application/json
{
  • "clientId": "string",
  • "clientSecret": "string",
  • "state": "ACTIVE",
  • "grantTypes": [
    ],
  • "callbackURLs": [
    ],
  • "allowedOrigins": [],
  • "publicClient": false,
  • "pkce": {
    },
  • "accessToken": {
    },
  • "refreshToken": {
    },
  • "idToken": {},
  • "logout": {},
  • "validateRequestObjectSignature": false,
  • "scopeValidators": [
    ]
}

Revoke the OAuth2/OIDC client of application

This API revokes the OAuth2/OIDC client secret. To re-activate the client, the client secret needs to be regenerated.
Scope(Permission) required: internal_application_mgt_create

Authorizations:
OAuth2BasicAuth
path Parameters
applicationId
required
string

ID of the application

Responses

Request samples 

curl -X 'POST' \
'https://localhost:9443/api/server/v1/applications/{application-id}/inbound-protocols/oidc/revoke' \
-H 'accept: */*' \
-H 'Authorization: Basic YWRtaW46YWRtaW4=' \
-d ''

Response samples

Content type
application/json
{
  • "code": "AAA-00000",
  • "message": "Some error message.",
  • "description": "Some error description.",
  • "traceId": "e0fbcfeb-3617-43c4-8dd0-7b7d38e13047"
}

Inbound Protocols - Passive STS

Retrieve Passive STS authentication protocol parameters

This API provides the capability to retrieve Passive STS authentication protocol parameters of an application.
Scope(Permission) required: internal_application_mgt_view

Authorizations:
OAuth2BasicAuth
path Parameters
applicationId
required
string

ID of the application

Responses

Request samples 

curl -X 'GET' \
'https://localhost:9443/api/server/v1/applications/{application-id}/inbound-protocols/passive-sts' \
-H 'accept: application/json' \
-H 'Authorization: Basic YWRtaW46YWRtaW4='

Response samples

Content type
application/json
{
  • "realm": "string",
  • "replyTo": "string"
}

Update Passive STS authentication protocol parameters

This API provides the capability to store passive STS authentication protocol parameters of an application.
Scope(Permission) required: internal_application_mgt_update

Authorizations:
OAuth2BasicAuth
path Parameters
applicationId
required
string

ID of the application.

Request Body schema: application/json
required

This represents the Passive STS authentication protocol parameters of an application.

realm
required
string
replyTo
required
string

Responses

Request samples

Content type
application/json
{
  • "realm": "string",
  • "replyTo": "string"
}

Response samples

Content type
application/json
{
  • "code": "AAA-00000",
  • "message": "Some error message.",
  • "description": "Some error description.",
  • "traceId": "e0fbcfeb-3617-43c4-8dd0-7b7d38e13047"
}

Delete Passive STS authentication protocol parameters

This API provides the capability to delete Passive STS authentication protocol parameters of an application.
Scope(Permission) required: internal_application_mgt_delete

Authorizations:
OAuth2BasicAuth
path Parameters
applicationId
required
string

ID of the application.

Responses

Request samples 

curl -X 'DELETE' \
'https://localhost:9443/api/server/v1/applications/{application-id}/inbound-protocols/passive-sts' \
-H 'accept: */*' \
-H 'Authorization: Basic YWRtaW46YWRtaW4='

Response samples

Content type
application/json
{
  • "code": "AAA-00000",
  • "message": "Some error message.",
  • "description": "Some error description.",
  • "traceId": "e0fbcfeb-3617-43c4-8dd0-7b7d38e13047"
}

Inbound Protocols - WS Trust

Retrieve WS Trust authentication protocol parameters

This API provides the capability to retrieve Passive STS authentication protocol parameters of an application.
Scope(Permission) required: internal_application_mgt_view

Authorizations:
OAuth2BasicAuth
path Parameters
applicationId
required
string

ID of the application

Responses

Request samples 

curl -X 'GET' \
'https://localhost:9443/api/server/v1/applications/{application-id}/inbound-protocols/ws-trust' \
-H 'accept: application/json' \
-H 'Authorization: Basic YWRtaW46YWRtaW4='

Response samples

Content type
application/json
{}

Update WS Trust authentication protocol parameters

This API provides the capability to store WS Trust authentication protocol parameters of an application.
Scope(Permission) required: internal_application_mgt_update

Authorizations:
OAuth2BasicAuth
path Parameters
applicationId
required
string

ID of the application.

Request Body schema: application/json
required

This represents the Passive STS authentication protocol parameters of an application.

audience
required
string

Audience value of the trusted service

certificateAlias
required
string

Responses

Request samples

Content type
application/json
{}

Response samples

Content type
application/json
{
  • "code": "AAA-00000",
  • "message": "Some error message.",
  • "description": "Some error description.",
  • "traceId": "e0fbcfeb-3617-43c4-8dd0-7b7d38e13047"
}

Delete WS Trust authentication protocol parameters

This API provides the capability to delete WS Trust authentication protocol parameters of an application.
Scope(Permission) required: internal_application_mgt_delete

Authorizations:
OAuth2BasicAuth
path Parameters
applicationId
required
string

ID of the application.

Responses

Request samples 

curl -X 'DELETE' \
'https://localhost:9443/api/server/v1/applications/{application-id}/inbound-protocols/ws-trust' \
-H 'accept: */*' \
-H 'Authorization: Basic YWRtaW46YWRtaW4='

Response samples

Content type
application/json
{
  • "code": "AAA-00000",
  • "message": "Some error message.",
  • "description": "Some error description.",
  • "traceId": "e0fbcfeb-3617-43c4-8dd0-7b7d38e13047"
}

Inbound Protocols - Custom

Retrieve custom inbound authentication protocol parameters

This API provides the capability to retrieve custom inbound authentication protocol parameters of an application.
Scope(Permission) required: internal_application_mgt_view

Authorizations:
OAuth2BasicAuth
path Parameters
applicationId
required
string

ID of the application

inboundProtocolId
required
string

Inbound Authentication Protocol ID

Responses

Request samples 

curl -X 'GET' \
'https://localhost:9443/api/server/v1/applications/{application-id}/inbound-protocols/{inbound-protocol-id}' \
-H 'accept: application/json' \
-H 'Authorization: Basic YWRtaW46YWRtaW4='

Response samples

Content type
application/json
{
  • "name": "cas",
  • "configName": "cas",
  • "properties": []
}

Update the custom inbound authentication protocol parameters

This API provides the capability to store custom inbound authentication protocol parameters of an application.
Scope(Permission) required: internal_application_mgt_update

Authorizations:
OAuth2BasicAuth
path Parameters
applicationId
required
string

ID of the application.

inboundProtocolId
required
string

Inbound Authentication Protocol ID

Request Body schema: application/json
required

This represents the Custom Inbound authentication protocol parameters of an application.

name
required
string
configName
required
string
Array of objects (PropertyModel)

Responses

Request samples

Content type
application/json
{
  • "name": "cas",
  • "configName": "cas",
  • "properties": []
}

Response samples

Content type
application/json
{
  • "code": "AAA-00000",
  • "message": "Some error message.",
  • "description": "Some error description.",
  • "traceId": "e0fbcfeb-3617-43c4-8dd0-7b7d38e13047"
}

Delete custom inbound authentication protocol parameters

This API provides the capability to delete custom inbound authentication protocol of an application.
Scope(Permission) required: internal_application_mgt_delete

Authorizations:
OAuth2BasicAuth
path Parameters
applicationId
required
string

ID of the application.

inboundProtocolId
required
string

Inbound Authentication Protocol ID

Responses

Request samples 

curl -X 'DELETE' \
'https://localhost:9443/api/server/v1/applications/{application-id}/inbound-protocols/{inbound-protocol-id}' \
-H 'accept: */*' \
-H 'Authorization: Basic YWRtaW46YWRtaW4='

Response samples

Content type
application/json
{
  • "code": "AAA-00000",
  • "message": "Some error message.",
  • "description": "Some error description.",
  • "traceId": "e0fbcfeb-3617-43c4-8dd0-7b7d38e13047"
}

Application Metadata

Retrieve the list of inbound authentication protocols available

This API provides the capability to retrieve the list of inbound authentication protocols available. If the query parameter 'customOnly' is set to true, only custom inbound protocols will be listed.
Scope(Permission) required: internal_application_mgt_view

Authorizations:
OAuth2BasicAuth
query Parameters
customOnly
boolean
Default: false
Example: customOnly=true

Send only the custom inbound protocols.

Responses

Request samples 

curl -X 'GET' \
'https://localhost:9443/api/server/v1/applications/meta/inbound-protocols?customOnly=true' \
-H 'accept: application/json' \
-H 'Authorization: Basic YWRtaW46YWRtaW4='

Response samples

Content type
application/json
[
  • {
    }
]

Retrieve all the metadata related to the auth protocol SAML

This API provides the capability to retrieve all the metadata related to the auth protocol SAML.
Scope(Permission) required: internal_application_mgt_view

Authorizations:
OAuth2BasicAuth

Responses

Request samples 

curl -X 'GET' \
'https://localhost:9443/api/server/v1/applications/meta/inbound-protocols/saml' \
-H 'accept: application/json' \
-H 'Authorization: Basic YWRtaW46YWRtaW4='

Response samples

Content type
application/json
{
  • "defaultNameIdFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
  • "certificateAlias": {
    },
  • "responseSigningAlgorithm": {
    },
  • "responseDigestAlgorithm": {
    },
  • "assertionEncryptionAlgorithm": {
    },
  • "keyEncryptionAlgorithm": {
    }
}

Retrieve all the metadata related to the authentication protocol OAuth / OIDC

This API provides the capability to retrieve all the metadata related to the authentication protocol OAuth / OIDC.
Scope(Permission) required: internal_application_mgt_view

Authorizations:
OAuth2BasicAuth

Responses

Request samples 

curl -X 'GET' \
'https://localhost:9443/api/server/v1/applications/meta/inbound-protocols/oidc' \
-H 'accept: application/json' \
-H 'Authorization: Basic YWRtaW46YWRtaW4='

Response samples

Content type
application/json
{
  • "allowedGrantTypes": {
    },
  • "defaultUserAccessTokenExpiryTime": "3600",
  • "defaultApplicationAccessTokenExpiryTime": "3600",
  • "defaultRefreshTokenExpiryTime": "86400",
  • "defaultIdTokenExpiryTime": "3600",
  • "idTokenEncryptionAlgorithm": {
    },
  • "idTokenEncryptionMethod": {
    },
  • "scopeValidators": {
    },
  • "accessTokenType": {
    },
  • "accessTokenBindingType": {
    }
}

Retrieve all the metadata related to the auth protocol WS Trust

This API provides the capability to retrieve all the metadata related to the auth protocol WS_Trust.
Scope(Permission) required: internal_application_mgt_view

Authorizations:
OAuth2BasicAuth

Responses

Request samples 

curl -X 'GET' \
'https://localhost:9443/api/server/v1/applications/meta/inbound-protocols/ws-trust' \
-H 'accept: application/json' \
-H 'Authorization: Basic YWRtaW46YWRtaW4='

Response samples

Content type
application/json
{
  • "certificateAlias": {
    }
}

Retrieve all the metadata related to the custom auth protocol identified by the inboundProtocolId

This API provides the capability to retrieve all the metadata related to the custom auth protocol identified by the inboundProtocolId. The URL encoded inbound protocol name is used as inboundProtocolId.
Scope(Permission) required: internal_application_mgt_view

Authorizations:
OAuth2BasicAuth
path Parameters
inboundProtocolId
required
string

Inbound Authentication Protocol ID

Responses

Request samples 

curl -X 'GET' \
'https://localhost:9443/api/server/v1/applications/meta/inbound-protocols/{inbound-protocol-id}' \
-H 'accept: application/json' \
-H 'Authorization: Basic YWRtaW46YWRtaW4='

Response samples

Content type
application/json
{}

Retrieve adaptive authentication sample templates

This API provides the capability to retrieve the sample adaptive authentication templates.
Scope(Permission) required: internal_application_mgt_view

Authorizations:
OAuth2BasicAuth

Responses

Request samples 

curl -X 'GET' \
'https://localhost:9443/api/server/v1/applications/meta/adaptive-auth-templates' \
-H 'accept: application/json' \
-H 'Authorization: Basic YWRtaW46YWRtaW4='

Response samples

Content type
application/json
{
  • "templatesJSON": "Adaptive Auth Templates JSON"
}

Application Templates

List application templates

This API provides the capability to retrieve the list of templates available.
Scope(Permission) required: internal_application_mgt_view

Authorizations:
OAuth2BasicAuth
query Parameters
limit
integer

Maximum number of records to return.

offset
integer

Number of records to skip for pagination.

filter
string

Condition to filter the retrieval of records. Supports 'sw', 'co', 'ew', and 'eq' operations with 'and', 'or' logical operators. Note that 'and' and 'or' operators in filters follow the general precedence of logical operators. For example, A and B or C and D = (A and B) or (C and D)). Currently supports only filtering based on the 'name', the 'clientId', and the 'issuer' attributes.

/applications?filter=name+eq+user_portal
/applications?filter=name+co+prod+or+clientId+co+123

Responses

Request samples 

curl -X 'GET' \
'https://localhost:9443/api/server/v1/applications/templates' \
-H 'accept: application/json' \
-H 'Authorization: Basic YWRtaW46YWRtaW4='

Response samples

Content type
application/json
{
  • "templates": [
    ]
}

Add application template

This API provides the capability to store the application template provided by users.
Scope(Permission) required: internal_application_mgt_create

Authorizations:
OAuth2BasicAuth
Request Body schema: application/json
required

This represents the application template to be created.

name
required
string
description
string
image
string
authenticationProtocol
string
types
Array of strings
category
string
Enum: "DEFAULT" "VENDOR"
templateGroup
string
displayOrder
integer
required
object (ApplicationModel)

Responses

Request samples

Content type
application/json
{
  • "name": "OIDC Protocol Template",
  • "description": "Template to be used for Single Page Applications",
  • "image": "https://example.com/logo/my-logo.png",
  • "authenticationProtocol": "oidc",
  • "types": [
    ],
  • "category": "DEFAULT",
  • "templateGroup": "web-application",
  • "displayOrder": 2,
  • "application": {
    }
}

Response samples

Content type
application/json
{
  • "code": "AAA-00000",
  • "message": "Some error message.",
  • "description": "Some error description.",
  • "traceId": "e0fbcfeb-3617-43c4-8dd0-7b7d38e13047"
}

Retrieve application template by ID

This API provides the capability to retrieve the application template from the template id.
Scope(Permission) required: internal_application_mgt_view

Authorizations:
OAuth2BasicAuth
path Parameters
template-id
required
string

Application template ID. This should be a valid locale.

Responses

Request samples 

curl -X 'GET' \
'https://localhost:9443/api/server/v1/applications/templates/{template-id}' \
-H 'accept: application/json' \
-H 'Authorization: Basic YWRtaW46YWRtaW4='

Response samples

Content type
application/json
{
  • "id": "85e3f4b8-0d22-4181-b1e3-1651f71b88bd",
  • "name": "OIDC Protocol Template",
  • "description": "Template to be used for Single Page Applications",
  • "image": "https://example.com/logo/my-logo.png",
  • "authenticationProtocol": "oidc",
  • "types": [
    ],
  • "category": "DEFAULT",
  • "templateGroup": "web-application",
  • "displayOrder": 2,
  • "application": {
    }
}

Update the application template by the template ID

This API provides the capability to update an application template by the template ID.
Scope(Permission) required: internal_application_mgt_update

Authorizations:
OAuth2BasicAuth
path Parameters
template-id
required
string

Application template ID. This should be a valid locale.

Request Body schema: application/json
required

This represents the new application template.

name
required
string
description
string
image
string
authenticationProtocol
string
types
Array of strings
category
string
Enum: "DEFAULT" "VENDOR"
templateGroup
string
displayOrder
integer
required
object (ApplicationModel)

Responses

Request samples

Content type
application/json
{
  • "name": "OIDC Protocol Template",
  • "description": "Template to be used for Single Page Applications",
  • "image": "https://example.com/logo/my-logo.png",
  • "authenticationProtocol": "oidc",
  • "types": [
    ],
  • "category": "DEFAULT",
  • "templateGroup": "web-application",
  • "displayOrder": 2,
  • "application": {
    }
}

Response samples

Content type
application/json
{
  • "code": "AAA-00000",
  • "message": "Some error message.",
  • "description": "Some error description.",
  • "traceId": "e0fbcfeb-3617-43c4-8dd0-7b7d38e13047"
}

Delete application template by template ID

This API provides the capability to delete an application template by template ID.
Scope(Permission) required: internal_application_mgt_delete

Authorizations:
OAuth2BasicAuth
path Parameters
template-id
required
string

Application template ID. This should be a valid locale.

Responses

Request samples 

curl -X 'DELETE' \
'https://localhost:9443/api/server/v1/applications/templates/{template-id}' \
-H 'accept: */*' \
-H 'Authorization: Basic YWRtaW46YWRtaW4='

Response samples

Content type
application/json
{
  • "code": "AAA-00000",
  • "message": "Some error message.",
  • "description": "Some error description.",
  • "traceId": "e0fbcfeb-3617-43c4-8dd0-7b7d38e13047"
}

Application Sharing

Share the application from the root organization to the given organization(s).

This API provides the capability to share an application with organizations.

Scope(Permission) required: internal_shared_application_create

Authorizations:
OAuth2BasicAuth
path Parameters
applicationId
required
string
Example: c75e27f9-98c7-4518-a968-c6cd59f0ac6b

ID of the application which will be shared to organizations.

Request Body schema: application/json
required
shareWithAllChildren
boolean
Default: false
sharedOrganizations
Array of strings

Responses

Request samples

Content type
application/json
{
  • "shareWithAllChildren": false,
  • "sharedOrganizations": [
    ]
}

Response samples

Content type
application/json
{
  • "code": "AAA-00000",
  • "message": "Some error message.",
  • "description": "Some error description.",
  • "traceId": "e0fbcfeb-3617-43c4-8dd0-7b7d38e13047"
}

List of organizations that the application is shared to.

This API returns the list of organizations that the application is shared to.

Scope(Permission) required: internal_shared_application_view

Authorizations:
OAuth2BasicAuth
path Parameters
applicationId
required
string

ID of the application which is shared to organizations.

Responses

Request samples 

curl --location 'https://localhost:9443/api/server/v1/applications/{application-id}/share' \
-H 'Accept: application/json' \
-H 'Authorization: Basic YWRtaW46YWRtaW4='

Response samples

Content type
application/json
{
  • "organizations": [
    ]
}

List of shared applications along with its organization.

This API returns the list of shared app ids along with the shared organization id.

Scope(Permission) required: internal_shared_application_view

Authorizations:
OAuth2BasicAuth
path Parameters
applicationId
required
string

ID of the application which is shared to organizations.

Responses

Request samples 

curl --location 'https://localhost:9443/api/server/v1/applications/{application-id}/shared-apps' \
-H 'Accept: application/json' \
-H 'Authorization: Basic YWRtaW46YWRtaW4='

Response samples

Content type
application/json
{
  • "sharedApplications": [
    ]
}

Stop sharing an application with all organizations.

This API provides the capability to stop sharing an application to all organizations the application is shared to.

Scope(Permission) required: internal_shared_application_delete

Authorizations:
OAuth2BasicAuth
path Parameters
applicationId
required
string

ID of the application.

Responses

Request samples 

curl --location --request DELETE 'https://localhost:9443/api/server/v1/applications/{application-id}/shared-apps' \
-H 'Accept: application/json' \
-H 'Authorization: Basic YWRtaW46YWRtaW4='

Response samples

Content type
application/json
{
  • "code": "AAA-00000",
  • "message": "Some error message.",
  • "description": "Some error description.",
  • "traceId": "e0fbcfeb-3617-43c4-8dd0-7b7d38e13047"
}

Stop sharing an application to a organization.

This API provides the capability to stop sharing an application to an organization by providing its ID.

Scope(Permission) required: internal_shared_application_delete

Authorizations:
OAuth2BasicAuth
path Parameters
applicationId
required
string

ID of the application.

shared-organization-id
required
string

ID of the organization to stop sharing.

Responses

Request samples 

curl --location --request DELETE 'https://localhost:9443/api/server/v1/applications/{application-id}/share/{shared-organization-id}' \
-H 'Accept: application/json' \
-H 'Authorization: Basic YWRtaW46YWRtaW4='

Response samples

Content type
application/json
{
  • "code": "AAA-00000",
  • "message": "Some error message.",
  • "description": "Some error description.",
  • "traceId": "e0fbcfeb-3617-43c4-8dd0-7b7d38e13047"
}