Applications API
The Applications API operates on instance-wide OAuth applications for:
- Using GitLab as an authentication provider.
- Allowing access to GitLab resources on a user’s behalf.
The Applications API cannot be used to manage group applications or applications of individual users.
Create an application
Create an application by posting a JSON payload.
Returns 200
if the request succeeds.
POST /applications
Supported attributes:
Attribute | Type | Required | Description |
---|---|---|---|
name
| string | yes | Name of the application. |
redirect_uri
| string | yes | Redirect URI of the application. |
scopes
| string | yes | Scopes of the application. You can specify multiple scopes by separating each scope using a space. |
confidential
| boolean | no | The application is used where the client secret can be kept confidential. Native mobile apps and Single Page Apps are considered non-confidential. Defaults to true if not supplied
|
Example request:
curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" \
--data "name=MyApplication&redirect_uri=http://redirect.uri&scopes=api read_user email" \
"https://gitlab.example.com/api/v4/applications"
Example response:
{
"id":1,
"application_id": "5832fc6e14300a0d962240a8144466eef4ee93ef0d218477e55f11cf12fc3737",
"application_name": "MyApplication",
"secret": "ee1dd64b6adc89cf7e2c23099301ccc2c61b441064e9324d963c46902a85ec34",
"callback_url": "http://redirect.uri",
"confidential": true
}
List all applications
List all registered applications.
GET /applications
Example request:
curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/applications"
Example response:
[
{
"id":1,
"application_id": "5832fc6e14300a0d962240a8144466eef4ee93ef0d218477e55f11cf12fc3737",
"application_name": "MyApplication",
"callback_url": "http://redirect.uri",
"confidential": true
}
]
secret
value is not exposed by this API.Delete an application
Delete a specific application.
Returns 204
if the request succeeds.
DELETE /applications/:id
Supported attributes:
Attribute | Type | Required | Description |
---|---|---|---|
id
| integer | yes | The ID of the application (not the application_id ).
|
Example request:
curl --request DELETE --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/applications/:id"
Renew an application secret
- Introduced in GitLab 16.11.
Renews an application secret. Returns 200
if the request succeeds.
POST /applications/:id/renew-secret
Supported attributes:
Attribute | Type | Required | Description |
---|---|---|---|
id
| integer | yes | The ID of the application (not the application_id ).
|
Example request:
curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/applications/:id/renew-secret"
Example response:
{
"id":1,
"application_id": "5832fc6e14300a0d962240a8144466eef4ee93ef0d218477e55f11cf12fc3737",
"application_name": "MyApplication",
"secret": "ee1dd64b6adc89cf7e2c23099301ccc2c61b441064e9324d963c46902a85ec34",
"callback_url": "http://redirect.uri",
"confidential": true
}