Apps API

The Apps API reference is now available at the new Okta API reference portal (opens new window).

Explore the Okta Public API Collections (opens new window) workspace to get started with the Applications API.

Application operations

The Application operations reference is now available at the new Okta API reference portal (opens new window) as the Applications API (opens new window).

Add application

See Create an Application (opens new window) in the new Okta API reference portal (opens new window).

Add Bookmark application

See Create a BOOKMARK Application (opens new window) in the new Okta API reference portal (opens new window).

Add Basic Authentication application

See Create a BASIC_AUTH Application (opens new window) in the new Okta API reference portal (opens new window).

Add Okta Org2Org application

See Create an Org2Org app instance (opens new window) in the new Okta API reference portal (opens new window).

Add an OIN SAML 2.0 Authentication app

The request payload to create a SAML 2.0 authentication OIN app instance is available in the Applications Schema (opens new window) section of the new Okta API reference portal (opens new window).

Specify the following required parameters for an OIN app:

• The name field is required, which identifies the OIN app definition for the instance that you want to create.
• Specify SAML_2_0 in the required signOnMode parameter.

Add plugin SWA application

See Create a BROWSER_PLUGIN Application (opens new window) in the new Okta API reference portal (opens new window).

Add plugin SWA (3 field) application

See Create a BROWSER_PLUGIN Application (opens new window) in the new Okta API reference portal (opens new window).

Add SWA application (no plugin)

See Create a SECURE_PASSWORD_STORE Application (opens new window) in the new Okta API reference portal (opens new window).

Add custom SWA application

See Create an AUTO_LOGIN Application (opens new window) in the new Okta API reference portal (opens new window).

Add custom SAML application

See Create a SAML_2_0 Application (opens new window) in the new Okta API reference portal (opens new window).

Add WS-Federation application

See Create a WS_FEDERATION Application (opens new window) in the new Okta API reference portal (opens new window).

Add OAuth 2.0 client application

See Create an OAuth 2.0 client Application (opens new window) in the new Okta API reference portal (opens new window).

Note: The refresh_token Early Access parameter is visible only if the client has refresh_token defined as one of its allowed grant_types. See Refresh token object.

Note: The parameters backchannel_token_delivery_mode, backchannel_authentication_request_signing_alg, and backchannel_custom_authenticator_id appear only if the client has urn:openid:params:grant-type:ciba defined as one of its allowed grant_types. Identity Engine

Note: If the dpop_bound_access_tokens parameter is set to true, then the client_credentials and implicit grant_types parameters aren't allowed. Early Access

Notes:

• Apps created on /api/v1/apps default to consent_method=TRUSTED, while those created on /api/v1/clients default to consent_method=REQUIRED.
• If you request a scope that requires consent while using the client_credentials flow, an error is returned. Because there is no user, no consent can be given.
• If the prompt value is set to NONE, but the consent_method and the consent values are set to REQUIRED, then an error occurs.
• You can configure the tos_uri, policy_uri, and logo-uri properties in the App Wizard and on the General tab in the Admin Console. You can also set these properties using the Dynamic Client Registration API (opens new window).
• The consent_method property can be configured in the App Wizard and on the General tab in the Admin Console, but cannot be set using the Dynamic Client Registration API.
• After an app is created, you can't change the application_type.

Create an app with a Profile object

To include app-specific information that you want to reference later, such as in a token claim, add those parameters within the app Profile object when you create an app. An Profile object is a container for any valid JSON schema that you can reference from a request. You can only add the Profile object to OAuth 2.0 client applications.

The following example shows how to add an app label parameter to the Profile object when creating an app.

Note: See Update application level profile attributes for an update example.

curl -v -X POST \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "Authorization: SSWS ${api_token}" \
-d '{
    "name": "oidc_client",
    "label": "Sample Client profile",
    "signOnMode": "OPENID_CONNECT",
    "credentials": {
      "oauthClient": {
        "token_endpoint_auth_method": "client_secret_post"
        }
    },
    "profile": {
        "label": "oauth2 client app 1"
        },
    "settings": {
      "oauthClient": {
        "client_uri": "http://localhost:8080",
        "logo_uri": "http://developer.okta.com/assets/images/logo-new.png",
        "redirect_uris": [
          "https://example.com/oauth2/callback",
          "myapp://callback"
        ],
        "response_types": [
          "token",
          "id_token",
          "code"
        ],
        "grant_types": [
          "implicit",
          "authorization_code"
        ],
        "application_type": "native",
        "participate_slo": false
      }
    }
}' "https://${yourOktaDomain}/api/v1/apps"

-->

Get application

See Retrieve an Applications (opens new window) in the new Okta API reference portal (opens new window).

List applications

See List all Applications (opens new window) in the new Okta API reference portal (opens new window).

Update application

See Replace an Application (opens new window) in the new Okta API reference portal (opens new window).

Delete application

See Delete an Application (opens new window) in the new Okta API reference portal (opens new window).

Update application policy

The Application policy operation reference is now available at the new Okta API reference portal (opens new window) as the Application Policies API (opens new window).

Application lifecycle operations

The Application lifecycle operations reference is now available at the new Okta API reference portal (opens new window) as Activate an Application (opens new window) and Deactivate an Application (opens new window).

Application user operations

The Application user operations reference is now available at the new Okta API reference portal (opens new window) as the Application Users API (opens new window).

Application group operations

The Application group operations reference is now available at the new Okta API reference portal (opens new window) as the Application Groups API (opens new window).

Application key store operations

The application key store operations reference is now available at the new Okta API reference portal (opens new window) as the Application Key Credentials API (opens new window).

Preview SAML metadata for application

The Application SAML metadata preview reference is now available at the new Okta API reference portal (opens new window) as the Application SSO API (opens new window).

Application client secret management operations

The Application client secret management operations reference is now available at the new Okta API reference portal (opens new window) as the Application Client Auth Credentials API (opens new window).

Application client JSON Web Key management operations

The Application client JSON Web Key management operations reference is now available at the new Okta API reference portal (opens new window) as the Application Client Auth Credentials API (opens new window).

Application OAuth 2.0 role assignment operations

The Application OAuth 2.0 role assignment operations reference is now available at the new Okta API reference portal (opens new window) as the Client Role Assignments API (opens new window).

Application OAuth 2.0 scope consent grant operations

The Application OAuth 2.0 scope consent grant operations reference is now available at the new Okta API reference portal (opens new window) as the Application Grants API (opens new window).

Application OAuth 2.0 token operations

The Application OAuth 2.0 token operations reference is now available at the new Okta API reference portal (opens new window) as the Application Tokens API (opens new window).

Application logo operations

The Application logo operations reference is now available at the new Okta API reference portal (opens new window) as the Application Logos API (opens new window).

Application Provisioning Connection operations

The Application provisioning connection operations reference is now available at the new Okta API reference portal (opens new window) as the Application Connections API (opens new window).

Application Feature operations

The Application Feature operations reference is now available at the new Okta API reference portal (opens new window) as the Application Features API (opens new window).

Models

• Idp-Initiated Login object
• Refresh Token object
• Application object
• Application User object
• Application Group object

Idp-Initiated Login object

See Application - settings.oauthClient.idp_initiated_login (opens new window) in the new Okta API reference portal (opens new window).

Refresh token object

See Application - settings.oauthClient.refresh_token (opens new window) in the new Okta API reference portal (opens new window).

Application object

See Application object in the response (opens new window) in the new Okta API reference portal (opens new window).

Application Credentials object

See Application - credentials (opens new window) in the new Okta API reference portal (opens new window).

Profile object

See profile (opens new window) in the new Okta API reference portal (opens new window).

Application User object

See Application User (opens new window) in the new Okta API reference portal (opens new window).

Application Group object

See Application Group (opens new window) in the new Okta API reference portal (opens new window).