API Reference
Start typing to search…

Update an application

patch https://project-api.zapehr.com/v1/application/

Update the Application with the provided ID. Applications provide authentication in front of the web and mobile apps you build on Oystehr.

Access Policy Action: App:UpdateApplication
Access Policy Resource: App:Application

Log in to see full request history
Path Params
uuid
required

ID of the application

Body Params
string

The name of the Application. This value is displayed to end users on the hosted login screen.

string

A description of the application to help you differentiate it from other applications in the project. This value is not displayed to end users.

url

When a user accesses the hosted login screen directly instead of being redirected to it from your application, Oystehr detects this condition and redirects the user to the loginRedirectUri to get them back on track. The loginRedirectUri must be a route in your application that redirects to the 'https://auth.zapehr.com/authorize' endpoint. This typically looks like, 'https://example.com/login'.

boolean

When true, users can authenticate to the Application with their email address.

allowedCallbackUrls
array of urls

The list of allowed callback URLs for the Application. When a user completes authentication on the hosted login screen, they are redirected back to the app that prompted the authentication. Because the callback URL can be tampered with, as a security measure, Oystehr only redirects to callback URLs which are listed here. allowedCallbackUrls may be an empty array.

allowedCallbackUrls
allowedLogoutUrls
array of urls

The list of allowed logout URLs for the Application. After a logout is completed, a user will be redirected to a URL specified with the logout request. Because the logout redirect URL can be tampered with, as a security measure, Oystehr only redirects to logout redirect URLs which are listed here. allowedLogoutUrls may be an empty array.

allowedLogoutUrls
allowedWebOriginsUrls
array of urls

The list of allowed web origins URLs for the Application. Any domain that needs to be able to initiate a login must be listed here. These URLs must not include any path or query strings (e.g. 'https://docs.oystehr.com'). An asterisk may be used as a wildcard placeholder for subdomains (e.g. https://*.oystehr.com). allowedWebOriginsUrls may be an empty array.

allowedWebOriginsUrls
allowedCORSOriginsUrls
array of urls

The allowed CORS origins urls for the Application. Any domain that needs to be able to make requests from browser JavaScript to our identity provider APIs must be listed here. These URLs must not include any path or query strings (e.g. 'https://docs.oystehr.com'). By default, all domains from allowedCallbackUrls are allowed. allowedCORSOriginsUrls may be an empty array.

allowedCORSOriginsUrls
boolean

When true, users can authenticate to the Application with 'passwordless SMS'. With passwordless SMS, users enter their phone number and receive a one-time code via SMS to authenticate. Users enter the code on the login screen to complete authentication.

boolean

When true, users will be prompted to enter a code from A TOTP-MFA application after they authenticate with their first form of authentication.

boolean

When true, an invitation email is automatically sent to users who are invited to the Application. This email contains Oystehr branding, so it is recommended to set this to 'false' and send your own invitation email for production use.

url

The URL of your application's logo. This logo is displayed on the hosted login screen. The recommended size for this asset is 150px x 150px.

boolean

When true, a refresh token will be provided to a user during authorization.

Responses

Updated about 1 month ago

Did this page help you?
Language
Credentials
Click Try It! to start a request and see the response here! Or choose an example:
application/json

Updated about 1 month ago

Did this page help you?