2020-01-01 22:37:59 +01:00
---
title: apps
description: Register client applications that can be used to obtain OAuth tokens.
menu:
docs:
weight: 10
parent: methods
identifier: methods-apps
---
{{< api-method method = "post" host = "https://mastodon.example" path = "/api/v1/apps" title = "Create an application" > }}
{{< api-method-description > }}
Create a new application to obtain OAuth2 credentials.
**Returns:** Application, with `client_id` and `client_secret` \
**OAuth:** Public\
2020-12-27 07:03:55 +01:00
**Version history:**\
0.0.0 - added\
2.7.2 - now returns `vapid_key`
2020-01-01 22:37:59 +01:00
{{< endapi-method-description > }}
{{< api-method-spec > }}
{{< api-method-request > }}
{{< api-method-form-data-parameters > }}
{{< api-method-parameter name = "client_name" type = "string" required = true > }}
A name for your application
{{< endapi-method-parameter > }}
{{< api-method-parameter name = "redirect_uris" type = "string" required = true > }}
Where the user should be redirected after authorization. To display the authorization code to the user instead of redirecting to a web page, use `urn:ietf:wg:oauth:2.0:oob` in this parameter.
{{< endapi-method-parameter > }}
{{< api-method-parameter name = "scopes" type = "string" required = false > }}
Space separated list of scopes. If none is provided, defaults to `read` .
{{< endapi-method-parameter > }}
{{< api-method-parameter name = "website" type = "string" required = false > }}
A URL to the homepage of your app
{{< endapi-method-parameter > }}
{{< endapi-method-form-data-parameters > }}
{{< endapi-method-request > }}
{{< api-method-response > }}
{{< api-method-response-example httpCode = 200 > }}
{{< api-method-response-example-description > }}
Store the `client_id` and `client_secret` in your cache, as these will be used to obtain OAuth tokens.
{{< endapi-method-response-example-description > }}
```javascript
{
"id": "563419",
"name": "test app",
"website": null,
"redirect_uri": "urn:ietf:wg:oauth:2.0:oob",
"client_id": "TWhM-tNSuncnqN7DBJmoyeLnk6K3iJJ71KKXxgL1hPM",
"client_secret": "ZEaFUFmF0umgBX1qKJDjaU99Q31lDkOU8NutzTOoliw",
"vapid_key": "BCk-QqERU0q-CfYZjcuB6lnyyOYfJ2AifKqfeGIm7Z-HiTU5T9eTG5GxVA0_OH5mMlI4UkkDTpaZwozy0TzdZ2M="
}
```
{{< endapi-method-response-example > }}
{{< api-method-response-example httpCode = 422 > }}
{{< api-method-response-example-description > }}
If a required parameter is missing or improperly formatted, the request will fail.
{{< endapi-method-response-example-description > }}
```javascript
{
"error": "Validation failed: Redirect URI must be an absolute URI."
}
```
{{< endapi-method-response-example > }}
{{< endapi-method-response > }}
{{< endapi-method-spec > }}
{{< endapi-method > }}
{{< api-method method = "get" host = "https://mastodon.example" path = "/api/v1/apps/verify_credentials" title = "Verify your app works" > }}
{{< api-method-description > }}
Confirm that the app's OAuth2 credentials work.
**Returns:** Application\
**OAuth level:** App token\
2020-12-27 07:03:55 +01:00
**Version history:**\
2.0.0 - added\
2.7.2 - now returns `vapid_key`
2020-01-01 22:37:59 +01:00
{{< endapi-method-description > }}
{{< api-method-spec > }}
{{< api-method-request > }}
{{< api-method-headers > }}
{{< api-method-parameter name = "Authorization" type = "string" required = true > }}
Bearer < app token>
{{< endapi-method-parameter > }}
{{< endapi-method-headers > }}
{{< endapi-method-request > }}
{{< api-method-response > }}
{{< api-method-response-example httpCode = 200 > }}
{{< api-method-response-example-description > }}
If the Authorization header was provided with a valid token, you should see your app returned as an Application entity.
{{< endapi-method-response-example-description > }}
```javascript
{
"name": "test app",
"website": null,
"vapid_key": "BCk-QqERU0q-CfYZjcuB6lnyyOYfJ2AifKqfeGIm7Z-HiTU5T9eTG5GxVA0_OH5mMlI4UkkDTpaZwozy0TzdZ2M="
}
```
{{< endapi-method-response-example > }}
{{< api-method-response-example httpCode = 401 > }}
{{< api-method-response-example-description > }}
If the Authorization header contains an invalid token, is malformed, or is not present, an error will be returned indicating an authorization failure.
{{< endapi-method-response-example-description > }}
```javascript
{
"error": "The access token is invalid"
}
```
{{< endapi-method-response-example > }}
{{< endapi-method-response > }}
{{< endapi-method-spec > }}
{{< endapi-method > }}