Application Interclient Trust Mappings

Resource to manage interclient trust mappings for an app

List all allowed apps for a target app
Early AccessIdentity Engine
OAuth 2.0 scope:
  • okta.apps.interclientTrust.read

Lists all apps allowed by this app to request interclient SSO using the interclient token

Request
path Parameters
appId
required
string

Application ID

Example: 0oafxqCAJWWGELFTYASJ
Responses
200

Success

401

Unauthorized

403

Forbidden

404

Not Found

429

Too Many Requests

get/api/v1/apps/{appId}/interclient-allowed-apps
Request samples 
Response samples 
application/json
[
  • "0oa1elyw9EAkUNUrW0g5",
  • "0oa5mihmA6vMpXcm50g5",
  • "0oa89ks1irGAcYwXw0g5"
]
Create an allowed app mapping for a target app
Early AccessIdentity Engine
OAuth 2.0 scope: 
  • okta.apps.interclientTrust.manage
Creates a mapping between the target app and an allowed app for interclient SSO using the interclient token


Request 
path Parameters
appId
required
string
Application ID


 
 Example:  0oafxqCAJWWGELFTYASJ
Request Body schema: application/json
required
id
string
App ID of the allowed app


 
Responses 
201
Created


400
Bad Request


401
Unauthorized


403
Forbidden


429
Too Many Requests


post/api/v1/apps/{appId}/interclient-allowed-apps
Request samples 
application/json
{
  • "id": "0oa89ks1irGAcYwXw0g5"
}
Response samples 
application/json
[
  • {
    • "id": "itmahqusSr3v8Kk3B0g5",
    • "orgId": "00o102n9p4vX126Gp0g5",
    • "appInstanceId": "0oa8ghelqWXs70qD80g5",
    • "trustedAppInstanceId": "0oa5kw6q51dFckBE70g5",
    • "created": "2025-11-25T22:44:06.000Z",
    • "lastUpdated": "2025-11-25T22:44:06.000Z",
    • "lastUpdatedBy": "00u102rhXmxEGFKiB0g5"
    }
]
Delete an interclient trust mapping
Early AccessIdentity Engine
OAuth 2.0 scope: 
  • okta.apps.interclientTrust.manage
Deletes the mapping between the target app and an allowed app


Request 
path Parameters
appId
required
string
Application ID


 
 Example:  0oafxqCAJWWGELFTYASJ
allowedAppId
required
string
App ID of the allowed app instance to delete mapping from the target app.


 
 Example:  0oa1elyw9EAkUNUrW0g5
Responses 
204
No Content


401
Unauthorized


403
Forbidden


404
Not Found


429
Too Many Requests


delete/api/v1/apps/{appId}/interclient-allowed-apps/{allowedAppId}
Request samples 
Response samples 
application/json
{
  • "errorCode": "E0000011",
  • "errorSummary": "Invalid token provided",
  • "errorLink": "E0000011",
  • "errorId": "sampleQPivGUj_ND5v78vbYWW",
  • "errorCauses": [ ]
}
List all target apps for an allowed app
Early AccessIdentity Engine
OAuth 2.0 scope: 
  • okta.apps.interclientTrust.read
Lists all the target apps that allow this app to request interclient SSO using an interclient token


Request 
path Parameters
appId
required
string
Application ID


 
 Example:  0oafxqCAJWWGELFTYASJ
Responses 
200
Success


401
Unauthorized


403
Forbidden


404
Not Found


429
Too Many Requests


get/api/v1/apps/{appId}/interclient-target-apps
Request samples 
Response samples 
application/json
[
  • "0oa1elyw9EAkUNUrW0g5",
  • "0oa5mihmA6vMpXcm50g5",
  • "0oa89ks1irGAcYwXw0g5"
]