The Applications API allows you to programmatically manage Connect Applications and their associated client secrets.
WorkOS Connect supports two types of applications: OAuth and Machine-to-Machine M2M.
OAuth applications are designed for web, mobile, desktop, and CLI applications where a user needs to authenticate.
{ "object": "connect_application", "id": "app_01J9Q2Z3X4Y5W6V7U8T9S0R1Q", "client_id": "client_01J9Q2Z3X4Y5W6V7U8T9S0R1Q", "name": "My Application", "description": "Application description", "application_type": "oauth", "redirect_uris": [ { "uri": "https://example.com/callback", "default": true } ], "uses_pkce": false, "is_first_party": true, "scopes": ["example-permission:read", "example-permission:write"], "created_at": "2024-01-15T12:30:00.000Z", "updated_at": "2024-01-15T12:30:00.000Z" }
OAuth ApplicationM2M applications are designed for server-to-server authentication without user interaction.
{ "object": "connect_application", "id": "app_01J9Q2Z3X4Y5W6V7U8T9S0R1Q", "client_id": "client_01J9Q2Z3X4Y5W6V7U8T9S0R1Q", "name": "Backend Service", "description": "Machine-to-machine application for API access", "application_type": "m2m", "organization_id": "org_01J9Q2Z3X4Y5W6V7U8T9S0R1Q", "scopes": ["api:read", "api:write", "api:admin"], "created_at": "2024-01-15T12:30:00.000Z", "updated_at": "2024-01-15T12:30:00.000Z" }
M2M ApplicationRetrieve details for a specific Connect Application by ID or client ID.
curl https://api.workos.com/connect/applications/app_01J9Q2Z3X4Y5W6V7U8T9S0R1Q \ --header "Authorization: Bearer sk_example_123456789"
GET/connectParameters Returns List all Connect Applications in the current environment with optional filtering.
curl "https://api.workos.com/connect/applications?organization_id=org_01J9Q2Z3X4Y5W6V7U8T9S0R1Q&limit=20" \ --header "Authorization: Bearer sk_example_123456789"
GET/connectParameters Returns objectCreate a new Connect Application. Supports both OAuth and Machine-to-Machine (M2M) application types.
curl -X POST https://api.workos.com/connect/applications \ --header "Authorization: Bearer sk_example_123456789" \ --header "Content-Type: application/json" \ --data '{ "name": "My OAuth App", "application_type": "oauth", "description": "Customer-facing OAuth application", "redirect_uris": [ { "uri": "https://example.com/callback", "default": true } ], "uses_pkce": false, "is_first_party": false, "organization_id": "org_01J9Q2Z3X4Y5W6V7U8T9S0R1Q", "scopes": ["example-permission:write"] }'
POST/connectParameters Returns Update an existing Connect Application. For OAuth applications, you can update redirect URIs. For all applications, you can update the name, description, and scopes.
curl -X PUT https://api.workos.com/connect/applications/app_01J9Q2Z3X4Y5W6V7U8T9S0R1Q \ --header "Authorization: Bearer sk_example_123456789" \ --header "Content-Type: application/json" \ --data '{ "name": "Updated Application Name", "description": "Updated description", "redirect_uris": [ { "uri": "https://example.com/new-callback", "default": true }, { "uri": "https://example.com/another-callback", "default": false } ], "scopes": ["profile", "email", "openid"] }'
PUT/connectParameters Returns Delete an existing Connect Application.
curl -X DELETE https://api.workos.com/connect/applications/app_01J9Q2Z3X4Y5W6V7U8T9S0R1Q \ --header "Authorization: Bearer sk_example_123456789"
DELETE/connectParameters