Applications

List application credentials

API Reference

Zones

Applications

List application credentials

client.zones.applications.listCredentials(, , ?): ApplicationListCredentialsResponse { items, page_info, pagination }

GET/zones/{zoneId}/applications/{id}/application-credentials

Returns a list of application credentials for a specific application

ParametersExpand Collapse

id: string

params: ApplicationListCredentialsParams { zoneId, after, before, 3 more }

zoneId: string

Path param

after?: string

Query param: Cursor for forward pagination

minLength1

maxLength255

before?: string

Query param: Cursor for backward pagination

minLength1

maxLength255

cursor?: string

Query param

expand?: "total_count" | Array<"total_count">

Query param

Accepts one of the following:

"total_count"

Array<"total_count">

"total_count"

limit?: number

Query param: Maximum number of items to return

minimum1

maximum100

ReturnsExpand Collapse

ApplicationListCredentialsResponse { items, page_info, pagination }

items: Array<Credential>

Accepts one of the following:

Token extends BaseFields { id, application_id, created_at, 5 more } { identifier, provider_id, type, 2 more }

Token-based application credential

identifier: string

Identifier for this credential. For token type, this equals the subject value, or '*' when subject is not specified.

provider_id: string

ID of the provider issuing tokens verified by this credential

type: "token"

Deprecatedprovider?: Provider { id, created_at, identifier, 11 more }

A Provider is a system that supplies access to Resources and allows actors (Users or Applications) to authenticate.

id: string

Unique identifier of the provider

created_at: string

Entity creation timestamp

formatdate-time

identifier: string

User specified identifier, unique within the zone

minLength1

maxLength2048

name: string

Human-readable name

minLength1

maxLength255

organization_id: string

Organization that owns this provider

slug: string

URL-safe identifier, unique within the zone

minLength1

maxLength63

updated_at: string

Entity update timestamp

formatdate-time

zone_id: string

Zone this provider belongs to

client_id?: string | null

OAuth 2.0 client identifier

client_secret_set?: boolean

Indicates whether a client secret is configured

description?: string | null

Human-readable description

maxLength2048

metadata?: unknown

Provider metadata

protocols?: Protocols | null

Protocol-specific configuration

oauth2?: Oauth2 | null

OAuth 2.0 protocol configuration

issuer: string

OIDC issuer URL used for discovery and token validation.

formaturi

authorization_endpoint?: string | null

formaturi

authorization_parameters?: Record<string, string> | null

Custom query parameters appended to authorization redirect URLs. Use for non-standard providers (e.g. Google prompt=consent, access_type=offline).

authorization_resource_enabled?: boolean | null

Whether to include the resource parameter in authorization requests.

authorization_resource_parameter?: string | null

The resource parameter value to include in authorization requests. Defaults to "resource" when authorization_resource_enabled is true.

code_challenge_methods_supported?: Array<string> | null

jwks_uri?: string | null

formaturi

registration_endpoint?: string | null

formaturi

scope_parameter?: string | null

The query parameter name for scopes in authorization requests. Defaults to "scope". Slack v2 uses "user_scope".

scope_separator?: string | null

The separator character for scope values. Defaults to " " (space). Slack v2 uses ",".

scopes_supported?: Array<string> | null

token_endpoint?: string | null

formaturi

token_response_access_token_pointer?: string | null

Dot-separated path to the access token in the token response body. Defaults to "access_token". Slack v2 uses "authed_user.access_token".

openid?: Openid | null

OpenID Connect protocol configuration

scopes?: Array<string> | null

Additional OIDC scopes to request from this provider during authentication (e.g. "groups"). Merged with the default scopes (openid, profile, email).

user_identifier_claim?: string | null

Name of a top-level string claim in this provider's ID Token to use as the user identifier on user creation. When not set, the user's Keycard ID is used.

userinfo_endpoint?: string | null

formaturi

type?: "external" | "keycard-vault" | "keycard-sts"

Accepts one of the following:

"external"

"keycard-vault"

"keycard-sts"

subject?: string | null

Subject identifier for the token. When null or omitted, any token from the provider is accepted without checking application-specific claims.

Password extends BaseFields { id, application_id, created_at, 5 more } { identifier, type, password }

Password-based application credential

identifier: string

Username for password credential, also used as OAuth 2.0 client ID

type: "password"

password?: string

Password for credential (only returned on creation, store securely), also used as OAuth 2.0 client secret

PublicKey extends BaseFields { id, application_id, created_at, 5 more } { identifier, jwks_uri, type }

Public key-based application credential

identifier: string

Client ID for public key credential, also used as OAuth 2.0 client ID

jwks_uri: string

JWKS URI to retrieve public keys from

formaturi

type: "public-key"

URL extends BaseFields { id, application_id, created_at, 5 more } { identifier, type }

URL-based application credential

identifier: string

URL of the credential (must be a valid URL)

formaturi

type: "url"

Public extends BaseFields { id, application_id, created_at, 5 more } { identifier, type }

Public credential (no secret storage)

identifier: string

Identifier for public credential, also used as OAuth 2.0 client ID

type: "public"

page_info: PageInfoPagination { has_next_page, has_previous_page, end_cursor, start_cursor }

Pagination information

has_next_page: boolean

Whether there are more items after the current page

has_previous_page: boolean

Whether there are items before the current page

end_cursor?: string | null

Cursor pointing to the last item in the current page

start_cursor?: string | null

Cursor pointing to the first item in the current page

pagination: Pagination { after_cursor, before_cursor, total_count }

Cursor-based pagination metadata

after_cursor: string | null

An opaque cursor used for paginating through a list of results

minLength1

maxLength255

before_cursor: string | null

An opaque cursor used for paginating through a list of results

minLength1

maxLength255

total_count?: number

Total number of items matching the query. Only included when expand[]=total_count is requested.

List application credentials

import KeycardAPI from '@keycardai/api';

const client = new KeycardAPI();

const response = await client.zones.applications.listCredentials('id', { zoneId: 'zoneId' });

console.log(response.items);

{
  "items": [
    {
      "id": "id",
      "application_id": "application_id",
      "created_at": "2019-12-27T18:11:19.117Z",
      "organization_id": "organization_id",
      "slug": "slug",
      "updated_at": "2019-12-27T18:11:19.117Z",
      "zone_id": "zone_id",
      "application": {
        "id": "id",
        "consent": "implicit",
        "created_at": "2019-12-27T18:11:19.117Z",
        "dependencies_count": 0,
        "identifier": "x",
        "name": "x",
        "organization_id": "organization_id",
        "slug": "slug",
        "updated_at": "2019-12-27T18:11:19.117Z",
        "zone_id": "zone_id",
        "description": "description",
        "metadata": {
          "docs_url": "https://example.com"
        },
        "protocols": {
          "oauth2": {
            "post_logout_redirect_uris": [
              "https://example.com"
            ],
            "redirect_uris": [
              "https://example.com"
            ]
          }
        }
      },
      "identifier": "identifier",
      "provider_id": "provider_id",
      "type": "token",
      "provider": {
        "id": "id",
        "created_at": "2019-12-27T18:11:19.117Z",
        "identifier": "x",
        "name": "x",
        "organization_id": "organization_id",
        "slug": "slug",
        "updated_at": "2019-12-27T18:11:19.117Z",
        "zone_id": "zone_id",
        "client_id": "client_id",
        "client_secret_set": true,
        "description": "description",
        "metadata": {},
        "protocols": {
          "oauth2": {
            "issuer": "https://example.com",
            "authorization_endpoint": "https://example.com",
            "authorization_parameters": {
              "foo": "string"
            },
            "authorization_resource_enabled": true,
            "authorization_resource_parameter": "authorization_resource_parameter",
            "code_challenge_methods_supported": [
              "string"
            ],
            "jwks_uri": "https://example.com",
            "registration_endpoint": "https://example.com",
            "scope_parameter": "scope_parameter",
            "scope_separator": "scope_separator",
            "scopes_supported": [
              "string"
            ],
            "token_endpoint": "https://example.com",
            "token_response_access_token_pointer": "token_response_access_token_pointer"
          },
          "openid": {
            "scopes": [
              "string"
            ],
            "user_identifier_claim": "user_identifier_claim",
            "userinfo_endpoint": "https://example.com"
          }
        },
        "type": "external"
      },
      "subject": "subject"
    }
  ],
  "page_info": {
    "has_next_page": true,
    "has_previous_page": true,
    "end_cursor": "end_cursor",
    "start_cursor": "start_cursor"
  },
  "pagination": {
    "after_cursor": "x",
    "before_cursor": "x",
    "total_count": 0
  }
}

Returns Examples

{
  "items": [
    {
      "id": "id",
      "application_id": "application_id",
      "created_at": "2019-12-27T18:11:19.117Z",
      "organization_id": "organization_id",
      "slug": "slug",
      "updated_at": "2019-12-27T18:11:19.117Z",
      "zone_id": "zone_id",
      "application": {
        "id": "id",
        "consent": "implicit",
        "created_at": "2019-12-27T18:11:19.117Z",
        "dependencies_count": 0,
        "identifier": "x",
        "name": "x",
        "organization_id": "organization_id",
        "slug": "slug",
        "updated_at": "2019-12-27T18:11:19.117Z",
        "zone_id": "zone_id",
        "description": "description",
        "metadata": {
          "docs_url": "https://example.com"
        },
        "protocols": {
          "oauth2": {
            "post_logout_redirect_uris": [
              "https://example.com"
            ],
            "redirect_uris": [
              "https://example.com"
            ]
          }
        }
      },
      "identifier": "identifier",
      "provider_id": "provider_id",
      "type": "token",
      "provider": {
        "id": "id",
        "created_at": "2019-12-27T18:11:19.117Z",
        "identifier": "x",
        "name": "x",
        "organization_id": "organization_id",
        "slug": "slug",
        "updated_at": "2019-12-27T18:11:19.117Z",
        "zone_id": "zone_id",
        "client_id": "client_id",
        "client_secret_set": true,
        "description": "description",
        "metadata": {},
        "protocols": {
          "oauth2": {
            "issuer": "https://example.com",
            "authorization_endpoint": "https://example.com",
            "authorization_parameters": {
              "foo": "string"
            },
            "authorization_resource_enabled": true,
            "authorization_resource_parameter": "authorization_resource_parameter",
            "code_challenge_methods_supported": [
              "string"
            ],
            "jwks_uri": "https://example.com",
            "registration_endpoint": "https://example.com",
            "scope_parameter": "scope_parameter",
            "scope_separator": "scope_separator",
            "scopes_supported": [
              "string"
            ],
            "token_endpoint": "https://example.com",
            "token_response_access_token_pointer": "token_response_access_token_pointer"
          },
          "openid": {
            "scopes": [
              "string"
            ],
            "user_identifier_claim": "user_identifier_claim",
            "userinfo_endpoint": "https://example.com"
          }
        },
        "type": "external"
      },
      "subject": "subject"
    }
  ],
  "page_info": {
    "has_next_page": true,
    "has_previous_page": true,
    "end_cursor": "end_cursor",
    "start_cursor": "start_cursor"
  },
  "pagination": {
    "after_cursor": "x",
    "before_cursor": "x",
    "total_count": 0
  }
}