Applications API

Tier: Free, Premium, Ultimate Offering: GitLab.com, Self-managed, GitLab Dedicated

The Applications API operates on instance-wide OAuth applications for:

The Applications API cannot be used to manage group applications or applications of individual users.

note
Only administrator users can use the Applications API.

Create an application

Create an application by posting a JSON payload.

Returns 200 if the request succeeds.

POST /applications

Supported attributes:

Attribute Type Required Description
name string yes Name of the application.
redirect_uri string yes Redirect URI of the application.
scopes string yes Scopes of the application. You can specify multiple scopes by separating each scope using a space.
confidential boolean no The application is used where the client secret can be kept confidential. Native mobile apps and Single Page Apps are considered non-confidential. Defaults to true if not supplied

Example request:

curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" \
     --data "name=MyApplication&redirect_uri=http://redirect.uri&scopes=api read_user email" \
     "https://gitlab.example.com/api/v4/applications"

Example response:

{
    "id":1,
    "application_id": "5832fc6e14300a0d962240a8144466eef4ee93ef0d218477e55f11cf12fc3737",
    "application_name": "MyApplication",
    "secret": "ee1dd64b6adc89cf7e2c23099301ccc2c61b441064e9324d963c46902a85ec34",
    "callback_url": "http://redirect.uri",
    "confidential": true
}

List all applications

List all registered applications.

GET /applications

Example request:

curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/applications"

Example response:

[
    {
        "id":1,
        "application_id": "5832fc6e14300a0d962240a8144466eef4ee93ef0d218477e55f11cf12fc3737",
        "application_name": "MyApplication",
        "callback_url": "http://redirect.uri",
        "confidential": true
    }
]
note
The secret value is not exposed by this API.

Delete an application

Delete a specific application.

Returns 204 if the request succeeds.

DELETE /applications/:id

Supported attributes:

Attribute Type Required Description
id integer yes The ID of the application (not the application_id).

Example request:

curl --request DELETE --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/applications/:id"

Renew an application secret

History

Renews an application secret. Returns 200 if the request succeeds.

POST /applications/:id/renew-secret

Supported attributes:

Attribute Type Required Description
id integer yes The ID of the application (not the application_id).

Example request:

curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/applications/:id/renew-secret"

Example response:

{
    "id":1,
    "application_id": "5832fc6e14300a0d962240a8144466eef4ee93ef0d218477e55f11cf12fc3737",
    "application_name": "MyApplication",
    "secret": "ee1dd64b6adc89cf7e2c23099301ccc2c61b441064e9324d963c46902a85ec34",
    "callback_url": "http://redirect.uri",
    "confidential": true
}