Applications

The Applications API provides operations to manage applications and/or assignments to users or groups for your organization.

List all Applications
OAuth 2.0: okta.apps.read

Lists all applications with pagination. A subset of apps can be returned that match a supported filter expression or query.

Request
query Parameters
q
string
after
string

Specifies the pagination cursor for the next page of apps

limit
integer <int32>
Default: -1

Specifies the number of results for a page

filter
string

Filters apps by status, user.id, group.id or credentials.signing.kid expression

expand
string

An optional parameter used for link expansion to embed more resources in the response. Only supports expand=user/{userId} and must be used with the user.id eq "{userId}" filter query for the same user. Returns the assigned Application User in the _embedded property.

Example: expand=user/{userId}
includeNonDeleted
boolean
Default: false
Responses
200

Success

403

Forbidden

429

Too Many Requests

get/api/v1/apps
Request samples 
Response samples 
application/json
[
  • {
    • "accessibility": {
      },
    • "created": "2019-08-24T14:15:22Z",
    • "features": [
      ],
    • "id": "string",
    • "label": "string",
    • "lastUpdated": "2019-08-24T14:15:22Z",
    • "licensing": {
      },
    • "profile": {
      },
    • "signOnMode": "AUTO_LOGIN",
    • "status": "ACTIVE",
    • "visibility": {
      },
    • "_embedded": {
      },
    • "_links": {
      }
    }
]
Create an Application
OAuth 2.0: okta.apps.manage
Creates a new application to your Okta organization


Request 
query Parameters
activate
boolean
 Default:  true
Executes activation lifecycle operation when creating the app


 
header Parameters
OktaAccessGateway-Agent
string
 
Request Body schema: application/json
required
object (ApplicationAccessibility) 
Specifies access settings for the app


 
errorRedirectUrl
string
Custom error page URL for the app


 
loginRedirectUrl
string
Custom login page URL for the app


 
selfService
boolean
Represents whether the app can be self-assignable by users


 
features
Array of strings
Enabled app features


 
label
string (ApplicationLabel) 
User-defined display name for app


 
object (ApplicationLicensing) 
 
seatCount
integer
Number of licenses purchased for the app


 
object
Contains any valid JSON schema for specifying properties that can be referenced from a request (only available to OAuth 2.0 client apps)


 
property name*
additional property
object
 
signOnMode
string (ApplicationSignOnMode) 
Authentication mode for the app


 
object (ApplicationVisibility) 
 
object
Links or icons that appear on the End-User Dashboard when they're assigned to the app


 
property name*
additional property
boolean
 
autoLaunch
boolean
Automatically signs in to the app when user signs into Okta


 
autoSubmitToolbar
boolean
Automatically sign in when user lands on the sign-in page


 
object (ApplicationVisibilityHide) 
Hides the app for specific end-user apps


 
iOS
boolean
 
web
boolean
 
object (ApplicationLinks) 
Discoverable resources related to the app


 
Array of objects (Link Object) 
 
 Array 
object
Describes allowed HTTP verbs for the href


 
href
required
string
Link URI


 
name
string
Link name


 
type
string
The media type of the link. If omitted, it is implicitly application/json.


 
object (SchemeApplicationCredentials) 
Credentials for the specified signOnMode


 
object
 
kid
string
 
rotationMode
string
 
use
string
 Value: "sig"  
object (ApplicationCredentialsUsernameTemplate) 
 
pushStatus
string
 
template
string
 
type
string
 
userSuffix
string
 
object (PasswordCredential) 
When a user has a valid password, imported hashed password, or password hook, and a response object contains
a password credential, then the password object is a bare object without the value property defined (for example, password: {}). This 
indicates that a password value exists. You can modify password policy requirements in the Admin Console by editing the Password
authenticator:  Security > Authenticators > Password (or for Okta Classic orgs, use Security > Authentication > Password).


 
object (PasswordCredentialHash) 
Specifies a hashed password to import into Okta. This allows an existing password to be imported into Okta directly
from some other store. Okta supports the BCRYPT, SHA-512, SHA-256, SHA-1, MD5, and PBKDF2 hash functions for password import.
 A hashed password may be specified in a Password object when creating or updating a user, but not for other operations.
 See Create User with Imported Hashed Password
 for information on using this object when creating a user. When updating a user with a hashed password, the user must be in the STAGED status.


 
object (PasswordCredentialHook) 
Specify a password import inline hook to trigger verification of the user's password
the first time the user logs in. This allows an existing password to be imported into Okta directly from some other store.
See Create User with Password Hook for information on using this object when creating a user.


 
value
string <password> 
Specifies the password for a user. The Password Policy validates this password.


 
revealPassword
boolean
Allow users to securely see their password


 
scheme
string (ApplicationCredentialsScheme) 
 Enum: "ADMIN_SETS_CREDENTIALS" "EDIT_PASSWORD_ONLY" "EDIT_USERNAME_AND_PASSWORD" "EXTERNAL_PASSWORD_SYNC" "SHARED_USERNAME_AND_PASSWORD"  
userName
string
 
name
string
Unique key for the application definition


 
object (AutoLoginApplicationSettings) 
App settings


 
identityStoreId
string
 
implicitAssignment
boolean
 
inlineHookId
string
 
object (ApplicationSettingsNotes) 
 
admin
string
 
enduser
string
 
object (ApplicationSettingsNotifications) 
 
object (ApplicationSettingsNotificationsVpn) 
 
object (AutoLoginApplicationSettingsSignOn) 
 
loginUrl
string
Primary URL of the sign-in page for this app


 
redirectUrl
string
Secondary URL of the sign-in page for this app


 
Responses 
200
Success


400
Bad Request


403
Forbidden


429
Too Many Requests


post/api/v1/apps
Request samples 
application/json
{
  • "accessibility": {
    • "errorRedirectUrl": "string",
    • "loginRedirectUrl": "string",
    • "selfService": true
    },
  • "features": [
    • "string"
    ],
  • "label": "string",
  • "licensing": {
    • "seatCount": 0
    },
  • "profile": {
    • "property1": { },
    • "property2": { }
    },
  • "signOnMode": "AUTO_LOGIN",
  • "visibility": {
    • "appLinks": {
      },
    • "autoLaunch": true,
    • "autoSubmitToolbar": true,
    • "hide": {
      }
    },
  • "_links": {
    • "logo": [
      ]
    },
  • "credentials": {
    • "signing": {
      },
    • "userNameTemplate": {
      },
    • "password": {
      },
    • "revealPassword": true,
    • "scheme": "ADMIN_SETS_CREDENTIALS",
    • "userName": "string"
    },
  • "name": "string",
  • "settings": {
    • "identityStoreId": "string",
    • "implicitAssignment": true,
    • "inlineHookId": "string",
    • "notes": {
      },
    • "notifications": {
      },
    • "signOn": {
      }
    }
}
Response samples 
application/json
{
  • "accessibility": {
    • "errorRedirectUrl": "string",
    • "loginRedirectUrl": "string",
    • "selfService": true
    },
  • "created": "2019-08-24T14:15:22Z",
  • "features": [
    • "string"
    ],
  • "id": "string",
  • "label": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "licensing": {
    • "seatCount": 0
    },
  • "profile": {
    • "property1": { },
    • "property2": { }
    },
  • "signOnMode": "AUTO_LOGIN",
  • "status": "ACTIVE",
  • "visibility": {
    • "appLinks": {
      },
    • "autoLaunch": true,
    • "autoSubmitToolbar": true,
    • "hide": {
      }
    },
  • "_embedded": {
    • "property1": { },
    • "property2": { }
    },
  • "_links": {
    • "accessPolicy": {
      },
    • "activate": {
      },
    • "deactivate": {
      },
    • "groups": {
      },
    • "logo": [
      ],
    • "metadata": {
      },
    • "self": {
      },
    • "users": {
      }
    },
  • "credentials": {
    • "signing": {
      },
    • "userNameTemplate": {
      },
    • "password": {
      },
    • "revealPassword": true,
    • "scheme": "ADMIN_SETS_CREDENTIALS",
    • "userName": "string"
    },
  • "name": "string",
  • "settings": {
    • "identityStoreId": "string",
    • "implicitAssignment": true,
    • "inlineHookId": "string",
    • "notes": {
      },
    • "notifications": {
      },
    • "signOn": {
      }
    }
}
Retrieve an Application
OAuth 2.0: okta.apps.read
Retrieves an application from your Okta organization by id


Request 
path Parameters
appId
required
string
Application ID


 
 Example:  0oafxqCAJWWGELFTYASJ
query Parameters
expand
string
 
Responses 
200
Success


403
Forbidden


404
Not Found


429
Too Many Requests


get/api/v1/apps/{appId}
Request samples 
Response samples 
application/json
{
  • "accessibility": {
    • "errorRedirectUrl": "string",
    • "loginRedirectUrl": "string",
    • "selfService": true
    },
  • "created": "2019-08-24T14:15:22Z",
  • "features": [
    • "string"
    ],
  • "id": "string",
  • "label": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "licensing": {
    • "seatCount": 0
    },
  • "profile": {
    • "property1": { },
    • "property2": { }
    },
  • "signOnMode": "AUTO_LOGIN",
  • "status": "ACTIVE",
  • "visibility": {
    • "appLinks": {
      },
    • "autoLaunch": true,
    • "autoSubmitToolbar": true,
    • "hide": {
      }
    },
  • "_embedded": {
    • "property1": { },
    • "property2": { }
    },
  • "_links": {
    • "accessPolicy": {
      },
    • "activate": {
      },
    • "deactivate": {
      },
    • "groups": {
      },
    • "logo": [
      ],
    • "metadata": {
      },
    • "self": {
      },
    • "users": {
      }
    },
  • "credentials": {
    • "signing": {
      },
    • "userNameTemplate": {
      },
    • "password": {
      },
    • "revealPassword": true,
    • "scheme": "ADMIN_SETS_CREDENTIALS",
    • "userName": "string"
    },
  • "name": "string",
  • "settings": {
    • "identityStoreId": "string",
    • "implicitAssignment": true,
    • "inlineHookId": "string",
    • "notes": {
      },
    • "notifications": {
      },
    • "signOn": {
      }
    }
}
Replace an Application
OAuth 2.0: okta.apps.manage
Replaces an application


Request 
path Parameters
appId
required
string
Application ID


 
 Example:  0oafxqCAJWWGELFTYASJ
Request Body schema: application/json
required
object (ApplicationAccessibility) 
Specifies access settings for the app


 
errorRedirectUrl
string
Custom error page URL for the app


 
loginRedirectUrl
string
Custom login page URL for the app


 
selfService
boolean
Represents whether the app can be self-assignable by users


 
features
Array of strings
Enabled app features


 
label
string (ApplicationLabel) 
User-defined display name for app


 
object (ApplicationLicensing) 
 
seatCount
integer
Number of licenses purchased for the app


 
object
Contains any valid JSON schema for specifying properties that can be referenced from a request (only available to OAuth 2.0 client apps)


 
property name*
additional property
object
 
signOnMode
string (ApplicationSignOnMode) 
Authentication mode for the app


 
object (ApplicationVisibility) 
 
object
Links or icons that appear on the End-User Dashboard when they're assigned to the app


 
property name*
additional property
boolean
 
autoLaunch
boolean
Automatically signs in to the app when user signs into Okta


 
autoSubmitToolbar
boolean
Automatically sign in when user lands on the sign-in page


 
object (ApplicationVisibilityHide) 
Hides the app for specific end-user apps


 
iOS
boolean
 
web
boolean
 
object (ApplicationLinks) 
Discoverable resources related to the app


 
Array of objects (Link Object) 
 
 Array 
object
Describes allowed HTTP verbs for the href


 
href
required
string
Link URI


 
name
string
Link name


 
type
string
The media type of the link. If omitted, it is implicitly application/json.


 
object (SchemeApplicationCredentials) 
Credentials for the specified signOnMode


 
object
 
kid
string
 
rotationMode
string
 
use
string
 Value: "sig"  
object (ApplicationCredentialsUsernameTemplate) 
 
pushStatus
string
 
template
string
 
type
string
 
userSuffix
string
 
object (PasswordCredential) 
When a user has a valid password, imported hashed password, or password hook, and a response object contains
a password credential, then the password object is a bare object without the value property defined (for example, password: {}). This 
indicates that a password value exists. You can modify password policy requirements in the Admin Console by editing the Password
authenticator:  Security > Authenticators > Password (or for Okta Classic orgs, use Security > Authentication > Password).


 
object (PasswordCredentialHash) 
Specifies a hashed password to import into Okta. This allows an existing password to be imported into Okta directly
from some other store. Okta supports the BCRYPT, SHA-512, SHA-256, SHA-1, MD5, and PBKDF2 hash functions for password import.
 A hashed password may be specified in a Password object when creating or updating a user, but not for other operations.
 See Create User with Imported Hashed Password
 for information on using this object when creating a user. When updating a user with a hashed password, the user must be in the STAGED status.


 
object (PasswordCredentialHook) 
Specify a password import inline hook to trigger verification of the user's password
the first time the user logs in. This allows an existing password to be imported into Okta directly from some other store.
See Create User with Password Hook for information on using this object when creating a user.


 
value
string <password> 
Specifies the password for a user. The Password Policy validates this password.


 
revealPassword
boolean
Allow users to securely see their password


 
scheme
string (ApplicationCredentialsScheme) 
 Enum: "ADMIN_SETS_CREDENTIALS" "EDIT_PASSWORD_ONLY" "EDIT_USERNAME_AND_PASSWORD" "EXTERNAL_PASSWORD_SYNC" "SHARED_USERNAME_AND_PASSWORD"  
userName
string
 
name
string
Unique key for the application definition


 
object (AutoLoginApplicationSettings) 
App settings


 
identityStoreId
string
 
implicitAssignment
boolean
 
inlineHookId
string
 
object (ApplicationSettingsNotes) 
 
admin
string
 
enduser
string
 
object (ApplicationSettingsNotifications) 
 
object (ApplicationSettingsNotificationsVpn) 
 
object (AutoLoginApplicationSettingsSignOn) 
 
loginUrl
string
Primary URL of the sign-in page for this app


 
redirectUrl
string
Secondary URL of the sign-in page for this app


 
Responses 
200
Success


400
Bad Request


403
Forbidden


404
Not Found


429
Too Many Requests


put/api/v1/apps/{appId}
Request samples 
application/json
{
  • "accessibility": {
    • "errorRedirectUrl": "string",
    • "loginRedirectUrl": "string",
    • "selfService": true
    },
  • "features": [
    • "string"
    ],
  • "label": "string",
  • "licensing": {
    • "seatCount": 0
    },
  • "profile": {
    • "property1": { },
    • "property2": { }
    },
  • "signOnMode": "AUTO_LOGIN",
  • "visibility": {
    • "appLinks": {
      },
    • "autoLaunch": true,
    • "autoSubmitToolbar": true,
    • "hide": {
      }
    },
  • "_links": {
    • "logo": [
      ]
    },
  • "credentials": {
    • "signing": {
      },
    • "userNameTemplate": {
      },
    • "password": {
      },
    • "revealPassword": true,
    • "scheme": "ADMIN_SETS_CREDENTIALS",
    • "userName": "string"
    },
  • "name": "string",
  • "settings": {
    • "identityStoreId": "string",
    • "implicitAssignment": true,
    • "inlineHookId": "string",
    • "notes": {
      },
    • "notifications": {
      },
    • "signOn": {
      }
    }
}
Response samples 
application/json
{
  • "accessibility": {
    • "errorRedirectUrl": "string",
    • "loginRedirectUrl": "string",
    • "selfService": true
    },
  • "created": "2019-08-24T14:15:22Z",
  • "features": [
    • "string"
    ],
  • "id": "string",
  • "label": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "licensing": {
    • "seatCount": 0
    },
  • "profile": {
    • "property1": { },
    • "property2": { }
    },
  • "signOnMode": "AUTO_LOGIN",
  • "status": "ACTIVE",
  • "visibility": {
    • "appLinks": {
      },
    • "autoLaunch": true,
    • "autoSubmitToolbar": true,
    • "hide": {
      }
    },
  • "_embedded": {
    • "property1": { },
    • "property2": { }
    },
  • "_links": {
    • "accessPolicy": {
      },
    • "activate": {
      },
    • "deactivate": {
      },
    • "groups": {
      },
    • "logo": [
      ],
    • "metadata": {
      },
    • "self": {
      },
    • "users": {
      }
    },
  • "credentials": {
    • "signing": {
      },
    • "userNameTemplate": {
      },
    • "password": {
      },
    • "revealPassword": true,
    • "scheme": "ADMIN_SETS_CREDENTIALS",
    • "userName": "string"
    },
  • "name": "string",
  • "settings": {
    • "identityStoreId": "string",
    • "implicitAssignment": true,
    • "inlineHookId": "string",
    • "notes": {
      },
    • "notifications": {
      },
    • "signOn": {
      }
    }
}
Delete an Application
OAuth 2.0: okta.apps.manage
Deletes an inactive application


Request 
path Parameters
appId
required
string
Application ID


 
 Example:  0oafxqCAJWWGELFTYASJ
Responses 
204
No Content


403
Forbidden


404
Not Found


429
Too Many Requests


delete/api/v1/apps/{appId}
Request samples 
Response samples 
application/json
{
  • "errorCode": "E0000006",
  • "errorSummary": "You do not have permission to perform the requested action",
  • "errorLink": "E0000006",
  • "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
  • "errorCauses": [ ]
}
Activate an Application
OAuth 2.0: okta.apps.manage
Activates an inactive application


Request 
path Parameters
appId
required
string
Application ID


 
 Example:  0oafxqCAJWWGELFTYASJ
Responses 
200
Success


403
Forbidden


404
Not Found


429
Too Many Requests


post/api/v1/apps/{appId}/lifecycle/activate
Request samples 
Response samples 
application/json
{
  • "errorCode": "E0000006",
  • "errorSummary": "You do not have permission to perform the requested action",
  • "errorLink": "E0000006",
  • "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
  • "errorCauses": [ ]
}
Deactivate an Application
OAuth 2.0: okta.apps.manage
Deactivates an active application


Request 
path Parameters
appId
required
string
Application ID


 
 Example:  0oafxqCAJWWGELFTYASJ
Responses 
200
Success


403
Forbidden


404
Not Found


429
Too Many Requests


post/api/v1/apps/{appId}/lifecycle/deactivate
Request samples 
Response samples 
application/json
{
  • "errorCode": "E0000006",
  • "errorSummary": "You do not have permission to perform the requested action",
  • "errorLink": "E0000006",
  • "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
  • "errorCauses": [ ]
}