Applications API

DETAILS: Tier: Free, Premium, Ultimate Offering: GitLab.com, Self-managed, GitLab Dedicated

The Applications API operates on instance-wide OAuth applications for:

The Applications API cannot be used to manage group applications or applications of individual users.

NOTE: Only administrator users can use the Applications API.

Create an application

Create an application by posting a JSON payload.

Returns 200 if the request succeeds.

POST /applications

Supported attributes:

Attribute	Type	Required	Description
`name`	string	yes	Name of the application.
`redirect_uri`	string	yes	Redirect URI of the application.
`scopes`	string	yes	Scopes of the application. You can specify multiple scopes by separating each scope using a space.
`confidential`	boolean	no	The application is used where the client secret can be kept confidential. Native mobile apps and Single Page Apps are considered non-confidential. Defaults to `true` if not supplied

Example request:

curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" \
     --data "name=MyApplication&redirect_uri=http://redirect.uri&scopes=api read_user email" \
     "https://gitlab.example.com/api/v4/applications"

Example response:

{
    "id":1,
    "application_id": "5832fc6e14300a0d962240a8144466eef4ee93ef0d218477e55f11cf12fc3737",
    "application_name": "MyApplication",
    "secret": "ee1dd64b6adc89cf7e2c23099301ccc2c61b441064e9324d963c46902a85ec34",
    "callback_url": "http://redirect.uri",
    "confidential": true
}

List all applications

List all registered applications.

GET /applications

Example request:

curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/applications"

Example response:

[
    {
        "id":1,
        "application_id": "5832fc6e14300a0d962240a8144466eef4ee93ef0d218477e55f11cf12fc3737",
        "application_name": "MyApplication",
        "callback_url": "http://redirect.uri",
        "confidential": true
    }
]

NOTE: The secret value is not exposed by this API.

Delete an application

Delete a specific application.

Returns 204 if the request succeeds.

DELETE /applications/:id

Supported attributes:

Attribute	Type	Required	Description
`id`	integer	yes	The ID of the application (not the `application_id`).

Example request:

curl --request DELETE --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/applications/:id"

Renew an application secret

Introduced in GitLab 16.11.

Renews an application secret. Returns 200 if the request succeeds.

POST /applications/:id/renew-secret

Supported attributes:

Attribute	Type	Required	Description
`id`	integer	yes	The ID of the application (not the `application_id`).

Example request:

curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/applications/:id/renew-secret"

Example response:

{
    "id":1,
    "application_id": "5832fc6e14300a0d962240a8144466eef4ee93ef0d218477e55f11cf12fc3737",
    "application_name": "MyApplication",
    "secret": "ee1dd64b6adc89cf7e2c23099301ccc2c61b441064e9324d963c46902a85ec34",
    "callback_url": "http://redirect.uri",
    "confidential": true
}