zelo72/documentation
1
0
Fork 0
mirror of https://github.com/mastodon/documentation synced 2025-04-11 22:56:17 +02:00
Code Issues 6 Releases Wiki Activity
documentation/content/en/methods/apps.md
trwnh ffbe66a389
Update content for 4.0, part 2 (#1060) 
* fix relrefs around trends and related entities

* revert moving caption-links to middle of page

* hide empty menu in table of contents

* clarify edit notifs are only for boosted statuses

* following/followers no longer need auth

* fix typo

* specify cooldown period for account Move

* use the correct cooldown

* add missing parameters to accounts/id/statuses

* link to account_statuses_filter.rb

* fix typo (#1072)

* fix typo (#1073)

* fix link to http sig spec (#1067)

* simply HTTP request examples in api methods docs

* add missing client_secret to oauth/token (#1062)

* Add any, all, none to hashtag timeline

* minor formatting changes

* Update signature requirements and advice

* fix public key -> private key

* clarify use of RSA with SHA256

* Add note about saving your profile after adding rel-me link

* v2 filters api

* comment out params that shouldn't be used in v2 filter api

* admin trends

* remove old todo

* canonical email blocks + scheduled statuses

* remove under-construction warnings from finished pages

* verify api method params with source code

* fix typo (#1088)

* fix broken caption-links (#1100)

* fix formatting of entities (#1094)

* Remove keybase section from user guide (#1093)

* fix typos (#1092)

* Verify limits are accurate (#1086)

* add mention of iframe limitation (#1084)

* Add CORS header to WEB_DOMAIN example (#1083)

* Fix typo (#1081)

* pin http sigs spec at draft 8

* Revert "pin http sigs spec at draft 8"

This reverts commit 9fd5f7032b69b29e77599dd62adfe8d2f5cd4f20.

* add case sensitivity warning to 4.0 roles

* Add url length note to bio (#1087)

* remove follow scope from examples (#1103)

* clarify usage of update_credentials to update profile fields

* add noindex to Account entitity

* remove required hint from technically not required property
2022-12-14 22:55:30 +01:00

128 lines
3.2 KiB
Markdown
Raw Blame History

---
title: apps API methods
description: Register client applications that can be used to obtain OAuth tokens.
menu:
docs:
weight: 10
name: apps
parent: methods
identifier: methods-apps
aliases: [
"/methods/apps",
"/api/methods/apps",
]
---
<style>
#TableOfContents ul ul ul {display: none}
</style>
## Create an application {#create}
```http
POST /api/v1/apps HTTP/1.1
```
Create a new application to obtain OAuth2 credentials.
**Returns:** [Application]({{< relref "entities/Application" >}})\
**OAuth:** Public\
**Version history:**\
0.0.0 - added\
2.7.2 - now returns `vapid_key`
#### Request
##### Form data parameters
client_name
: {{<required>}} String. A name for your application
redirect_uris
: {{<required>}} String. Where the user should be redirected after authorization. To display the authorization code to the user instead of redirecting to a web page, use `urn:ietf:wg:oauth:2.0:oob` in this parameter.
scopes
: String. Space separated list of scopes. If none is provided, defaults to `read`. See [OAuth Scopes]({{< relref "api/oauth-scopes" >}}) for a list of possible scopes.
website
: String. A URL to the homepage of your app
#### Response
##### 200: OK
Store the `client_id` and `client_secret` in your cache, as these will be used to obtain OAuth tokens.
```json
{
"id": "563419",
"name": "test app",
"website": null,
"redirect_uri": "urn:ietf:wg:oauth:2.0:oob",
"client_id": "TWhM-tNSuncnqN7DBJmoyeLnk6K3iJJ71KKXxgL1hPM",
"client_secret": "ZEaFUFmF0umgBX1qKJDjaU99Q31lDkOU8NutzTOoliw",
"vapid_key": "BCk-QqERU0q-CfYZjcuB6lnyyOYfJ2AifKqfeGIm7Z-HiTU5T9eTG5GxVA0_OH5mMlI4UkkDTpaZwozy0TzdZ2M="
}
```
##### 422: Unprocessable entity
If a required parameter is missing or improperly formatted, the request will fail.
```json
{
"error": "Validation failed: Redirect URI must be an absolute URI."
}
```
---
## Verify your app works {#verify_credentials}
```http
GET /api/v1/apps/verify_credentials HTTP/1.1
```
Confirm that the app's OAuth2 credentials work.
**Returns:** [Application]({{< relref "entities/application" >}}), but without `client_id` or `client_secret`\
**OAuth level:** App token\
**Version history:**\
2.0.0 - added\
2.7.2 - now returns `vapid_key`
#### Request
##### Headers
Authorization
: {{<required>}} Provide this header with `Bearer <user token>` to gain authorized access to this API method.
#### Response
##### 200: OK
If the Authorization header was provided with a valid token, you should see your app returned as an Application entity.
```json
{
"name": "test app",
"website": null,
"vapid_key": "BCk-QqERU0q-CfYZjcuB6lnyyOYfJ2AifKqfeGIm7Z-HiTU5T9eTG5GxVA0_OH5mMlI4UkkDTpaZwozy0TzdZ2M="
}
```
##### 401: Unauthorized
If the Authorization header contains an invalid token, is malformed, or is not present, an error will be returned indicating an authorization failure.
```json
{
"error": "The access token is invalid"
}
```
---
## See also
{{< caption-link url="https://github.com/mastodon/mastodon/blob/main/app/controllers/api/v1/apps_controller.rb" caption="app/controllers/api/v1/apps_controller.rb" >}}
{{< caption-link url="https://github.com/mastodon/mastodon/blob/main/app/controllers/api/v1/apps/credentials_controller.rb" caption="app/controllers/api/v1/apps/credentials_controller.rb" >}}
Reference in New Issue View Git Blame Copy Permalink