OAuth Applications

Manage OAuth applications for API access.

List Applications

GET

/o/apps/

Retrieve a list of all OAuth2 applications registered to your account.

Authentication

Requires OAuth 2.0 authentication with read and write scopes.

Example Request

curl -X GET {{BASE_URL}}/o/apps/ \
  -H "Authorization: Bearer your_access_token"

Response

Success Response (200 OK)

[
  {
    "id": 1,
    "name": "Production API",
    "client_id": "prod_client_id_here",
    "client_secret": "prod_client_secret_here",
    "client_type": "confidential"
  },
  {
    "id": 2,
    "name": "Development API",
    "client_id": "dev_client_id_here",
    "client_secret": "dev_client_secret_here",
    "client_type": "confidential"
  }
]

Response Fields

The response is an array of application objects with the following fields:

Field	Type	Description
`id`	integer	Application ID
`name`	string	Application display name
`client_id`	string	OAuth2 client ID
`client_secret`	string	OAuth2 client secret
`client_type`	string	Client type (e.g., "confidential")

Create Application

POST

/o/apps/

Create a new OAuth2 application. Returns the client ID and secret for the new application.

Authentication

Requires OAuth 2.0 authentication with read and write scopes.

Request Body

Parameter	Type	Required	Description
`name`	string	Yes	A descriptive name for the application

Example Request

curl -X POST {{BASE_URL}}/o/apps/ \
  -H "Authorization: Bearer your_access_token" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "My New Application"
  }'

Response

Success Response (201 Created)

{
  "id": 3,
  "client_id": "new_client_id_here",
  "client_secret": "new_client_secret_here"
}

Response Fields

Field	Type	Description
`id`	integer	Application ID
`client_id`	string	OAuth2 client ID for authentication
`client_secret`	string	OAuth2 client secret for authentication

Important

Store the client_secret securely. It is returned in the creation response and can also be retrieved via the list endpoint, but should be treated as sensitive.

Delete Application

DELETE

/o/apps/{id}/

Delete an OAuth2 application. All tokens issued for this application will be invalidated.

Authentication

Requires OAuth 2.0 authentication with read and write scopes.

Path Parameters

Parameter	Type	Description
`id`	integer	The ID of the application to delete

Example Request

curl -X DELETE {{BASE_URL}}/o/apps/3/ \
  -H "Authorization: Bearer your_access_token"

Response

Success Response (204 No Content)

No response body is returned on successful deletion.

Error Responses

404 Not Found

{
  "error": {
    "code": "not_found",
    "message": "Application not found",
    "details": {}
  }
}

Usage Examples

Application Lifecycle

async function manageApps(accessToken) {
  const baseUrl = '{{BASE_URL}}/o/apps/';
  const headers = {
    'Authorization': `Bearer ${accessToken}`,
    'Content-Type': 'application/json'
  };

  // List existing apps
  const listResponse = await fetch(baseUrl, { headers });
  const apps = await listResponse.json();
  console.log(`Found ${apps.length} application(s)`);

  // Create a new app
  const createResponse = await fetch(baseUrl, {
    method: 'POST',
    headers,
    body: JSON.stringify({ name: 'Staging API' })
  });
  const newApp = await createResponse.json();
  console.log(`Created app: ${newApp.client_id}`);
  console.log(`Secret: ${newApp.client_secret}`);

  // Delete an app
  await fetch(`${baseUrl}${newApp.id}/`, {
    method: 'DELETE',
    headers
  });
  console.log('App deleted');
}

Python Example

import requests

def list_apps(access_token):
    """List all OAuth applications."""
    response = requests.get(
        '{{BASE_URL}}/o/apps/',
        headers={'Authorization': f'Bearer {access_token}'}
    )

    if response.status_code == 200:
        apps = response.json()
        for app in apps:
            print(f"ID: {app['id']}, Name: {app['name']}, Client ID: {app['client_id']}")
        return apps

def create_app(name, access_token):
    """Create a new OAuth application."""
    response = requests.post(
        '{{BASE_URL}}/o/apps/',
        json={'name': name},
        headers={'Authorization': f'Bearer {access_token}'}
    )

    if response.status_code == 201:
        app = response.json()
        print(f"Client ID: {app['client_id']}")
        print(f"Client Secret: {app['client_secret']}")
        return app

Security Best Practices

Create separate applications for different environments (development, staging, production)
Store client secrets securely using environment variables or a secrets manager
Delete applications that are no longer needed
Rotate credentials periodically by creating a new application and deleting the old one

List Applications​

Authentication

Example Request

Response

Success Response (200 OK)

Response Fields

Create Application​

Authentication

Request Body

Example Request

Response

Success Response (201 Created)

Response Fields

Important

Delete Application​

Authentication

Path Parameters

Example Request

Response

Success Response (204 No Content)

Error Responses

404 Not Found

Usage Examples​

Application Lifecycle​

Python Example​

Security Best Practices​

List Applications

Create Application

Delete Application

Usage Examples

Application Lifecycle

Python Example

Security Best Practices