Applications

List application resources

API Reference

Zones

Applications

List application resources

GET/zones/{zoneId}/applications/{id}/resources

Returns a list of resources provided by an application

Path ParametersExpand Collapse

zoneId: string

id: string

Query ParametersExpand Collapse

after: optional string

Cursor for forward pagination

minLength1

maxLength255

before: optional string

Cursor for backward pagination

minLength1

maxLength255

cursor: optional string

"expand[]": optional "total_count" or array of "total_count"

Accepts one of the following:

UnionMember0 = "total_count"

UnionMember1 = array of "total_count"

limit: optional number

Maximum number of items to return

minimum1

maximum100

ReturnsExpand Collapse

items: array of Resource { id, application_type, created_at, 17 more }

id: string

Unique identifier of the resource

application_type: "native" or "web"

The expected type of client for this credential. Native clients must use localhost URLs for redirect_uris or URIs with custom schemes. Web clients must use https URLs and must not use localhost as the hostname.

Accepts one of the following:

"native"

"web"

created_at: string

Entity creation timestamp

formatdate-time

identifier: string

User specified identifier, unique within the zone

minLength1

maxLength2048

Human-readable name

minLength1

maxLength255

organization_id: string

Organization that owns this resource

owner_type: "platform" or "customer"

Who owns this resource. Platform-owned resources cannot be modified via API.

Accepts one of the following:

"platform"

"customer"

prefix: boolean

When true, the resource identifier is treated as a URI prefix, protecting all URLs that share the identifier as a prefix at path/query/fragment boundaries. Protocol and hostname must match exactly. When multiple prefix resources satisfy an identifier query, the resource with the longest prefix is matched.

slug: string

URL-safe identifier, unique within the zone

minLength1

maxLength63

updated_at: string

Entity update timestamp

formatdate-time

zone_id: string

Zone this resource belongs to

Deprecatedapplication: optional Application { id, consent, created_at, 11 more }

An Application is a software system with an associated identity that can access Resources. It may act on its own behalf (machine-to-machine) or on behalf of a user (delegated access).

id: string

Unique identifier of the application

Accepts one of the following:

created_at: string

Entity creation timestamp

formatdate-time

dependencies_count: number

Number of resource dependencies

identifier: string

User specified identifier, unique within the zone

minLength1

maxLength2048

Human-readable name

minLength1

maxLength255

organization_id: string

Organization that owns this application

owner_type: "platform" or "customer"

Who owns this application. Platform-owned applications cannot be modified via API.

Accepts one of the following:

"platform"

"customer"

slug: string

URL-safe identifier, unique within the zone

minLength1

maxLength63

updated_at: string

Entity update timestamp

formatdate-time

zone_id: string

Zone this application belongs to

description: optional string

Human-readable description

maxLength2048

metadata: optional Metadata { docs_url }

Entity metadata

docs_url: optional string

Documentation URL

formaturi

maxLength2048

protocols: optional object { oauth2 }

Protocol-specific configuration

oauth2: optional object { post_logout_redirect_uris, redirect_uris }

OAuth 2.0 protocol configuration

post_logout_redirect_uris: optional array of string

OAuth 2.0 post-logout redirect URIs for this application

redirect_uris: optional array of string

OAuth 2.0 redirect URIs for this application

application_id: optional string

ID of the application that provides this resource

credential_lifetime_seconds: optional number

Credential lifetime override in seconds. When set, overrides the default credential lifetime for this resource. When absent, the default from the provider or zone is used.

minimum60

maximum86400

Deprecatedcredential_provider: optional Provider { id, created_at, identifier, 12 more }

A Provider is a system that supplies access to Resources and allows actors (Users or Applications) to authenticate.

id: string

Unique identifier of the provider

created_at: string

Entity creation timestamp

formatdate-time

identifier: string

User specified identifier, unique within the zone

minLength1

maxLength2048

Human-readable name

minLength1

maxLength255

organization_id: string

Organization that owns this provider

owner_type: "platform" or "customer"

Who owns this provider. Platform-owned providers cannot be modified via API.

Accepts one of the following:

"platform"

"customer"

slug: string

URL-safe identifier, unique within the zone

minLength1

maxLength63

updated_at: string

Entity update timestamp

formatdate-time

zone_id: string

Zone this provider belongs to

client_id: optional string

OAuth 2.0 client identifier

client_secret_set: optional boolean

Indicates whether a client secret is configured

description: optional string

Human-readable description

maxLength2048

metadata: optional unknown

Provider metadata

protocols: optional object { oauth2, openid }

Protocol-specific configuration

oauth2: optional object { issuer, authorization_endpoint, authorization_parameters, 10 more }

OAuth 2.0 protocol configuration

issuer: string

OIDC issuer URL used for discovery and token validation.

formaturi

authorization_endpoint: optional string

formaturi

authorization_parameters: optional map[string]

Custom query parameters appended to authorization redirect URLs. Use for non-standard providers (e.g. Google prompt=consent, access_type=offline).

authorization_resource_enabled: optional boolean

Whether to include the resource parameter in authorization requests.

authorization_resource_parameter: optional string

The resource parameter value to include in authorization requests. Defaults to "resource" when authorization_resource_enabled is true.

code_challenge_methods_supported: optional array of string

jwks_uri: optional string

formaturi

registration_endpoint: optional string

formaturi

scope_parameter: optional string

The query parameter name for scopes in authorization requests. Defaults to "scope". Slack v2 uses "user_scope".

scope_separator: optional string

The separator character for scope values. Defaults to " " (space). Slack v2 uses ",".

scopes_supported: optional array of string

token_endpoint: optional string

formaturi

token_response_access_token_pointer: optional string

Dot-separated path to the access token in the token response body. Defaults to "access_token". Slack v2 uses "authed_user.access_token".

openid: optional object { scopes, user_identifier_claim, userinfo_endpoint }

OpenID Connect protocol configuration

scopes: optional array of string

Additional OIDC scopes to request from this provider during authentication (e.g. "groups"). Merged with the default scopes (openid, profile, email).

user_identifier_claim: optional string

Name of a top-level string claim in this provider's ID Token to use as the user identifier on user creation. When not set, the user's Keycard ID is used.

userinfo_endpoint: optional string

formaturi

type: optional "external" or "keycard-vault" or "keycard-sts"

Accepts one of the following:

"external"

"keycard-vault"

"keycard-sts"

credential_provider_id: optional string

ID of the credential provider for this resource

description: optional string

Human-readable description

maxLength2048

metadata: optional Metadata { docs_url }

Entity metadata

docs_url: optional string

Documentation URL

formaturi

maxLength2048

scopes: optional array of string

Scopes supported by the resource

when_accessing: optional array of string

List of resource IDs that, when accessed, make this dependency available. Only present when this resource is returned as a dependency.

page_info: PageInfoPagination { has_next_page, has_previous_page, end_cursor, start_cursor }

Pagination information

has_next_page: boolean

Whether there are more items after the current page

has_previous_page: boolean

Whether there are items before the current page

end_cursor: optional string

Cursor pointing to the last item in the current page

start_cursor: optional string

Cursor pointing to the first item in the current page

pagination: object { after_cursor, before_cursor, total_count }

Cursor-based pagination metadata

after_cursor: string

An opaque cursor used for paginating through a list of results

minLength1

maxLength255

before_cursor: string

An opaque cursor used for paginating through a list of results

minLength1

maxLength255

total_count: optional number

Total number of items matching the query. Only included when expand[]=total_count is requested.

List application resources

curl https://api.keycard.ai/zones/$ZONE_ID/applications/$ID/resources

{
  "items": [
    {
      "id": "id",
      "application_type": "native",
      "created_at": "2019-12-27T18:11:19.117Z",
      "identifier": "x",
      "name": "x",
      "organization_id": "organization_id",
      "owner_type": "platform",
      "prefix": true,
      "slug": "slug",
      "updated_at": "2019-12-27T18:11:19.117Z",
      "zone_id": "zone_id",
      "application": {
        "id": "id",
        "consent": "implicit",
        "created_at": "2019-12-27T18:11:19.117Z",
        "dependencies_count": 0,
        "identifier": "x",
        "name": "x",
        "organization_id": "organization_id",
        "owner_type": "platform",
        "slug": "slug",
        "updated_at": "2019-12-27T18:11:19.117Z",
        "zone_id": "zone_id",
        "description": "description",
        "metadata": {
          "docs_url": "https://example.com"
        },
        "protocols": {
          "oauth2": {
            "post_logout_redirect_uris": [
              "https://example.com"
            ],
            "redirect_uris": [
              "https://example.com"
            ]
          }
        }
      },
      "application_id": "application_id",
      "credential_lifetime_seconds": 60,
      "credential_provider": {
        "id": "id",
        "created_at": "2019-12-27T18:11:19.117Z",
        "identifier": "x",
        "name": "x",
        "organization_id": "organization_id",
        "owner_type": "platform",
        "slug": "slug",
        "updated_at": "2019-12-27T18:11:19.117Z",
        "zone_id": "zone_id",
        "client_id": "client_id",
        "client_secret_set": true,
        "description": "description",
        "metadata": {},
        "protocols": {
          "oauth2": {
            "issuer": "https://example.com",
            "authorization_endpoint": "https://example.com",
            "authorization_parameters": {
              "foo": "string"
            },
            "authorization_resource_enabled": true,
            "authorization_resource_parameter": "authorization_resource_parameter",
            "code_challenge_methods_supported": [
              "string"
            ],
            "jwks_uri": "https://example.com",
            "registration_endpoint": "https://example.com",
            "scope_parameter": "scope_parameter",
            "scope_separator": "scope_separator",
            "scopes_supported": [
              "string"
            ],
            "token_endpoint": "https://example.com",
            "token_response_access_token_pointer": "token_response_access_token_pointer"
          },
          "openid": {
            "scopes": [
              "string"
            ],
            "user_identifier_claim": "user_identifier_claim",
            "userinfo_endpoint": "https://example.com"
          }
        },
        "type": "external"
      },
      "credential_provider_id": "credential_provider_id",
      "description": "description",
      "metadata": {
        "docs_url": "https://example.com"
      },
      "scopes": [
        "string"
      ],
      "when_accessing": [
        "string"
      ]
    }
  ],
  "page_info": {
    "has_next_page": true,
    "has_previous_page": true,
    "end_cursor": "end_cursor",
    "start_cursor": "start_cursor"
  },
  "pagination": {
    "after_cursor": "x",
    "before_cursor": "x",
    "total_count": 0
  }
}

Returns Examples

{
  "items": [
    {
      "id": "id",
      "application_type": "native",
      "created_at": "2019-12-27T18:11:19.117Z",
      "identifier": "x",
      "name": "x",
      "organization_id": "organization_id",
      "owner_type": "platform",
      "prefix": true,
      "slug": "slug",
      "updated_at": "2019-12-27T18:11:19.117Z",
      "zone_id": "zone_id",
      "application": {
        "id": "id",
        "consent": "implicit",
        "created_at": "2019-12-27T18:11:19.117Z",
        "dependencies_count": 0,
        "identifier": "x",
        "name": "x",
        "organization_id": "organization_id",
        "owner_type": "platform",
        "slug": "slug",
        "updated_at": "2019-12-27T18:11:19.117Z",
        "zone_id": "zone_id",
        "description": "description",
        "metadata": {
          "docs_url": "https://example.com"
        },
        "protocols": {
          "oauth2": {
            "post_logout_redirect_uris": [
              "https://example.com"
            ],
            "redirect_uris": [
              "https://example.com"
            ]
          }
        }
      },
      "application_id": "application_id",
      "credential_lifetime_seconds": 60,
      "credential_provider": {
        "id": "id",
        "created_at": "2019-12-27T18:11:19.117Z",
        "identifier": "x",
        "name": "x",
        "organization_id": "organization_id",
        "owner_type": "platform",
        "slug": "slug",
        "updated_at": "2019-12-27T18:11:19.117Z",
        "zone_id": "zone_id",
        "client_id": "client_id",
        "client_secret_set": true,
        "description": "description",
        "metadata": {},
        "protocols": {
          "oauth2": {
            "issuer": "https://example.com",
            "authorization_endpoint": "https://example.com",
            "authorization_parameters": {
              "foo": "string"
            },
            "authorization_resource_enabled": true,
            "authorization_resource_parameter": "authorization_resource_parameter",
            "code_challenge_methods_supported": [
              "string"
            ],
            "jwks_uri": "https://example.com",
            "registration_endpoint": "https://example.com",
            "scope_parameter": "scope_parameter",
            "scope_separator": "scope_separator",
            "scopes_supported": [
              "string"
            ],
            "token_endpoint": "https://example.com",
            "token_response_access_token_pointer": "token_response_access_token_pointer"
          },
          "openid": {
            "scopes": [
              "string"
            ],
            "user_identifier_claim": "user_identifier_claim",
            "userinfo_endpoint": "https://example.com"
          }
        },
        "type": "external"
      },
      "credential_provider_id": "credential_provider_id",
      "description": "description",
      "metadata": {
        "docs_url": "https://example.com"
      },
      "scopes": [
        "string"
      ],
      "when_accessing": [
        "string"
      ]
    }
  ],
  "page_info": {
    "has_next_page": true,
    "has_previous_page": true,
    "end_cursor": "end_cursor",
    "start_cursor": "start_cursor"
  },
  "pagination": {
    "after_cursor": "x",
    "before_cursor": "x",
    "total_count": 0
  }
}