--- title: Applications API path: reference/api/applications status: published --- # Applications API Reference for the `Applications` endpoint group — 7 endpoints. Generated from the live OpenAPI spec. Re-run `_generate_api_reference.py` after backend changes. ## Authentication All endpoints require a Bearer JWT in the `Authorization` header unless noted otherwise. See [Concepts → Tokens and scopes](/docs/scaikey/concepts/tokens-and-scopes) and [Reference → OAuth endpoints](/docs/scaikey/reference/oauth-endpoints) for how to obtain one. ## Endpoints ### **GET** `/api/v1/admin/applications/` _List Applications_ List applications based on admin's access level. Visibility rules: - Super admins: All applications - Partner admins: Global apps + Partner apps for their partner + Tenant apps in their partner's tenants - Tenant admins: Global apps + Partner apps for their parent partner + Tenant apps for their tenant **Parameters:** | Name | In | Required | Type | Description | |---|---|---|---|---| | `page` | query | no | `integer` | | | `per_page` | query | no | `integer` | | | `tenant_id` | query | no | `string` \| `null` | | | `partner_id` | query | no | `string` \| `null` | Filter by partner (all tenants in partner) | | `scope` | query | no | `string` \| `null` | Filter by scope: GLOBAL, PARTNER, TENANT | | `application_type` | query | no | `string` \| `null` | | | `search` | query | no | `string` \| `null` | | | `authorization` | header | no | `string` \| `null` | | **Responses:** | Status | Body | |---|---| | `200` | `application/json` → _any_ | | `422` | `application/json` → [`HTTPValidationError`](#schema-httpvalidationerror) | --- ### **POST** `/api/v1/admin/applications/` _Create Application_ Create a new application (OAuth client). Scope rules: - Super admin: Can create any scope (GLOBAL, PARTNER, TENANT) - Partner admin: Can create PARTNER (for their partner) or TENANT (for tenants in their partner) - Tenant admin: Can only create TENANT scope for their tenant **Parameters:** | Name | In | Required | Type | Description | |---|---|---|---|---| | `authorization` | header | no | `string` \| `null` | | **Request body:** Required. - `application/json` → object **Responses:** | Status | Body | |---|---| | `201` | `application/json` → _any_ | | `422` | `application/json` → [`HTTPValidationError`](#schema-httpvalidationerror) | --- ### **DELETE** `/api/v1/admin/applications/{application_id}` _Delete Application_ Soft delete an application. **Parameters:** | Name | In | Required | Type | Description | |---|---|---|---|---| | `application_id` | path | yes | `string` | | | `authorization` | header | no | `string` \| `null` | | **Responses:** | Status | Body | |---|---| | `204` | Successful Response | | `422` | `application/json` → [`HTTPValidationError`](#schema-httpvalidationerror) | --- ### **GET** `/api/v1/admin/applications/{application_id}` _Get Application_ Get an application by ID. **Parameters:** | Name | In | Required | Type | Description | |---|---|---|---|---| | `application_id` | path | yes | `string` | | | `authorization` | header | no | `string` \| `null` | | **Responses:** | Status | Body | |---|---| | `200` | `application/json` → _any_ | | `422` | `application/json` → [`HTTPValidationError`](#schema-httpvalidationerror) | --- ### **PATCH** `/api/v1/admin/applications/{application_id}` _Update Application_ Update an application. **Parameters:** | Name | In | Required | Type | Description | |---|---|---|---|---| | `application_id` | path | yes | `string` | | | `authorization` | header | no | `string` \| `null` | | **Request body:** Required. - `application/json` → object **Responses:** | Status | Body | |---|---| | `200` | `application/json` → _any_ | | `422` | `application/json` → [`HTTPValidationError`](#schema-httpvalidationerror) | --- ### **GET** `/api/v1/admin/applications/{application_id}/effective-users` _Get Application Effective Users_ Get all users who have access to an application across all tenants. This endpoint is designed for GLOBAL applications that need to sync users across all tenants. It returns users who have been assigned access either directly or via group membership. Authentication: - Admin users with appropriate access can query any application - Applications can query their own effective users using their platform token (no admin:read scope required when querying own data) For GLOBAL apps: Returns users from all tenants For PARTNER apps: Returns users from all tenants in the partner For TENANT apps: Returns users from that tenant only Response includes tenant information for each user to support multi-tenant sync. **Parameters:** | Name | In | Required | Type | Description | |---|---|---|---|---| | `application_id` | path | yes | `string` | | | `page` | query | no | `integer` | | | `per_page` | query | no | `integer` | | | `tenant_id` | query | no | `string` \| `null` | Filter by specific tenant | | `authorization` | header | no | `string` \| `null` | | **Responses:** | Status | Body | |---|---| | `200` | `application/json` → _any_ | | `422` | `application/json` → [`HTTPValidationError`](#schema-httpvalidationerror) | --- ### **POST** `/api/v1/admin/applications/{application_id}/rotate-secret` _Rotate Application Secret_ Rotate an application's client secret. **Parameters:** | Name | In | Required | Type | Description | |---|---|---|---|---| | `application_id` | path | yes | `string` | | | `authorization` | header | no | `string` \| `null` | | **Responses:** | Status | Body | |---|---| | `200` | `application/json` → _any_ | | `422` | `application/json` → [`HTTPValidationError`](#schema-httpvalidationerror) | --- ## Schemas Definitions for every type referenced by the endpoints above. Schema-to-schema references on this page link within the page; cross-page references would require visiting the linked page. ### `HTTPValidationError` | Field | Type | Required | Description | |---|---|---|---| | `detail` | array of [`ValidationError`](#schema-validationerror) | no | | ### `ValidationError` | Field | Type | Required | Description | |---|---|---|---| | `loc` | array of `string` \| `integer` | yes | | | `msg` | `string` | yes | | | `type` | `string` | yes | |