Create Application

post

https://Use API Lookup for a base URL/apps

Create a new application.

A new app will be created and a clientId will be automatically generated and assigned to it.
The application will be created in the same realm the user/app belongs to. This information is obtained from the User/Client Access Token.
The user/app creating the app will be granted permission to 'manage' and delegate application management ('share'). This user/app can now delegate access to the application in more granular fashion (all sharable actions - read, write, manage, share) to another identity in his realm via the share/grants APIs.
The app created by an app will inherit the creator user id of the caller app. The creator user id does not get permissions to the new app.
Any authenticated user has access to create an application.
Any authenticated app that has the 'appCreationEnabled' property enabled by any of its managers has access to create an application.

Access Control:

The calling principal must be in a realm of type "olp".
The calling principal must have "createApp" action permission in the "account" service.
The calling principal MUST NOT include a project scope.

Body Params

clientId

string

Identifier for the client/application. If provided, identifier should be present and active in Druid.

name

string

required

Human readable name of the client. This field is required unless a clientId is provided.

description

string

Prose description of the client

redirectUris

array of uris

List of redirect Uris. should be fully qualified HTTPS URIs without any fragments (HTTP is only supported for localhost development). At least one Redirect URI should be registered if the response types is non-empty. Redirect URI as defined in OAuth2 specification: https://tools.ietf.org/html/rfc6749#section-3.1.2

redirectUris

allowedScopes

array of strings

List of Strings representing the scopes. This field is required when the response types is non-empty. For more details see here.

allowedScopes

tokenEndpointAuthMethod

string

enum

The default value will be "client_secret_jwt" if the field is not included in the request body.Please check here for further details.

Allowed:

tokenEndpointAuthMethodReason

string

length ≥ 20

This needs to be included only if "tokenEndpointAuthMethod" is not equal to client_secret_jwt. The reason for choosing a less secure tokenEndpoint auth method needs to be provided here. Minimum 20 characters required.

dobRequired

boolean

Flag indicating whether or not application users are required to provide their date of birth.

true - the user must supply their DOB false - the user can use self-service and indicate "yes I am over age X"

Collection of users date of birth is required for compliance with Article 8 of the General Data Protection Regulation. For more details see here

tokenDuration

integer

default duration in seconds for the token issued to this application. It has be a non-zero value, less than or equal to 24 hours (86400) or the max allowed for the realm via the realm setting.

responseTypes

array of strings

Valid value is "code". If the responseTypes value is "id_token" or ["token", "id_token"], then the allowedScopes value must contain "openid". For more details see here and here.

responseTypes

referrers

array of strings

length ≤ 20

List Referrer URLs to register/registered with Application

On create/update: if the parameter is not present, the current value(s) are unchanged. If empty list specified, current value(s) will be reset to empty list.
Value has a min length of 1 char and max of 255 chars.
Wildcards are NOT allowed. The only valid characters: alphanumerics, '-', '_', '.', '/'
The protocol is NOT specified, i.e. no http:// or https://
Some examples: here.com, localhost, 127.0.0.1, www.example.com/hello/world/
A port may be specified. Ex. localhost:1234
Maximum of 20 Referrer URLs are allowed per application.

referrers

allowedRealmTypes

array of strings

List of realmTypes from which this client is allowed to request user access tokens when using either the OAuth2 or OpenID protocols.

allowedRealmTypes

deviceTokenCreationEnabled

boolean

If the application allows token creation for linked anonymous devices.

deviceApiCallRateLimitPer15Minutes

integer

1 to 1000

The rate limit per 15 minutes for linked anonymous devices. Property deviceTokenCreationEnabled needs to be true and a value needs to be set for property deviceApiCallRateLimitPer15Minutes to enable this rate limit. Otherwise the rate limit defaults to the client level rate limit.

Headers

X-Correlation-ID

string

Correlates HTTP requests between a client and server. If not present in the incoming request, it will be generated. This header and value will be included in all loglines including access logs. It will also be propagated to downstream services and returned in the response.

X-Request-ID

string

The unique for the request, used to track this request within the service. X-Request-ID value is NOT propagated to the downstream services.

Responses

200OK

400Invalid input provided, see error response for details

401Access is denied due to invalid credentials

403You do not have permission to perform this action