Application Credentials

List application credentials

client.Zones.ApplicationCredentials.List(ctx, zoneID, query) (*ZoneApplicationCredentialListResponse, error)

GET/zones/{zoneId}/application-credentials

Create application credential

client.Zones.ApplicationCredentials.New(ctx, zoneID, body) (*ZoneApplicationCredentialNewResponseUnion, error)

POST/zones/{zoneId}/application-credentials

Get application credential

client.Zones.ApplicationCredentials.Get(ctx, id, query) (*CredentialUnion, error)

GET/zones/{zoneId}/application-credentials/{id}

Update application credential

client.Zones.ApplicationCredentials.Update(ctx, id, params) (*CredentialUnion, error)

PATCH/zones/{zoneId}/application-credentials/{id}

Delete application credential

client.Zones.ApplicationCredentials.Delete(ctx, id, body) error

DELETE/zones/{zoneId}/application-credentials/{id}

ModelsExpand Collapse

type BaseFields struct{…}

Common fields shared by all application credential types

ID string

Unique identifier of the credential

ApplicationID string

ID of the application this credential belongs to

CreatedAt Time

Entity creation timestamp

formatdate-time

OrganizationID string

Organization that owns this credential

Slug string

URL-safe identifier, unique within the zone

minLength1

maxLength63

UpdatedAt Time

Entity update timestamp

formatdate-time

ZoneID string

Zone this credential belongs to

DeprecatedApplication Applicationoptional

An Application is a software system with an associated identity that can access Resources. It may act on its own behalf (machine-to-machine) or on behalf of a user (delegated access).

ID string

Unique identifier of the application

CreatedAt Time

Entity creation timestamp

formatdate-time

DependenciesCount int64

Number of resource dependencies

Identifier string

User specified identifier, unique within the zone

minLength1

maxLength2048

Name string

Human-readable name

minLength1

maxLength255

OrganizationID string

Organization that owns this application

OwnerType ApplicationOwnerType

Who owns this application. Platform-owned applications cannot be modified via API.

Accepts one of the following:

const ApplicationOwnerTypePlatform ApplicationOwnerType = "platform"

const ApplicationOwnerTypeCustomer ApplicationOwnerType = "customer"

Slug string

URL-safe identifier, unique within the zone

minLength1

maxLength63

UpdatedAt Time

Entity update timestamp

formatdate-time

ZoneID string

Zone this application belongs to

Description stringoptional

Human-readable description

maxLength2048

Metadata Metadataoptional

Entity metadata

DocsURL stringoptional

Documentation URL

formaturi

maxLength2048

Protocols ApplicationProtocolsoptional

Protocol-specific configuration

Oauth2 ApplicationProtocolsOauth2optional

OAuth 2.0 protocol configuration

PostLogoutRedirectUris []stringoptional

OAuth 2.0 post-logout redirect URIs for this application

RedirectUris []stringoptional

OAuth 2.0 redirect URIs for this application

type CredentialUnion interface{…}

Credentials for accessing external services from applications

Accepts one of the following:

type Token struct{…}

Token-based application credential

Identifier string

Identifier for this credential. For token type, this equals the subject value, or '*' when subject is not specified.

ProviderID string

ID of the provider issuing tokens verified by this credential

Type string

DeprecatedProvider Provideroptional

A Provider is a system that supplies access to Resources and allows actors (Users or Applications) to authenticate.

ID string

Unique identifier of the provider

CreatedAt Time

Entity creation timestamp

formatdate-time

Identifier string

User specified identifier, unique within the zone

minLength1

maxLength2048

Name string

Human-readable name

minLength1

maxLength255

OrganizationID string

Organization that owns this provider

OwnerType ProviderOwnerType

Who owns this provider. Platform-owned providers cannot be modified via API.

Accepts one of the following:

const ProviderOwnerTypePlatform ProviderOwnerType = "platform"

const ProviderOwnerTypeCustomer ProviderOwnerType = "customer"

Slug string

URL-safe identifier, unique within the zone

minLength1

maxLength63

UpdatedAt Time

Entity update timestamp

formatdate-time

ZoneID string

Zone this provider belongs to

ClientID stringoptional

OAuth 2.0 client identifier

ClientSecretSet booloptional

Indicates whether a client secret is configured

Description stringoptional

Human-readable description

maxLength2048

Metadata anyoptional

Provider metadata

Protocols ProviderProtocolsoptional

Protocol-specific configuration

Oauth2 ProviderProtocolsOauth2optional

OAuth 2.0 protocol configuration

Issuer string

OIDC issuer URL used for discovery and token validation.

formaturi

AuthorizationEndpoint stringoptional

formaturi

AuthorizationParameters map[string, string]optional

Custom query parameters appended to authorization redirect URLs. Use for non-standard providers (e.g. Google prompt=consent, access_type=offline).

AuthorizationResourceEnabled booloptional

Whether to include the resource parameter in authorization requests.

AuthorizationResourceParameter stringoptional

The resource parameter value to include in authorization requests. Defaults to "resource" when authorization_resource_enabled is true.

CodeChallengeMethodsSupported []stringoptional

JwksUri stringoptional

formaturi

RegistrationEndpoint stringoptional

formaturi

ScopeParameter stringoptional

The query parameter name for scopes in authorization requests. Defaults to "scope". Slack v2 uses "user_scope".

ScopeSeparator stringoptional

The separator character for scope values. Defaults to " " (space). Slack v2 uses ",".

ScopesSupported []stringoptional

TokenEndpoint stringoptional

formaturi

TokenResponseAccessTokenPointer stringoptional

Dot-separated path to the access token in the token response body. Defaults to "access_token". Slack v2 uses "authed_user.access_token".

Openid ProviderProtocolsOpenidoptional

OpenID Connect protocol configuration

UserinfoEndpoint stringoptional

formaturi

Type ProviderTypeoptional

Accepts one of the following:

const ProviderTypeExternal ProviderType = "external"

const ProviderTypeKeycardVault ProviderType = "keycard-vault"

const ProviderTypeKeycardSts ProviderType = "keycard-sts"

Subject stringoptional

Subject identifier for the token. When null or omitted, any token from the provider is accepted without checking application-specific claims.

type Password struct{…}

Password-based application credential

Identifier string

Username for password credential, also used as OAuth 2.0 client ID

Type string

Password stringoptional

Password for credential (only returned on creation, store securely), also used as OAuth 2.0 client secret

type PublicKey struct{…}

Public key-based application credential

Identifier string

Client ID for public key credential, also used as OAuth 2.0 client ID

JwksUri string

JWKS URI to retrieve public keys from

formaturi

Type string

type URL struct{…}

URL-based application credential

Identifier string

URL of the credential (must be a valid URL)

formaturi

Type string

type Public struct{…}

Public credential (no secret storage)

Identifier string

Identifier for public credential, also used as OAuth 2.0 client ID

Type string

type Password struct{…}

Password-based application credential

Identifier string

Username for password credential, also used as OAuth 2.0 client ID

Type string

Password stringoptional

Password for credential (only returned on creation, store securely), also used as OAuth 2.0 client secret

type Public struct{…}

Public credential (no secret storage)

Identifier string

Identifier for public credential, also used as OAuth 2.0 client ID

Type string

type PublicKey struct{…}

Public key-based application credential

Identifier string

Client ID for public key credential, also used as OAuth 2.0 client ID

JwksUri string

JWKS URI to retrieve public keys from

formaturi

Type string

type Token struct{…}

Token-based application credential

Identifier string

Identifier for this credential. For token type, this equals the subject value, or '*' when subject is not specified.

ProviderID string

ID of the provider issuing tokens verified by this credential

Type string

DeprecatedProvider Provideroptional

A Provider is a system that supplies access to Resources and allows actors (Users or Applications) to authenticate.

ID string

Unique identifier of the provider

CreatedAt Time

Entity creation timestamp

formatdate-time

Identifier string

User specified identifier, unique within the zone

minLength1

maxLength2048

Name string

Human-readable name

minLength1

maxLength255

OrganizationID string

Organization that owns this provider

OwnerType ProviderOwnerType

Who owns this provider. Platform-owned providers cannot be modified via API.

Accepts one of the following:

const ProviderOwnerTypePlatform ProviderOwnerType = "platform"

const ProviderOwnerTypeCustomer ProviderOwnerType = "customer"

Slug string

URL-safe identifier, unique within the zone

minLength1

maxLength63

UpdatedAt Time

Entity update timestamp

formatdate-time

ZoneID string

Zone this provider belongs to

ClientID stringoptional

OAuth 2.0 client identifier

ClientSecretSet booloptional

Indicates whether a client secret is configured

Description stringoptional

Human-readable description

maxLength2048

Metadata anyoptional

Provider metadata

Protocols ProviderProtocolsoptional

Protocol-specific configuration

Oauth2 ProviderProtocolsOauth2optional

OAuth 2.0 protocol configuration

Issuer string

OIDC issuer URL used for discovery and token validation.

formaturi

AuthorizationEndpoint stringoptional

formaturi

AuthorizationParameters map[string, string]optional

Custom query parameters appended to authorization redirect URLs. Use for non-standard providers (e.g. Google prompt=consent, access_type=offline).

AuthorizationResourceEnabled booloptional

Whether to include the resource parameter in authorization requests.

AuthorizationResourceParameter stringoptional

The resource parameter value to include in authorization requests. Defaults to "resource" when authorization_resource_enabled is true.

CodeChallengeMethodsSupported []stringoptional

JwksUri stringoptional

formaturi

RegistrationEndpoint stringoptional

formaturi

ScopeParameter stringoptional

The query parameter name for scopes in authorization requests. Defaults to "scope". Slack v2 uses "user_scope".

ScopeSeparator stringoptional

The separator character for scope values. Defaults to " " (space). Slack v2 uses ",".

ScopesSupported []stringoptional

TokenEndpoint stringoptional

formaturi

TokenResponseAccessTokenPointer stringoptional

Dot-separated path to the access token in the token response body. Defaults to "access_token". Slack v2 uses "authed_user.access_token".

Openid ProviderProtocolsOpenidoptional

OpenID Connect protocol configuration

UserinfoEndpoint stringoptional

formaturi

Type ProviderTypeoptional

Accepts one of the following:

const ProviderTypeExternal ProviderType = "external"

const ProviderTypeKeycardVault ProviderType = "keycard-vault"

const ProviderTypeKeycardSts ProviderType = "keycard-sts"

Subject stringoptional

Subject identifier for the token. When null or omitted, any token from the provider is accepted without checking application-specific claims.

type URL struct{…}

URL-based application credential

Identifier string

URL of the credential (must be a valid URL)

formaturi

Type string