Create App

Apps are entities that can request Keycloak to authenticate a user. It also use Keycloak to encrypt themselves and provide a single sign-on solution which can securely invoke other services over the network.

Resource Informations

Name	Value
Requires authentication?	Yes
Rate limited?	No

Request

Request headers

Key	Value
Authorization	Bearer token
Content-Type	application/json

HTTP request URL for SSMS

POST https://{tenantId}.{hostname}/digitanium/v4/apps

HTTP request URL for SHIFT

POST https://{hostname}/auth/realms/{tenantId}/v3_client/

note

API requests must be made over https. Calls made over plain http will fail.

Parameters

No parameter fields are required.

Request body(* d)

Field Name	Type	Description
*appName	String	The name of the app to be created
id	String	This is a unique auto-generated id
name	String	Display name of the client
description	String	The description of the app to be created
rootUrl	String	The root URL is known to be the entire URL, including a slash.(Example: http://www.testapp.com/)
adminUrl	String	URL to the client's admin interface. The admin url template tag retrieves the url with the required protocol from the admin field of the current domain. adminUri of the created client should be same as rootUrl if it is not specified.
baseUrl	String	A consistent part or root of the address of your website (Example: http://www.demotest.com)
surrogateAuthRequired	boolean	Whether or not it is required to substitute auth
enabled	boolean	Is this enabled or not?
appAuthenticatorType	String	Type of Two-factor verification to sign-in to your accounts
secret	String	You may define a secret here when using the norm (otherwise one will be generated if it does not exit)
registrationAccessToken	String	The registration authorization token offers access to the client registration service for clients
defaultRoles	String	A list of this client's default roles. If the client functions referenced are not included, and if they already exist, they can be created.
redirectUris	List(String)	Appropriate URIs for this client for redirection. redirectUri's of the created client should be same as rootUrl if it is not specified.
webOrigins	List(String)	List of allowed origins. webOrigins specified in the request should be set to the created client.
notBefore	Integer	Revoke all tokens for this client given previous to this date (this is a UNIX timestamp).
bearerOnly	boolean	This client's access form is bearer-only.
consentRequired	boolean	sers have to agree to client access if allowed.
standardFlowEnabled	boolean	Enable or not to enable standard flow for this client.
implicitFlowEnabled	boolean	Enable or not to enable implicit flow for this client.
directAccessGrantsEnabled	boolean	Enable or not to enable directAccessGrants for this client.
serviceAccountsEnabled	boolean	Enable or not to enable serviceAccounts for this client.
authorizationServicesEnabled	boolean	Enable or not to enable authorizationServices for this client.
directGrantsOnly	boolean	Enable or not to enable directGrantsOnly for this client.
publicApp	boolean	Is the access type for this app is public or not?
frontchannelLogout	boolean	For this client, frontchannel logout is or is not enabled.
protocol	String	It defines the protocol for which this protocol mapper is involved.
attributes	Map(String,String)	Based on the user requirement the user attributes can be updated. User can add any customized attribute in form of key value pair.
authenticationFlowBindingOverrides	Map(String,String)	Describe the bug Configuring authenticationFlowBindingOverrides for a client appears not to be feasible.
fullScopeAllowed	boolean	Whether or not the "Full Scope Allowed" function is set for this client.
nodeReRegistrationTimeout	Integer	Cluster node timeout for this client's re-registration.
registeredNodes	Map(String,String)	Registered cluster node dictation with (nodename) as the key and the (last time of registration) as the value.
protocolMappers	List(ProtocolMapperRepresentation)	A list of client that describe protocol mappers.
appTemplate	String	The template is a specialized version of the App Template client.
useTemplateConfig	boolean	Whether or not to use the (client_template) configuration
useTemplateScope	boolean	Whether or not to use the (client template) scope setup
useTemplateMappers	boolean	Whether or not to use the (client-template) mapper setup
defaultClientScopes	List(String)	A list of default client scopes.
optionalClientScopes	List(String)	A list of optionalClientScopes.
authorizationSettings	ResourceServerRepresentation	A data framework that determines this client's authorization settings.
access	Map(String,Boolean)	A list of access type.
origin	String	List of allowed origins.

Attribute Details

Attribute Name	Type	Description
app_logo	String	This app logo will reflect under apps tab in user account page.

import Tabs from '@theme/Tabs'; import TabItem from '@theme/TabItem';

<Tabs

values={[ {label: 'Confidential_Client', value: 'confidential_client'}, ]}>

Type

For confidential_client.

Request Body	Previous Behaviour	Expected and Current Behaviour
If secret field is not specified	secret is not generated	secret is generated
If either publicApp or bearerOnly set as false and serviceAccountsEnabled set as true	The service account(user) is not created, when the confidential client is created with service account enabled	The service account(user) is getting created, when the confidential client is created with service account enabled
serviceAccountsEnabled set as false and authorizationServicesEnabled set as true	`Failed to create App Caused by Client does not have a service account`. But the client was created	`Failed to create App Caused by Client does not have a service account`. The client creation will be rolled back.

note

In order for the Expected and Current Behaviour to function, the request body should have protocol set to openid-connect.

Sample Request

{
    "appName": "new_client2",
    "id": "new_client2",
    "clientId": "new_client3",
    "name": "test",
    "description": "",
    "rootUrl": "http://www.testapp.com/",
    "adminUrl": "",
    "baseUrl": "http://www.demotest.com",
    "attributes" : {
    	"app_logo": "https://www.yyyyyy.com/xyz-063534.jpg"
    },
    "surrogateAuthRequired": true,
    "enabled": true,
    "appAuthenticatorType": "",
    "secret": "",
    "registrationAccessToken": "",
    "defaultRoles": null,
    "redirectUris": null,
    "webOrigins": null,
    "notBefore": 2,
    "bearerOnly": false,
    "consentRequired": false,
    "standardFlowEnabled": false,
    "implicitFlowEnabled": false,
    "directAccessGrantsEnabled": false,
    "serviceAccountsEnabled": false,
    "authorizationServicesEnabled": false,
    "directGrantsOnly": false,
    "publicApp": false,
    "frontchannelLogout": false,
    "protocol": "",
    "authenticationFlowBindingOverrides": "",
    "fullScopeAllowed": "",
    "nodeReRegistrationTimeout": "",
    "registeredNodes": "",
    "protocolMappers": "",
    "appTemplate": false,
    "useTemplateConfig": false,
    "useTemplateScope": false,
    "useTemplateMappers": false,
    "defaultClientScopes": "",
    "optionalClientScopes": "",
    "authorizationSettings": "",
    "access": "",
    "origin": ""
}

Response

Field Name	Type	Description
message	String	Message explains result of the API call. Refer Response status Information for details.
status	String	The status of the API call. Refer Response status Information for details.
subSystem	Integer	subSystem categorizes the type of API that has been called. Refer Subsystem details for details.

Sample Response

{
    "message": "App created successfully.",
    "status": "OK",
    "subSystem": 2
}

Response Status Information

Status Code	Status	Message
200	OK	App created successfully.
400	BAD_REQUEST	App name should not be null or empty.
401	Unauthorized	HTTP 401 Unauthorized.
409	CONFLICT	App already exists.

Resource Informations​

Request​

Request headers​

HTTP request URL for SSMS​

HTTP request URL for SHIFT​

Parameters​

Request body(* d)​

Attribute Details​

Sample Request​

Response​

Sample Response​

Response Status Information​