Applications API
Reference for the Applications endpoint group — 7 endpoints.
Generated from the live OpenAPI spec. Re-run _generate_api_reference.py after backend changes.
Authentication#
All endpoints require a Bearer JWT in the Authorization header unless noted otherwise. See Concepts → Tokens and scopes and Reference → OAuth endpoints for how to obtain one.
Endpoints#
GET /api/v1/admin/applications/#
List Applications
List applications based on admin's access level.
Visibility rules:
- Super admins: All applications
- Partner admins: Global apps + Partner apps for their partner + Tenant apps in their partner's tenants
- Tenant admins: Global apps + Partner apps for their parent partner + Tenant apps for their tenant
Parameters:
| Name | In | Required | Type | Description |
|---|---|---|---|---|
page |
query | no | integer |
|
per_page |
query | no | integer |
|
tenant_id |
query | no | string | null |
|
partner_id |
query | no | string | null |
Filter by partner (all tenants in partner) |
scope |
query | no | string | null |
Filter by scope: GLOBAL, PARTNER, TENANT |
application_type |
query | no | string | null |
|
search |
query | no | string | null |
|
authorization |
header | no | string | null |
Responses:
| Status | Body |
|---|---|
200 |
application/json → any |
422 |
application/json → HTTPValidationError |
POST /api/v1/admin/applications/#
Create Application
Create a new application (OAuth client).
Scope rules:
- Super admin: Can create any scope (GLOBAL, PARTNER, TENANT)
- Partner admin: Can create PARTNER (for their partner) or TENANT (for tenants in their partner)
- Tenant admin: Can only create TENANT scope for their tenant
Parameters:
| Name | In | Required | Type | Description |
|---|---|---|---|---|
authorization |
header | no | string | null |
Request body:
Required.
application/json→ object
Responses:
| Status | Body |
|---|---|
201 |
application/json → any |
422 |
application/json → HTTPValidationError |
DELETE /api/v1/admin/applications/{application_id}#
Delete Application
Soft delete an application.
Parameters:
| Name | In | Required | Type | Description |
|---|---|---|---|---|
application_id |
path | yes | string |
|
authorization |
header | no | string | null |
Responses:
| Status | Body |
|---|---|
204 |
Successful Response |
422 |
application/json → HTTPValidationError |
GET /api/v1/admin/applications/{application_id}#
Get Application
Get an application by ID.
Parameters:
| Name | In | Required | Type | Description |
|---|---|---|---|---|
application_id |
path | yes | string |
|
authorization |
header | no | string | null |
Responses:
| Status | Body |
|---|---|
200 |
application/json → any |
422 |
application/json → HTTPValidationError |
PATCH /api/v1/admin/applications/{application_id}#
Update Application
Update an application.
Parameters:
| Name | In | Required | Type | Description |
|---|---|---|---|---|
application_id |
path | yes | string |
|
authorization |
header | no | string | null |
Request body:
Required.
application/json→ object
Responses:
| Status | Body |
|---|---|
200 |
application/json → any |
422 |
application/json → HTTPValidationError |
GET /api/v1/admin/applications/{application_id}/effective-users#
Get Application Effective Users
Get all users who have access to an application across all tenants.
This endpoint is designed for GLOBAL applications that need to sync users across all tenants. It returns users who have been assigned access either directly or via group membership.
Authentication:
- Admin users with appropriate access can query any application
- Applications can query their own effective users using their platform token (no admin:read scope required when querying own data)
For GLOBAL apps: Returns users from all tenants For PARTNER apps: Returns users from all tenants in the partner For TENANT apps: Returns users from that tenant only
Response includes tenant information for each user to support multi-tenant sync.
Parameters:
| Name | In | Required | Type | Description |
|---|---|---|---|---|
application_id |
path | yes | string |
|
page |
query | no | integer |
|
per_page |
query | no | integer |
|
tenant_id |
query | no | string | null |
Filter by specific tenant |
authorization |
header | no | string | null |
Responses:
| Status | Body |
|---|---|
200 |
application/json → any |
422 |
application/json → HTTPValidationError |
POST /api/v1/admin/applications/{application_id}/rotate-secret#
Rotate Application Secret
Rotate an application's client secret.
Parameters:
| Name | In | Required | Type | Description |
|---|---|---|---|---|
application_id |
path | yes | string |
|
authorization |
header | no | string | null |
Responses:
| Status | Body |
|---|---|
200 |
application/json → any |
422 |
application/json → HTTPValidationError |
Schemas#
Definitions for every type referenced by the endpoints above. Schema-to-schema references on this page link within the page; cross-page references would require visiting the linked page.
HTTPValidationError#
| Field | Type | Required | Description |
|---|---|---|---|
detail |
array of ValidationError |
no |
ValidationError#
| Field | Type | Required | Description |
|---|---|---|---|
loc |
array of string | integer |
yes | |
msg |
string |
yes | |
type |
string |
yes |