Get application
The endpoint provides functionality to get an application.
The following application types are supported:
Using OAuth 2.0 / OIDC protocol
- Single-page application (
spa
) - Regular web application (
webOauth
) - Native application (
nat
) - Server-to-server application (
s2s
)
- Single-page application (
Using SAML 2.0 protocol
- Regular web application (
webSaml
)
- Regular web application (
HTTP request
GET https://$instanceId.id.nevis.cloud/nevis/api/v1/applications/$applicationId
Parameters
Parameter | In | Type | Required / Optional | Description |
---|---|---|---|---|
instanceId | path | string | required | The ID of your Identity Cloud instance |
applicationId | path | string | required | The ID of the application |
Example request
Set the ID of the application
applicationId=your-application-id-123
curl --request GET "https://$instanceId.id.nevis.cloud/nevis/api/v1/applications/$applicationId" \
--header "Authorization: Bearer $accessKey"
HTTP response
On success
HTTP/1.1 200
is returned if the application is found.
Response body
spa
Parameter | Type | Description |
---|---|---|
applicationId | string | The identifier of the application. |
name | string | The name of the application. |
type | string | The type of the application; Value: spa |
protocol | string | The protocol of the application; Value: oauthOidc |
spa.clientId | string | The unique public identifier of the application. |
spa.allowedReturnUris | string[] | The user is redirected to the Return URI after successfully authorizing the application. This can be a classic URL, or a custom scheme URL that triggers a mobile application. |
spa.accessTokenLifetime | string | The lifetime of the issued access tokens for the application in minutes. |
spa.idTokenLifetime | string | The lifetime of the issued ID tokens for the application in minutes. |
spa.refreshTokenLifetime | string | The lifetime of the issued refresh tokens for the application in days. |
spa.authorizationEndpoint | string | The endpoint is provided by Identity Cloud. This endpoint can be used to request an authorization code by performing an end-user authentication. |
spa.tokenEndpoint | string | The endpoint is provided by Identity Cloud. The endpoint used for the token request. |
spa.metadataEndpoint | string | The endpoint is provided by Identity Cloud. The endpoint used for OpenID Connect Well-Known Configuration request. |
spa.identityCloudIssuer | string | The issuer of Identity Cloud. The Identity Cloud issuer is included as an Issuer Claim (iss) in ID tokens and access tokens generated by Identity Cloud. |
spa.identityCloudSignerCertificate | string | The X.509 signer certificate for Identity Cloud which required to validate the signature. |
webOauth
Parameter | Type | Description |
---|---|---|
applicationId | string | The identifier of the application. |
name | string | The name of the application. |
type | string | The type of the application; Value: web |
protocol | string | The protocol of the application; Value: oauthOidc |
webOauth.clientId | string | The unique public identifier of the application. |
webOauth.clientSecret | string | The client secret of the application |
webOauth.allowedReturnUris | string[] | The user is redirected to the Return URI after successfully authorizing the application. This can be a classic URL, or a custom scheme URL that triggers a mobile application. |
webOauth.accessTokenLifetime | string | The lifetime of the issued access tokens for the application in minutes. |
webOauth.idTokenLifetime | string | The lifetime of the issued ID tokens for the application in minutes. |
webOauth.refreshTokenLifetime | string | The lifetime of the issued refresh tokens for the application in days. |
webOauth.authorizationEndpoint | string | The endpoint is provided by Identity Cloud. This endpoint can be used to request an authorization code by performing an end-user authentication. |
webOauth.tokenEndpoint | string | The endpoint is provided by Identity Cloud. The endpoint used for the token request. |
webOauth.metadataEndpoint | string | The endpoint is provided by Identity Cloud. The endpoint used for OpenID Connect Well-Known Configuration request. |
webOauth.identityCloudIssuer | string | The issuer of Identity Cloud. The Identity Cloud issuer is included as an Issuer Claim (iss) in ID tokens and access tokens generated by Identity Cloud. |
webOauth.identityCloudSignerCertificate | string | The X.509 signer certificate for Identity Cloud which required to validate the signature. |
nat
Parameter | Type | Description |
---|---|---|
applicationId | string | The identifier of the application. |
name | string | The name of the application. |
type | string | The type of the application; Value: nat |
protocol | string | The protocol of the application; Value: oauthOidc |
nat.clientId | string | The unique public identifier of the application. |
nat.allowedReturnUris | string[] | The user is redirected to the Return URI after successfully authorizing the application. This can be a classic URL, or a custom scheme URL that triggers a mobile application. |
nat.accessTokenLifetime | string | The lifetime of the issued access tokens for the application in minutes. |
nat.idTokenLifetime | string | The lifetime of the issued ID tokens for the application in minutes. |
nat.refreshTokenLifetime | string | The lifetime of the issued refresh tokens for the application in days. |
nat.authorizationEndpoint | string | The endpoint is provided by Identity Cloud. This endpoint can be used to request an authorization code by performing an end-user authentication. |
nat.tokenEndpoint | string | The endpoint is provided by Identity Cloud. The endpoint used for the token request. |
nat.metadataEndpoint | string | The endpoint is provided by Identity Cloud. The endpoint used for OpenID Connect Well-Known Configuration request. |
nat.identityCloudIssuer | string | The issuer of Identity Cloud. The Identity Cloud issuer is included as an Issuer Claim (iss) in ID tokens and access tokens generated by Identity Cloud. |
nat.identityCloudSignerCertificate | string | The X.509 signer certificate for Identity Cloud which required to validate the signature. |
s2s
Parameter | Type | Description |
---|---|---|
applicationId | string | The identifier of the application. |
name | string | The name of the application. |
type | string | The type of the application; Value: s2s |
protocol | string | The protocol of the application; Value: oauthOidc |
s2s.clientId | string | The unique public identifier of the application. |
s2s.clientSecret | string | The client secret of the application. |
s2s.accessTokenLifetime | string | The lifetime of the issued access tokens for the application in minutes. |
s2s.tokenEndpoint | string | The endpoint is provided by Identity Cloud. The endpoint used for the token request. |
s2s.tokenIntrospectionEndpoint | string | The endpoint is provided by Identity Cloud. The endpoint used for validating access tokens. |
s2s.metadataEndpoint | string | The endpoint is provided by Identity Cloud. The endpoint used for OpenID Connect Well-Known Configuration request. |
s2s.identityCloudIssuer | string | The issuer of Identity Cloud. The Identity Cloud issuer is included as an Issuer Claim (iss) in ID tokens and access tokens generated by Identity Cloud. |
s2s.identityCloudSignerCertificate | string | The X.509 signer certificate for Identity Cloud which required to validate the signature. |
webSaml
Parameter | Type | Description |
---|---|---|
applicationId | string | The identifier of the application. |
name | string | The name of the application. |
type | string | The type of the application; Value: web |
protocol | string | The protocol of the application; Value: saml |
webSaml.issuer | string | The issuer is the unique identifier of the SP, typically in URL format. |
webSaml.subject | string | The subject contains an identifier of the user as known to Identity Cloud; Values: email , userId |
webSaml.outboundBinding | string | The outbound binding specifies how the SAML messages are returned to the initiating application. Values: httpPost , httpRedirect |
webSaml.assertionConsumerServiceUrl | string | The URL, to which the SAML response is returned after successful authentication. |
webSaml.audience | string | SP verifies if Audience matches the recipient of a SAML response. Audience has a URL format. |
webSaml.x509SignerCertificate | string | The X509 Signer Certificate is needed if your SP signs the AuthnRequest. The certificate is encoded in PEM format. |
webSaml.metadataEndpoint | string | The endpoint is provided by Identity Cloud. The Metadata endpoint returns SAML metadata in XML format. The metadata can be used by Service Providers (SPs) to configure their SAML integration with Identity Cloud. |
webSaml.ssoServiceUrl | string | SSO service URL is the URL of the SAML 2.0 IdP. |
webSaml.identityCloudIssuer | string | The issuer of Identity Cloud. Identity Cloud uses the value of Identity Cloud issuer for the 'Issuer' in the SAML response. It is generated by Identity Cloud based on your domain. |
webSaml.identityCloudSignerCertificate | string | The X.509 certificate generated by Identity Cloud. The certificate is encoded in PEM format. Identity Cloud uses the Identity Cloud signer certificate to sign outgoing SAML messages, for example, the SAML response. |
Example response
spa
{
"applicationId": "4m5jkiknfflsbnb854cd"
"name": "your_spa_application",
"protocol": "oauthOidc",
"type": "spa",
"spa": {
"metadataEndpoint": "https://login.yourcompany.com/.well-known/openid-configuration",
"tokenEndpoint": "https://login.yourcompany.com/auth/oauth2/token",
"identityCloudIssuer": "https://your-issuer",
"identityCloudSignerCertificate": "-----BEGIN CERTIFICATE-----\nidentity-cloud-signer==\n-----END CERTIFICATE-----\n",
"allowedReturnUris": [
"http://your-return-uri.com"
],
"clientId": "elm295qcx56unxqw",
"refreshTokenLifetime": "30d",
"authorizationEndpoint": "https://login.yourcompany.com/auth/oauth2/authorize",
"idTokenLifetime": "10m",
"accessTokenLifetime": "60m"
}
}
webOauth
application response body
{
"applicationId": "76kgbh33jbnh23nm"
"name": "your_webOauth_application",
"protocol": "oauthOidc",
"type": "web",
"webOauth": {
"metadataEndpoint": "https://login.yourcompany.com/.well-known/openid-configuration",
"tokenEndpoint": "https://login.yourcompany.com/auth/oauth2/token",
"identityCloudIssuer": "https://your-issuer",
"identityCloudSignerCertificate": "-----BEGIN CERTIFICATE-----\nidentity-cloud-signer==\n-----END CERTIFICATE-----\n",
"allowedReturnUris": [
"http://your-return-uri.com"
],
"clientId": "kg7jsnnk451hdki",
"clientSecret": "9014jflq13dg3",
"refreshTokenLifetime": "30d",
"authorizationEndpoint": "https://login.yourcompany.com/auth/oauth2/authorize",
"idTokenLifetime": "10m",
"accessTokenLifetime": "60m"
}
}
nat
application response body
{
"applicationId": "23jbvh451ab12kb"
"name": "your_nat_application",
"protocol": "oauthOidc",
"type": "nat",
"nat": {
"metadataEndpoint": "https://login.yourcompany.com/.well-known/openid-configuration",
"tokenEndpoint": "https://login.yourcompany.com/auth/oauth2/token",
"tokenIntrospectionEndpoint": "https://login.yourcompany.com/auth/oauth2/introspect",
"identityCloudIssuer": "https://your-issuer",
"identityCloudSignerCertificate": "-----BEGIN CERTIFICATE-----\nidentity-cloud-signer==\n-----END CERTIFICATE-----\n",
"allowedReturnUris": [
"http://your-return-uri.com"
],
"clientId": "75qwzl974hjk38hb",
"refreshTokenLifetime": "30d",
"authorizationEndpoint": "https://login.yourcompany.com/auth/oauth2/authorize",
"idTokenLifetime": "10m",
"accessTokenLifetime": "60m"
}
}
s2s
application response body
{
"applicationId": "c2098s92v81234db72dc"
"name": "your_s2s_application",
"protocol": "oauthOidc",
"type": "s2s",
"s2s": {
"metadataEndpoint": "https://login.yourcompany.com/.well-known/openid-configuration",
"tokenEndpoint": "https://login.yourcompany.com/auth/oauth2/token",
"identityCloudIssuer": "https://your-issuer",
"identityCloudSignerCertificate": "-----BEGIN CERTIFICATE-----\nidentity-cloud-signer==\n-----END CERTIFICATE-----\n",
"clientId": "5klgi45sdsa1",
"clientSecret": "92jnw81qwx",
"refreshTokenLifetime": "30d",
"authorizationEndpoint": "https://login.yourcompany.com/auth/oauth2/authorize",
"idTokenLifetime": "10m",
"accessTokenLifetime": "60m"
}
}
webSaml
application response body
{
"protocol": "saml",
"name": "your_saml_application",
"webSaml": {
"metadataEndpoint": "https://login.yourcompany.com/auth/saml/metadata",
"identityCloudIssuer": "https://idc-issuer",
"identityCloudSignerCertificate": "-----BEGIN CERTIFICATE-----\nidentity-cloud-signer==\n-----END CERTIFICATE-----\n",
"audience": "https://idc-test-sp-web:8086/saml2/service-provider-metadata/localinstance-id-dev-nevis-cloud",
"assertionConsumerServiceUrl": "https://your-page.com/login/saml2/sso/login.yourcompany.com",
"x509SignerCertificate": "-----BEGIN CERTIFICATE-----\nyour-x509-signer-certificate\n-----END CERTIFICATE-----",
"subject": "email",
"outboundBinding": "httpPost",
"issuer": "https://your-page.com/saml2/service-provider-metadata/login.yourcompany.com",
"ssoServiceUrl": "https://login.yourcompany.com/auth/saml/sso"
},
"type": "web",
"applicationId": "9kdb37da1094hbkluq12b"
}
On failure
HTTP/1.1 401
is returned if the authorization fails due to an invalid access key.
HTTP/1.1 404
is returned if the application with given id is not found.
HTTP/1.1 500
is returned if an unexpected error occurs.