Get applications
The endpoint provides functionality to get all applications.
The response may include one or more of the following application types:
Using OAuth 2.0 / OIDC protocol
- Single-page application (
spa) - Regular web application (
webOauth) - Native application (
nat) - Server-to-server application (
s2s)
- Single-page application (
Using SAML 2.0 protocol
- Regular web application (
webSaml)
- Regular web application (
HTTP request
GET https://$instanceId.id.nevis.cloud/nevis/api/v1/applications
Parameters
| Parameter | In | Type | Required / Optional | Description |
|---|---|---|---|---|
instanceId | path | string | required | The ID of your Identity Cloud instance |
Example request
curl --request GET "https://$instanceId.id.nevis.cloud/nevis/api/v1/applications" \
--header "Authorization: Bearer $accessKey"
HTTP response
On success
HTTP/1.1 200 is returned on success.
| Parameter | Type | Description |
|---|---|---|
items | array of applications | The collection of applications |
The items array may contain the following types of
application: spa, nat, s2s, webOauth, webSaml
spa
| Parameter | Type | Description |
|---|---|---|
applicationId | string | The identifier of the application. |
name | string | The name of the application. |
type | string | The type of the application; Value: spa |
protocol | string | The protocol of the application; Value: oauthOidc |
spa.clientId | string | The unique public identifier of the application. |
spa.allowedReturnUris | string[] | The user is redirected to the Return URI after successfully authorizing the application. This can be a classic URL, or a custom scheme URL that triggers a mobile application. |
spa.accessTokenLifetime | string | The lifetime of the issued access tokens for the application in minutes. |
spa.idTokenLifetime | string | The lifetime of the issued ID tokens for the application in minutes. |
spa.refreshTokenLifetime | string | The lifetime of the issued refresh tokens for the application in days. |
spa.authorizationEndpoint | string | The endpoint is provided by Identity Cloud. This endpoint can be used to request an authorization code by performing an end-user authentication. |
spa.tokenEndpoint | string | The endpoint is provided by Identity Cloud. The endpoint used for the token request. |
spa.metadataEndpoint | string | The endpoint is provided by Identity Cloud. The endpoint used for OpenID Connect Well-Known Configuration request. |
spa.identityCloudIssuer | string | The issuer of Identity Cloud. The Identity Cloud issuer is included as an Issuer Claim (iss) in ID tokens and access tokens generated by Identity Cloud. |
spa.identityCloudSignerCertificate | string | The X.509 signer certificate for Identity Cloud which required to validate the signature. |
nat
| Parameter | Type | Description |
|---|---|---|
applicationId | string | The identifier of the application. |
name | string | The name of the application. |
type | string | The type of the application; Value: nat |
protocol | string | The protocol of the application; Value: oauthOidc |
nat.clientId | string | The unique public identifier of the application. |
nat.allowedReturnUris | string[] | The user is redirected to the Return URI after successfully authorizing the application. This can be a classic URL, or a custom scheme URL that triggers a mobile application. |
nat.accessTokenLifetime | string | The lifetime of the issued access tokens for the application in minutes. |
nat.idTokenLifetime | string | The lifetime of the issued ID tokens for the application in minutes. |
nat.refreshTokenLifetime | string | The lifetime of the issued refresh tokens for the application in days. |
nat.authorizationEndpoint | string | The endpoint is provided by Identity Cloud. This endpoint can be used to request an authorization code by performing an end-user authentication. |
nat.tokenEndpoint | string | The endpoint is provided by Identity Cloud. The endpoint used for the token request. |
nat.metadataEndpoint | string | The endpoint is provided by Identity Cloud. The endpoint used for OpenID Connect Well-Known Configuration request. |
nat.identityCloudIssuer | string | The issuer of Identity Cloud. The Identity Cloud issuer is included as an Issuer Claim (iss) in ID tokens and access tokens generated by Identity Cloud. |
nat.identityCloudSignerCertificate | string | The X.509 signer certificate for Identity Cloud which required to validate the signature. |
s2s
| Parameter | Type | Description |
|---|---|---|
applicationId | string | The identifier of the application. |
name | string | The name of the application. |
type | string | The type of the application; Value: s2s |
protocol | string | The protocol of the application; Value: oauthOidc |
s2s.clientId | string | The unique public identifier of the application. |
s2s.clientSecret | string | The client secret of the application. |
s2s.accessTokenLifetime | string | The lifetime of the issued access tokens for the application in minutes. |
s2s.tokenEndpoint | string | The endpoint is provided by Identity Cloud. The endpoint used for the token request. |
s2s.tokenIntrospectionEndpoint | string | The endpoint is provided by Identity Cloud. The endpoint used for validating access tokens. |
s2s.metadataEndpoint | string | The endpoint is provided by Identity Cloud. The endpoint used for OpenID Connect Well-Known Configuration request. |
s2s.identityCloudIssuer | string | The issuer of Identity Cloud. The Identity Cloud issuer is included as an Issuer Claim (iss) in ID tokens and access tokens generated by Identity Cloud. |
s2s.identityCloudSignerCertificate | string | The X.509 signer certificate for Identity Cloud which required to validate the signature. |
webOauth
| Parameter | Type | Description |
|---|---|---|
applicationId | string | The identifier of the application. |
name | string | The name of the application. |
type | string | The type of the application; Value: web |
protocol | string | The protocol of the application; Value: oauthOidc |
webOauth.clientId | string | The unique public identifier of the application. |
webOauth.clientSecret | string | The client secret of the application |
webOauth.allowedReturnUris | string[] | The user is redirected to the Return URI after successfully authorizing the application. This can be a classic URL, or a custom scheme URL that triggers a mobile application. |
webOauth.accessTokenLifetime | string | The lifetime of the issued access tokens for the application in minutes. |
webOauth.idTokenLifetime | string | The lifetime of the issued ID tokens for the application in minutes. |
webOauth.refreshTokenLifetime | string | The lifetime of the issued refresh tokens for the application in days. |
webOauth.authorizationEndpoint | string | The endpoint is provided by Identity Cloud. This endpoint can be used to request an authorization code by performing an end-user authentication. |
webOauth.tokenEndpoint | string | The endpoint is provided by Identity Cloud. The endpoint used for the token request. |
webOauth.metadataEndpoint | string | The endpoint is provided by Identity Cloud. The endpoint used for OpenID Connect Well-Known Configuration request. |
webOauth.identityCloudIssuer | string | The issuer of Identity Cloud. The Identity Cloud issuer is included as an Issuer Claim (iss) in ID tokens and access tokens generated by Identity Cloud. |
webOauth.identityCloudSignerCertificate | string | The X.509 signer certificate for Identity Cloud which required to validate the signature. |
webSaml
| Parameter | Type | Description |
|---|---|---|
applicationId | string | The identifier of the application. |
name | string | The name of the application. |
type | string | The type of the application; Value: web |
protocol | string | The protocol of the application; Value: saml |
webSaml.issuer | string | The issuer is the unique identifier of the SP, typically in URL format. |
webSaml.subject | string | The subject contains an identifier of the user as known to Identity Cloud; Values: email, userId |
webSaml.outboundBinding | string | The outbound binding specifies how the SAML messages are returned to the initiating application. Values: httpPost, httpRedirect |
webSaml.assertionConsumerServiceUrl | string | The URL, to which the SAML response is returned after successful authentication. |
webSaml.audience | string | SP verifies if Audience matches the recipient of a SAML response. Audience has a URL format. |
webSaml.x509SignerCertificate | string | The X509 Signer Certificate is needed if your SP signs the AuthnRequest. The certificate is encoded in PEM format. |
webSaml.metadataEndpoint | string | The endpoint is provided by Identity Cloud. The Metadata endpoint returns SAML metadata in XML format. The metadata can be used by Service Providers (SPs) to configure their SAML integration with Identity Cloud. |
webSaml.ssoServiceUrl | string | SSO service URL is the URL of the SAML 2.0 IdP. |
webSaml.identityCloudIssuer | string | The issuer of Identity Cloud. Identity Cloud uses the value of Identity Cloud issuer for the 'Issuer' in the SAML response. It is generated by Identity Cloud based on your domain. |
webSaml.identityCloudSignerCertificate | string | The X.509 certificate generated by Identity Cloud. The certificate is encoded in PEM format. Identity Cloud uses the Identity Cloud signer certificate to sign outgoing SAML messages, for example, the SAML response. |
Example response
{
"items": [
{
"applicationId": "df47e555-b3be-4890-9c1c-3485a7432b83"
"name": "your_spa_application",
"protocol": "oauthOidc",
"type": "spa",
"spa": {
"metadataEndpoint": "https://login.yourcompany.com/.well-known/openid-configuration",
"tokenEndpoint": "https://login.yourcompany.com/auth/oauth2/token",
"identityCloudIssuer": "https://idc-issuer",
"identityCloudSignerCertificate": "-----BEGIN CERTIFICATE-----\nidentity-cloud-signer==\n-----END CERTIFICATE-----\n",
"allowedReturnUris": [
"http://your-return-uri.com"
],
"clientId": "szmxgc5qp8dnkyue",
"refreshTokenLifetime": "30d",
"authorizationEndpoint": "https://login.yourcompany.com/auth/oauth2/authorize",
"idTokenLifetime": "10m",
"accessTokenLifetime": "60m"
}
},
{
"applicationId": "485ee370-8b28-41c0-a485-eefd6e620db2"
"name": "your_webOauth_application",
"protocol": "oauthOidc",
"type": "web",
"webOauth": {
"metadataEndpoint": "https://login.yourcompany.com/.well-known/openid-configuration",
"tokenEndpoint": "https://login.yourcompany.com/auth/oauth2/token",
"identityCloudIssuer": "https://idc-issuer",
"identityCloudSignerCertificate": "-----BEGIN CERTIFICATE-----\nidentity-cloud-signer==\n-----END CERTIFICATE-----\n",
"allowedReturnUris": [
"http://your-return-uri.com"
],
"clientId": "aeu5byj8tv6qdr9w",
"clientSecret": "ger7das84tmf9x2b",
"refreshTokenLifetime": "30d",
"authorizationEndpoint": "https://login.yourcompany.com/auth/oauth2/authorize",
"idTokenLifetime": "10m",
"accessTokenLifetime": "60m"
}
},
{
"applicationId": "fe049636-7519-4741-8d0a-3c74fb4236e5"
"name": "your_nat_application",
"protocol": "oauthOidc",
"type": "nat",
"nat": {
"metadataEndpoint": "https://login.yourcompany.com/.well-known/openid-configuration",
"tokenEndpoint": "https://login.yourcompany.com/auth/oauth2/token",
"identityCloudIssuer": "https://idc-issuer",
"identityCloudSignerCertificate": "-----BEGIN CERTIFICATE-----\nidentity-cloud-signer==\n-----END CERTIFICATE-----\n",
"allowedReturnUris": [
"http://your-return-uri.com"
],
"clientId": "rj8neks536qf297b",
"refreshTokenLifetime": "30d",
"authorizationEndpoint": "https://login.yourcompany.com/auth/oauth2/authorize",
"idTokenLifetime": "10m",
"accessTokenLifetime": "60m"
}
},
{
"applicationId": "9cc100d6-06b4-422c-84ef-5dd975fd4105"
"name": "your_s2s_application",
"protocol": "oauthOidc",
"type": "s2s",
"s2s": {
"metadataEndpoint": "https://login.yourcompany.com/.well-known/openid-configuration",
"tokenEndpoint": "https://login.yourcompany.com/auth/oauth2/token",
"tokenIntrospectionEndpoint": "https://login.yourcompany.com/auth/oauth2/introspect",
"identityCloudIssuer": "https://idc-issuer",
"identityCloudSignerCertificate": "-----BEGIN CERTIFICATE-----\nidentity-cloud-signer==\n-----END CERTIFICATE-----\n",
"clientId": "xq32sgj9d6prckwz",
"clientSecret": "ybewk93dpnqv7tfs",
"refreshTokenLifetime": "30d",
"authorizationEndpoint": "https://login.yourcompany.com/auth/oauth2/authorize",
"idTokenLifetime": "10m",
"accessTokenLifetime": "60m"
}
},
{
"protocol": "saml",
"name": "your_saml_application",
"webSaml": {
"metadataEndpoint": "https://login.yourcompany.com/auth/saml/metadata",
"identityCloudIssuer": "https://idc-issuer",
"identityCloudSignerCertificate": "-----BEGIN CERTIFICATE-----\nidentity-cloud-signer==\n-----END CERTIFICATE-----\n",
"audience": "https://your-page.com/saml2/service-provider-metadata/login.yourcompany.com",
"assertionConsumerServiceUrl": "https://your-page.com/login/saml2/sso/login.yourcompany.com",
"x509SignerCertificate": "-----BEGIN CERTIFICATE-----\nyour-x509-signer-certificate\n-----END CERTIFICATE-----",
"subject": "email",
"outboundBinding": "httpPost",
"issuer": "https://your-page.com/saml2/service-provider-metadata/login.yourcompany.com",
"ssoServiceUrl": "https://login.yourcompany.com/auth/saml/sso"
},
"type": "web",
"applicationId": "1db16fb4-bfd8-4963-bb7c-2601e126d52c"
}
]
}
On failure
HTTP/1.1 401 is returned if the authorization fails due to an invalid access key.
HTTP/1.1 500 is returned if an unexpected error occurs.