Skip to main content

Update application

The endpoint provides functionality to update an application.

The following application types are supported:

  • Using OAuth 2.0 / OIDC protocol

    • Single-page application (spa)
    • Regular web application (webOauth)
    • Native application (nat)
    • Server-to-server application (s2s)

  • Using SAML 2.0 protocol

    • Regular web application (webSaml)

HTTP request

PATCH https://$instanceId.id.nevis.cloud/nevis/api/v1/applications/$applicationId

Parameters

ParameterInTypeRequired / OptionalDescription
instanceIdpathstringrequiredThe ID of your Identity Cloud instance
applicationIdpathstringrequiredThe ID of the application

Request body

ParameterTypeRequired / OptionalDescription
spaobjectRequired, if application type is spaThe parameters of the spa application
webOauthobjectRequired, if application type is web and protocol is oauthOidcThe parameters of the webOauth application
natobjectRequired, if application type is natThe parameters of the nat application
s2sobjectRequired, if application type is s2sThe parameters of the s2s application
webSamlobjectRequired, if application type is web and protocol is samlThe parameters of the webSaml application

Application object

spa

ParameterTypeRequired / OptionalDescription
allowedReturnUrisstring[]OptionalThe user is redirected to the Return URI after successfully authorizing the application. This can be a classic URL, or a custom scheme URL that triggers a mobile application. Constraint: The allowedReturnUris may include several URIs, up to a maximum of 20. A Return URI must have a maximum length of 2048 characters.
accessTokenLifetimestringOptionalSpecifies the lifetime of the issued access tokens for the application. Constraint: The accessTokenLifetime must be in the range [1m, 1440m].
idTokenLifetimestringOptionalSpecifies the lifetime of the issued ID tokens for the application. Constraint: The idTokenLifetime must be in the range [1m, 1440m].
refreshTokenLifetimestringOptionalSpecifies the lifetime of the issued refresh tokens for the application. Constraint: The refreshTokenLifetime must be in the range [1d, 365d].

webOauth

ParameterTypeRequired / OptionalDescription
allowedReturnUrisstring[]OptionalThe user is redirected to the Return URI after successfully authorizing the application. This can be a classic URL, or a custom scheme URL that triggers a mobile application. Constraint: The allowedReturnUris may include several URIs, up to a maximum of 20. A Return URI must have a maximum length of 2048 characters.
accessTokenLifetimestringOptionalSpecifies the lifetime of the issued access tokens for the application. Constraint: The accessTokenLifetime must be in the range [1m, 1440m].
idTokenLifetimestringOptionalSpecifies the lifetime of the issued ID tokens for the application. Constraint: The idTokenLifetime must be in the range [1m, 1440m].
refreshTokenLifetimestringOptionalSpecifies the lifetime of the issued refresh tokens for the application. Constraint: The refreshTokenLifetime must be in the range [1d, 365d].

nat

ParameterTypeRequired / OptionalDescription
allowedReturnUrisstring[]OptionalThe user is redirected to the Return URI after successfully authorizing the application. This can be a classic URL, or a custom scheme URL that triggers a mobile application. Constraint: The allowedReturnUris may include several URIs, up to a maximum of 20. A Return URI must have a maximum length of 2048 characters.
accessTokenLifetimestringOptionalSpecifies the lifetime of the issued access tokens for the application. Constraint: The accessTokenLifetime must be in the range [1m, 1440m].
idTokenLifetimestringOptionalSpecifies the lifetime of the issued ID tokens for the application. Constraint: The idTokenLifetime must be in the range [1m, 1440m].
refreshTokenLifetimestringOptionalSpecifies the lifetime of the issued refresh tokens for the application. Constraint: The refreshTokenLifetime must be in the range [1d, 365d].

s2s

ParameterTypeRequired / OptionalDescription
accessTokenLifetimestringOptionalSpecifies the lifetime of the issued access tokens for the application. Constraint: The accessTokenLifetime must be in the range [1m, 1440m].

webSaml

ParameterTypeRequired / OptionalDescription
issuerstringOptionalIssuer is the unique identifier of the service provider (SP) application, typically in a URL format. The identifier is used by Identity Cloud (the IdP) to validate SAML messages (For example AuthnRequest) received from the SP. Constraint: The issuer must be unique, and have a maximum length of 1024 characters. Example: https://sp.your-company.com
subjectstringOptionalThe Subject contains an identifier of the user as known to Identity Cloud. This configuration determines whether the User ID or the Email address will be used as value of the NameID attribute in the SAML Assertion. Values: email, userId.
outboundBindingstringOptionalThe Outbound binding specifies how SAML messages are returned to the initiating application. Identity Cloud either instructs the user agent to send the message to the service provider using POST or returns a redirect (302 leading to a GET). Values: httpPost, httpRedirect.
assertionConsumerServiceUrlstringOptionalAssertion Consumer Service URL indicates the URL, to which the SAML response is returned after successful authentication. Constraint: The assertionConsumerServiceUrl must have a maximum length of 1024 characters. Example: https://sp.your-company.com/login/saml2/sso/
audiencestringOptionalSP verifies if Audience matches the recipient of a SAML response. Audience has a URL format. Constraint: The audience must have a maximum length of 1024 characters. Example: https://sp.your-company.com
x509SignerCertificatestringOptionalX509 Signer Certificate is needed if your SP signs the AuthnRequest. Extract the public-key certificate from the configuration of the the SP, or the SAML metadata file of the SP. Constraint: The x509SignerCertificate has to be encoded in PEM format. Note: The x509SignerCertificate should includes \n for new lines, after -----BEGIN CERTIFICATE----- prefix and before -----END CERTIFICATE----- postfix.

Example request

applicationId=your-application-id-123
curl --request PATCH "https://$instanceId.id.nevis.cloud/nevis/api/v1/applications/$applicationId" \
  --header "Authorization: Bearer $accessKey" \
  --header "Content-Type: application/json"

spa application request body

{
    "spa": {
        "allowedReturnUris": [
            "https://your-company.com/callback"
        ]
    }
}

webOauth application request body

{
    "webOauth": {
        "allowedReturnUris": [
            "https://your-company.com/callback"
        ]
    }
}

nat application request body

{
    "nat": {
        "allowedReturnUris": [
            "https://your-company.com/callback"
        ]
    }
}

s2s application request body

{
    "s2s": {
      "accessTokenLifetime" : "2m"
    }
}

webSaml application request body

{
    "webSaml": {
        "issuer": "https://sp.your-company.com",
        "assertionConsumerServiceUrl": "https://sp.your-company.com/login/saml2/sso/"
    }
}

webSaml application with X509 Signer Certificate request body

{
    "webSaml": {
        "issuer": "https://sp.your-company.com",
        "assertionConsumerServiceUrl": "https://sp.your-company.com/login/saml2/sso/",
        "x509SignerCertificate": "-----BEGIN CERTIFICATE-----\nyour-x509-signer-certificate\n-----END CERTIFICATE-----"
    }
}

HTTP response

On success

HTTP/1.1 200 is returned if the application is successfully updated.

The response contains all attributes of the application. If application type is

On failure

HTTP/1.1 401 is returned if the authorization fails due to an invalid access key.

HTTP/1.1 404 is returned if the application with given id is not found.

HTTP/1.1 422 is returned if invalid request content is given.

HTTP/1.1 500 is returned if an unexpected error occurs.