{ "info": { "title": "core/oauth-clients", "version": "" }, "paths": { "/api/core/oauth-clients": { "get": { "tags": [ "oauth-clients" ], "summary": "List OAuth clients", "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OAuthClientAdminListResponse" } } }, "description": "OK" }, "400": { "$ref": "#/components/responses/BadRequest" }, "401": { "$ref": "#/components/responses/Unauthorized" }, "403": { "$ref": "#/components/responses/Forbidden" }, "500": { "$ref": "#/components/responses/InternalServerError" }, "503": { "$ref": "#/components/responses/ServiceUnavailable" } }, "parameters": [ { "in": "query", "name": "filter", "schema": { "type": "string" }, "example": "appType eq \"spa\" and clientId eq \"b3ee66d6f21d1611efa89a425f656f6f\"", "required": false, "description": "The filter query that should be used to filter the list of oauth clients. The filter syntax is defined in RFC 7644. Valid attributes for filtering are `clientId`, `clientName`, and `appType`." }, { "in": "query", "name": "limit", "schema": { "type": "number", "default": 20, "maximum": 100, "minimum": 1 }, "description": "The number of OAuth client entries to retrieve." }, { "in": "query", "name": "next", "schema": { "type": "string" }, "required": false, "description": "The next page cursor" }, { "in": "query", "name": "prev", "schema": { "type": "string" }, "required": false, "description": "The previous page cursor" }, { "in": "query", "name": "sort", "schema": { "enum": [ "+clientId", "-clientId", "+clientName", "-clientName", "+appType", "-appType", "+createdAt", "-createdAt", "+updatedAt", "-updatedAt" ], "type": "string" }, "required": false, "description": "The attribute to sort by, beginning with + for ascending and - for descending. Valid attributes for sorting are clientId, clientName, appType, createdAt, updatedAt." }, { "in": "query", "name": "totalResults", "schema": { "type": "boolean", "default": false }, "example": true, "required": false, "description": "Boolean query parameter that determines if the total count of results should be included in the response. If true, the response includes the total number of results in the `totalResults` field. If false or not included in the query, `totalResults` will be excluded from the response." } ], "description": "Retrieve all OAuth clients.", "operationId": "readAllOAuthClientsQCC", "x-qlik-visibility": "public", "x-qlik-stability": "stable", "x-qlik-deprecated": false, "x-qlik-tier": { "tier": "1", "limit": 1000 } }, "post": { "tags": [ "oauth-clients" ], "summary": "Create an OAuth client", "responses": { "201": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OAuthClientCreateResponse" } } }, "description": "Created" }, "400": { "$ref": "#/components/responses/BadRequest" }, "401": { "$ref": "#/components/responses/Unauthorized" }, "403": { "$ref": "#/components/responses/Forbidden" }, "500": { "$ref": "#/components/responses/InternalServerError" }, "503": { "$ref": "#/components/responses/ServiceUnavailable" } }, "description": "Create a new OAuth client. `appType` cannot be changed after creation. Consent method and published state can be changed after creation.", "operationId": "createOAuthClientQCC", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OAuthClientCreateRequest" } } }, "required": true }, "x-qlik-visibility": "public", "x-qlik-stability": "stable", "x-qlik-deprecated": false, "x-qlik-tier": { "tier": "2", "limit": 100 } } }, "/api/core/oauth-clients/{id}": { "get": { "tags": [ "oauth-clients" ], "summary": "Get an OAuth client", "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OAuthClientAdminReadResponse" } } }, "description": "OK" }, "400": { "$ref": "#/components/responses/BadRequest" }, "401": { "$ref": "#/components/responses/Unauthorized" }, "403": { "$ref": "#/components/responses/Forbidden" }, "404": { "$ref": "#/components/responses/NotFound" }, "500": { "$ref": "#/components/responses/InternalServerError" }, "503": { "$ref": "#/components/responses/ServiceUnavailable" } }, "parameters": [ { "in": "path", "name": "id", "schema": { "type": "string" }, "required": true, "description": "The unique identifier for the OAuth client" } ], "description": "Retrieves the specified OAuth client.", "operationId": "readOAuthClientQCC", "x-qlik-visibility": "public", "x-qlik-stability": "stable", "x-qlik-deprecated": false, "x-qlik-tier": { "tier": "1", "limit": 1000 } }, "patch": { "tags": [ "oauth-clients" ], "summary": "Update an OAuth client", "responses": { "202": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OAuthClientPatchResponse" } } }, "description": "Accepted - Client secret was generated" }, "204": { "description": "No Content" }, "400": { "$ref": "#/components/responses/BadRequest" }, "401": { "$ref": "#/components/responses/Unauthorized" }, "403": { "$ref": "#/components/responses/Forbidden" }, "404": { "$ref": "#/components/responses/NotFound" }, "500": { "$ref": "#/components/responses/InternalServerError" }, "503": { "$ref": "#/components/responses/ServiceUnavailable" } }, "parameters": [ { "in": "path", "name": "id", "schema": { "type": "string" }, "required": true, "description": "The unique identifier for the OAuth client" } ], "description": "Updates the specified OAuth client. Returns 204 No Content on success.", "operationId": "patchOAuthClientQCC", "requestBody": { "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/OAuthClientUpdate" } } } }, "required": true }, "x-qlik-visibility": "public", "x-qlik-stability": "stable", "x-qlik-deprecated": false, "x-qlik-tier": { "tier": "2", "limit": 100 } }, "delete": { "tags": [ "oauth-clients" ], "summary": "Delete an OAuth client", "responses": { "204": { "description": "No Content" }, "400": { "$ref": "#/components/responses/BadRequest" }, "401": { "$ref": "#/components/responses/Unauthorized" }, "403": { "$ref": "#/components/responses/Forbidden" }, "404": { "$ref": "#/components/responses/NotFound" }, "500": { "$ref": "#/components/responses/InternalServerError" }, "503": { "$ref": "#/components/responses/ServiceUnavailable" } }, "parameters": [ { "in": "path", "name": "id", "schema": { "type": "string" }, "required": true, "description": "The unique identifier for the OAuth client" }, { "in": "header", "name": "qlik-confirm-delete", "schema": { "type": "string" }, "required": true, "description": "A confirmation string that should match the id of the oauth-client resource to be deleted" } ], "description": "Delete the specified OAuth client.", "operationId": "deleteOAuthClientQCC", "x-qlik-visibility": "public", "x-qlik-stability": "stable", "x-qlik-deprecated": false, "x-qlik-tier": { "tier": "2", "limit": 100 } } }, "/api/core/oauth-clients/{id}/client-secrets": { "post": { "tags": [ "oauth-clients" ], "summary": "Create an OAuth client secret", "responses": { "201": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OAuthClientSecretResponse" } } }, "description": "Created" }, "400": { "$ref": "#/components/responses/BadRequest" }, "401": { "$ref": "#/components/responses/Unauthorized" }, "403": { "$ref": "#/components/responses/Forbidden" }, "404": { "$ref": "#/components/responses/NotFound" }, "409": { "$ref": "#/components/responses/ClientSecretCreateExceedLimit" }, "500": { "$ref": "#/components/responses/InternalServerError" }, "503": { "$ref": "#/components/responses/ServiceUnavailable" } }, "parameters": [ { "in": "path", "name": "id", "schema": { "type": "string" }, "required": true, "description": "The unique identifier for the OAuth client" } ], "description": "Create a new client secret for the specified OAuth client. An OAuth client can have a maximum of 5 client secrets at one time.", "operationId": "createOAuthClientSecretQCC", "x-qlik-visibility": "public", "x-qlik-stability": "stable", "x-qlik-deprecated": false, "x-qlik-tier": { "tier": "2", "limit": 100 } } }, "/api/core/oauth-clients/{id}/client-secrets/{hint}": { "delete": { "tags": [ "oauth-clients" ], "summary": "Delete an OAuth client secret", "responses": { "204": { "description": "No Content" }, "400": { "$ref": "#/components/responses/BadRequest" }, "401": { "$ref": "#/components/responses/Unauthorized" }, "403": { "$ref": "#/components/responses/Forbidden" }, "404": { "$ref": "#/components/responses/NotFound" }, "500": { "$ref": "#/components/responses/InternalServerError" }, "503": { "$ref": "#/components/responses/ServiceUnavailable" } }, "parameters": [ { "in": "path", "name": "hint", "schema": { "type": "string" }, "required": true, "description": "The unique identifier for the OAuth secret" }, { "in": "path", "name": "id", "schema": { "type": "string" }, "required": true, "description": "The unique identifier for the OAuth client" } ], "description": "Deletes a specific client secret for an OAuth client.", "operationId": "deleteOAuthClientSecretQCC", "x-qlik-visibility": "public", "x-qlik-stability": "stable", "x-qlik-deprecated": false, "x-qlik-tier": { "tier": "2", "limit": 100 } } } }, "openapi": "3.0.0", "components": { "responses": { "BadRequest": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } }, "description": "Bad Request" }, "ClientSecretCreateExceedLimit": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } }, "description": "The max number of client secrets is 5" }, "Forbidden": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } }, "description": "Forbidden" }, "InternalServerError": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } }, "description": "Internal Server Error" }, "NotFound": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } }, "description": "Not Found" }, "ServiceUnavailable": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } }, "description": "Service Unavailable" }, "Unauthorized": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } }, "description": "Unauthorized" } }, "schemas": { "ClientSecrets": { "type": "array", "items": { "type": "object", "required": [ "hint" ], "properties": { "hint": { "type": "string", "maxLength": 5, "description": "Hint of a client application secret" }, "createdAt": { "type": "string", "format": "date-time", "example": "2025-11-06T14:30:00.123456Z", "description": "The timestamp for when the client-secret record was created." }, "createdBy": { "type": "string", "description": "The identifier for the user that created the client-secret record." } } }, "readOnly": true, "description": "Hints of any client application secrets" }, "ConnectionConfigReadResponse": { "type": "object", "required": [ "consentMethod" ], "properties": { "status": { "type": "string", "readOnly": true, "description": "Status" }, "consentMethod": { "type": "string", "readOnly": true, "description": "Consent method" }, "deletedByOwner": { "type": "boolean", "readOnly": true, "description": "OAuth client has been deleted by owner, only applies for published clients." } }, "description": "Response schema for reading a connection config" }, "Error": { "type": "object", "required": [ "code", "title" ], "properties": { "code": { "type": "string", "description": "The unique code for the error" }, "title": { "type": "string", "description": "A summary of the error" }, "detail": { "type": "string", "description": "Additional details about the error" } } }, "ErrorResponse": { "type": "object", "properties": { "errors": { "type": "array", "items": { "$ref": "#/components/schemas/Error" } } } }, "JWK": { "type": "object", "required": [ "kty", "use", "alg", "kid" ], "properties": { "e": { "type": "string", "example": "AQAB", "description": "Exponent for RSA keys" }, "n": { "type": "string", "example": "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx", "description": "Modulus for RSA keys" }, "x": { "type": "string", "example": "WKn-ZIGevcwGIyyrzFoZNBdaq9_TsqzGl96oc0CWuis", "description": "X coordinate for EC keys" }, "y": { "type": "string", "example": "y77t-RvAHRKTsSGdIYUfweuOvwrvDD-Q3Hv5J0fSKbE", "description": "Y coordinate for EC keys" }, "alg": { "enum": [ "RS256", "RS512", "ES384" ], "type": "string", "example": "RS256", "description": "Algorithm intended for use with the key" }, "crv": { "type": "string", "example": "P-384", "description": "Curve for EC keys" }, "kid": { "type": "string", "example": "key-1", "description": "Key ID" }, "kty": { "enum": [ "RSA", "EC" ], "type": "string", "example": "RSA", "description": "Key type (e.g., RSA, EC)" }, "use": { "enum": [ "sig" ], "type": "string", "example": "sig", "description": "Intended use of the key (typically \"sig\" for signature)" } }, "description": "JSON Web Key (JWK) for the public key used to verify the signature of a client assertion JWT" }, "Link": { "type": "object", "required": [ "href" ], "properties": { "href": { "type": "string", "format": "uri", "description": "URL that defines the resource" } } }, "Links": { "type": "object", "properties": { "next": { "$ref": "#/components/schemas/Link" }, "prev": { "$ref": "#/components/schemas/Link" }, "self": { "$ref": "#/components/schemas/Link" } } }, "OAuthClientAdminListItem": { "type": "object", "allOf": [ { "$ref": "#/components/schemas/OAuthClientBase" } ], "required": [ "clientId" ], "properties": { "clientId": { "type": "string", "readOnly": true, "maxLength": 512, "description": "Client application id" }, "publicKeys": { "type": "array", "items": { "$ref": "#/components/schemas/JWK" }, "description": "List of public keys for JWT authentication" }, "redirectUris": { "type": "array", "items": { "type": "string", "maxItems": 5, "maxLength": 256, "uniqueItems": true }, "description": "List of allowed redirect URIs for login" }, "allowedOrigins": { "type": "array", "items": { "type": "string", "maxItems": 5, "maxLength": 256, "uniqueItems": true }, "description": "List of allowed origins for client" }, "connectionConfig": { "$ref": "#/components/schemas/ConnectionConfigReadResponse" }, "allowedAuthMethods": { "type": "array", "items": { "enum": [ "client_secret", "private_key_jwt" ], "type": "string" }, "description": "List of allowed authentication methods for the client" } }, "description": "Schema for an OAuth client item in a list response" }, "OAuthClientAdminListResponse": { "type": "object", "required": [ "data", "links" ], "properties": { "data": { "type": "array", "items": { "$ref": "#/components/schemas/OAuthClientAdminListItem" } }, "links": { "$ref": "#/components/schemas/Links" }, "totalResults": { "type": "integer", "nullable": true, "description": "Total number of oauth clients, included only if `totalResults` query parameter is set to true." } }, "description": "Response schema for listing OAuth clients" }, "OAuthClientAdminReadResponse": { "type": "object", "allOf": [ { "$ref": "#/components/schemas/OAuthClientBase" } ], "required": [ "clientId" ], "properties": { "clientId": { "type": "string", "readOnly": true, "maxLength": 512, "description": "Client application id" }, "publicKeys": { "type": "array", "items": { "$ref": "#/components/schemas/JWK" }, "description": "List of public keys for JWT authentication" }, "redirectUris": { "type": "array", "items": { "type": "string", "maxItems": 5, "maxLength": 256, "uniqueItems": true }, "description": "List of allowed redirect URIs for login" }, "clientSecrets": { "$ref": "#/components/schemas/ClientSecrets" }, "allowedOrigins": { "type": "array", "items": { "type": "string", "maxItems": 5, "maxLength": 256, "uniqueItems": true }, "description": "List of allowed origins for client" }, "allowedAuthMethods": { "type": "array", "items": { "enum": [ "client_secret", "private_key_jwt" ], "type": "string" }, "description": "List of allowed authentication methods for the client" } }, "description": "Response schema for reading an OAuth client" }, "OAuthClientBase": { "type": "object", "required": [ "appType", "clientName", "createdAt", "ownerId" ], "properties": { "appType": { "enum": [ "web", "native", "spa", "anonymous-embed" ], "type": "string", "maxLength": 64, "description": "Application type" }, "logoUri": { "type": "string", "maxLength": 2048, "description": "URI for logo of client" }, "clientUri": { "type": "string", "maxLength": 2048, "description": "URI for homepage of client" }, "createdAt": { "type": "string", "format": "date-time", "example": "2025-11-06T14:30:00.123456Z", "description": "The timestamp for when the oauth-clients record was created." }, "deletedAt": { "type": "string", "format": "date-time", "example": "2025-11-06T15:45:30.789012Z", "description": "The timestamp for when the oauth-clients record was deleted." }, "updatedAt": { "type": "string", "format": "date-time", "example": "2025-11-06T16:20:15.456789Z", "description": "The timestamp for when the oauth-clients record was updated." }, "clientName": { "type": "string", "maxLength": 512, "description": "Client application name" }, "disableTag": { "type": "string", "readOnly": true, "description": "Is set if client disabled" }, "publicKeys": { "type": "array", "items": { "$ref": "#/components/schemas/JWK" }, "description": "List of public keys for JWT authentication" }, "description": { "type": "string", "maxLength": 4096, "description": "Client description" }, "publishedAt": { "type": "string", "format": "date-time", "example": "2025-11-06T17:00:00.321654Z", "description": "The timestamp which is set, if the client is published." }, "allowedScopes": { "type": "array", "items": { "type": "string", "maxLength": 256, "uniqueItems": true }, "description": "List of allowed scopes for this client." }, "clientSecrets": { "type": "array", "items": { "type": "object", "required": [ "hint" ], "properties": { "hint": { "type": "string", "maxLength": 5, "description": "Hint of a client application secret" }, "createdAt": { "type": "string", "format": "date-time", "example": "2025-12-03T14:59:46.331Z", "description": "The timestamp for when the client-secret record was created." }, "createdBy": { "type": "string", "description": "The identifier for the user that created the client-secret record." } } }, "readOnly": true, "description": "Hints of any client application secrets" }, "connectionConfig": { "type": "object", "properties": { "consentMethod": { "enum": [ "required", "trusted" ], "type": "string", "example": "required", "description": "Specifies the consent method for the connection." } }, "description": "Optional settings for configuring the client connection." }, "allowedGrantTypes": { "type": "array", "items": { "enum": [ "client_credentials", "urn:qlik:oauth:user-impersonation" ], "type": "string" }, "description": "Allowed grant types, only for use with appType: 'web'" }, "allowedAuthMethods": { "type": "array", "items": { "enum": [ "client_secret", "private_key_jwt" ], "type": "string" }, "description": "List of allowed authentication methods for the client" } }, "description": "Base schema for OAuth client requests and responses" }, "OAuthClientCreateRequest": { "type": "object", "required": [ "appType", "clientName" ], "properties": { "appType": { "enum": [ "web", "native", "spa", "anonymous-embed" ], "type": "string", "example": "web", "maxLength": 64, "description": "Application type" }, "logoUri": { "type": "string", "example": "https://org.us.qlik.com/logo.png", "maxLength": 2048, "description": "URI for logo of client" }, "clientUri": { "type": "string", "example": "https://org.us.qlik.com/", "maxLength": 2048, "description": "URI for homepage of client" }, "clientName": { "type": "string", "example": "My_test_application", "maxLength": 512, "description": "Client application name" }, "publicKeys": { "type": "array", "items": { "$ref": "#/components/schemas/JWK" }, "description": "List of public keys for JWT authentication (required when using private_key_jwt)" }, "description": { "type": "string", "example": "A test application client", "maxLength": 4096, "description": "Client description" }, "redirectUris": { "type": "array", "items": { "type": "string", "example": "https://org.us.qlik.com/home", "maxItems": 5, "maxLength": 256, "description": "A redirect URI for the client", "uniqueItems": true }, "description": "List of allowed redirect URIs for login" }, "allowedScopes": { "type": "array", "items": { "type": "string", "example": "automations", "maxLength": 256, "description": "A scope that the client is allowed to request", "uniqueItems": true }, "description": "List of allowed scopes for this client." }, "allowedOrigins": { "type": "array", "items": { "type": "string", "example": "https://qlik.com", "maxItems": 5, "maxLength": 256, "description": "An allowed origin for the client", "uniqueItems": true }, "description": "List of allowed origins for this client, only available with SPA application type" }, "connectionConfig": { "type": "object", "properties": { "consentMethod": { "enum": [ "trusted" ], "type": "string", "example": "trusted", "description": "Specifies the consent method for the connection. The only allowed value is \"trusted.\"" } }, "description": "Optional settings for configuring the client connection." }, "allowedGrantTypes": { "type": "array", "items": { "enum": [ "client_credentials", "urn:qlik:oauth:user-impersonation" ], "type": "string", "example": "client_credentials", "description": "Grant type" }, "description": "Allowed grant types, only for use with appType: 'web'" }, "allowedAuthMethods": { "type": "array", "items": { "enum": [ "client_secret", "private_key_jwt" ], "type": "string", "example": "client_secret", "description": "An authentication method for the client" }, "description": "List of allowed authentication methods for the client" } }, "description": "Request schema for OAuth client creation" }, "OAuthClientCreateResponse": { "type": "object", "allOf": [ { "$ref": "#/components/schemas/OAuthClientBase" } ], "required": [ "clientId", "clientSecret" ], "properties": { "clientId": { "type": "string", "readOnly": true, "maxLength": 512, "description": "Client application id" }, "publicKeys": { "type": "array", "items": { "$ref": "#/components/schemas/JWK" }, "description": "List of public keys for JWT authentication" }, "clientSecret": { "type": "string", "readOnly": true, "maxLength": 64, "description": "Client application secret" }, "redirectUris": { "type": "array", "items": { "type": "string", "maxItems": 5, "maxLength": 256, "uniqueItems": true }, "description": "List of allowed redirect URIs for login" }, "allowedOrigins": { "type": "array", "items": { "type": "string", "maxItems": 5, "maxLength": 256, "uniqueItems": true }, "description": "List of allowed origins for this client" }, "allowedAuthMethods": { "type": "array", "items": { "enum": [ "client_secret", "private_key_jwt" ], "type": "string" }, "description": "List of allowed authentication methods for the client" } }, "description": "Response schema for OAuth client creation" }, "OAuthClientPatchResponse": { "type": "object", "required": [ "clientSecret" ], "properties": { "clientSecret": { "type": "string", "example": "a1b2c3d4e5f6...", "readOnly": true, "maxLength": 64, "description": "The generated client application secret" } }, "description": "Response schema for PATCH /oauth-clients when a client secret is generated" }, "OAuthClientSecretResponse": { "type": "object", "required": [ "clientId", "clientSecret", "hint" ], "properties": { "hint": { "type": "string", "readOnly": true, "description": "Client application hint" }, "clientId": { "type": "string", "readOnly": true, "description": "Client application id" }, "createdAt": { "type": "string", "format": "date-time", "example": "2025-11-06T14:30:00.123456Z", "description": "The timestamp for when the client-secret record was created." }, "createdBy": { "type": "string", "description": "The identifier for the user that created the client-secret record." }, "clientSecret": { "type": "string", "readOnly": true, "description": "Client application secret" } }, "description": "Response schema for creating an OAuth client application secret" }, "OAuthClientUpdate": { "type": "object", "required": [ "op", "path" ], "properties": { "op": { "enum": [ "add", "remove", "replace" ], "type": "string", "description": "The operation to be performed" }, "path": { "enum": [ "/clientName", "/description" ], "type": "string", "description": "The path for the given resource field to patch" }, "value": { "oneOf": [ { "type": "string" }, { "type": "array", "items": { "type": "string" } } ], "description": "The value to be used for this operation." } }, "description": "A JSON Patch document as defined in http://tools.ietf.org/html/rfc6902" } } }, "servers": [ { "url": "https://console.qlikcloud.com" } ] }