Applications API
Tier: Free, Premium, Ultimate
Offering: GitLab.com, Self-managed, GitLab Dedicated
The Applications API operates on instance-wide OAuth applications for:
- Using GitLab as an authentication provider.
- Allowing access to GitLab resources on a user’s behalf.
The Applications API cannot be used to manage group applications or applications of individual users.
Only administrator users can use the Applications API.
Create an application
Create an application by posting a JSON payload.
Returns 200 if the request succeeds.
POST /applications
Supported attributes:
| Attribute | Type | Required | Description |
|---|---|---|---|
name
| string | yes | Name of the application. |
redirect_uri
| string | yes | Redirect URI of the application. |
scopes
| string | yes | Scopes of the application. You can specify multiple scopes by separating each scope using a space. |
confidential
| boolean | no | The application is used where the client secret can be kept confidential. Native mobile apps and Single Page Apps are considered non-confidential. Defaults to true if not supplied
|
Example request:
curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" \
--data "name=MyApplication&redirect_uri=http://redirect.uri&scopes=api read_user email" \
"https://gitlab.example.com/api/v4/applications"
Example response:
{
"id":1,
"application_id": "5832fc6e14300a0d962240a8144466eef4ee93ef0d218477e55f11cf12fc3737",
"application_name": "MyApplication",
"secret": "ee1dd64b6adc89cf7e2c23099301ccc2c61b441064e9324d963c46902a85ec34",
"callback_url": "http://redirect.uri",
"confidential": true
}
List all applications
List all registered applications.
GET /applications
Example request:
curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/applications"
Example response:
[
{
"id":1,
"application_id": "5832fc6e14300a0d962240a8144466eef4ee93ef0d218477e55f11cf12fc3737",
"application_name": "MyApplication",
"callback_url": "http://redirect.uri",
"confidential": true
}
]
The
secret value is not exposed by this API.Delete an application
Delete a specific application.
Returns 204 if the request succeeds.
DELETE /applications/:id
Supported attributes:
| Attribute | Type | Required | Description |
|---|---|---|---|
id
| integer | yes | The ID of the application (not the application_id).
|
Example request:
curl --request DELETE --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/applications/:id"
Renew an application secret
History
- Introduced in GitLab 16.11.
Renews an application secret. Returns 200 if the request succeeds.
POST /applications/:id/renew-secret
Supported attributes:
| Attribute | Type | Required | Description |
|---|---|---|---|
id
| integer | yes | The ID of the application (not the application_id).
|
Example request:
curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/applications/:id/renew-secret"
Example response:
{
"id":1,
"application_id": "5832fc6e14300a0d962240a8144466eef4ee93ef0d218477e55f11cf12fc3737",
"application_name": "MyApplication",
"secret": "ee1dd64b6adc89cf7e2c23099301ccc2c61b441064e9324d963c46902a85ec34",
"callback_url": "http://redirect.uri",
"confidential": true
}