Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/zitadel/zitadel/llms.txt

Use this file to discover all available pages before exploring further.

​
Endpoint

POST /v2/applications

​
Description

Create an application. The application can be OIDC, API, or SAML type, based on the input.

​
Required Permission

  • project.app.write

​
Request Body

​
projectId
string
required
The ID of the project the application will be created in.Min Length: 1
Max Length: 200
​
applicationId
string
Optional unique ID of the new application. If omitted, the system will generate one (recommended).Max Length: 200
​
name
string
required
Publicly visible name of the application. This might be presented to users during sign-in.Min Length: 1
Max Length: 200
​
oidcConfiguration
object
Configuration for OIDC applications.
​
redirectUris
array
Allowed callback URIs for OAuth2/OIDC flows.
​
responseTypes
array
Response types: OIDC_RESPONSE_TYPE_CODE, OIDC_RESPONSE_TYPE_ID_TOKEN, OIDC_RESPONSE_TYPE_ID_TOKEN_TOKEN.
​
grantTypes
array
Grant types: OIDC_GRANT_TYPE_AUTHORIZATION_CODE, OIDC_GRANT_TYPE_IMPLICIT, OIDC_GRANT_TYPE_REFRESH_TOKEN, etc.
​
applicationType
string
Application type: OIDC_APPLICATION_TYPE_WEB, OIDC_APPLICATION_TYPE_USER_AGENT, OIDC_APPLICATION_TYPE_NATIVE.
​
authMethodType
string
Auth method: OIDC_AUTH_METHOD_TYPE_BASIC, OIDC_AUTH_METHOD_TYPE_POST, OIDC_AUTH_METHOD_TYPE_NONE, OIDC_AUTH_METHOD_TYPE_PRIVATE_KEY_JWT.
​
postLogoutRedirectUris
array
Allowed URIs to redirect to after logout.
​
version
string
OIDC version (currently only 1.0 supported).
​
developmentMode
boolean
Enable for development (allows non-compliant settings).
​
accessTokenType
string
Access token type: OIDC_TOKEN_TYPE_BEARER or OIDC_TOKEN_TYPE_JWT.
​
accessTokenRoleAssertion
boolean
Include roles in access token.
​
idTokenRoleAssertion
boolean
Include roles in ID token.
​
idTokenUserinfoAssertion
boolean
Include userinfo claims in ID token.
​
clockSkew
duration
Clock skew compensation (max 5s).
​
additionalOrigins
array
Additional allowed origins.
​
skipNativeAppSuccessPage
boolean
Skip success page for native apps.
​
samlConfiguration
object
Configuration for SAML applications.
​
metadataXml
bytes
SAML metadata as XML.
​
metadataUrl
string
URL to fetch SAML metadata from.
​
apiConfiguration
object
Configuration for API applications.
​
authMethodType
string
Auth method: API_AUTH_METHOD_TYPE_BASIC or API_AUTH_METHOD_TYPE_PRIVATE_KEY_JWT.

​
Response

​
applicationId
string
The unique ID of the newly created application.
​
creationDate
timestamp
The timestamp of the application creation.
​
oidcConfiguration
object
OIDC configuration response (if applicable).
​
clientId
string
OAuth2/OIDC client_id.
​
clientSecret
string
Client secret (store safely, cannot be retrieved later).
​
nonCompliant
boolean
Whether the config is OIDC compliant.
​
complianceProblems
array
List of compliance issues.
​
apiConfiguration
object
API configuration response (if applicable).
​
clientId
string
OAuth2 client_id for the API.
​
clientSecret
string
Client secret (if using basic auth).

​
Example Request - OIDC Web Application

curl -X POST https://your-domain.zitadel.cloud/v2/applications \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "projectId": "69629026806489455",
    "name": "My Web App",
    "oidcConfiguration": {
      "redirectUris": ["https://myapp.com/callback"],
      "responseTypes": ["OIDC_RESPONSE_TYPE_CODE"],
      "grantTypes": ["OIDC_GRANT_TYPE_AUTHORIZATION_CODE", "OIDC_GRANT_TYPE_REFRESH_TOKEN"],
      "applicationType": "OIDC_APPLICATION_TYPE_WEB",
      "authMethodType": "OIDC_AUTH_METHOD_TYPE_BASIC",
      "postLogoutRedirectUris": ["https://myapp.com"],
      "version": "OIDC_VERSION_1_0",
      "developmentMode": false,
      "accessTokenType": "OIDC_TOKEN_TYPE_BEARER"
    }
  }'

​
Example Response

{
  "applicationId": "1035496534033449",
  "creationDate": "2024-12-18T07:50:47.492Z",
  "oidcConfiguration": {
    "clientId": "1035496534033449@myproject",
    "clientSecret": "gjoq34589uasgh",
    "nonCompliant": false,
    "complianceProblems": []
  }
}

​
Error Responses

  • 400 Bad Request - Invalid application configuration
  • 403 Forbidden - Insufficient permissions