Applications

The Applications API allows you to programmatically manage Connect Applications and their associated client secrets.

WorkOS Connect supports two types of applications: OAuth and Machine-to-Machine M2M.

OAuth Applications

OAuth applications are designed for web, mobile, desktop, and CLI applications where a user needs to authenticate.

cURL

 {
  "object": "connect_application",
  "id": "app_01J9Q2Z3X4Y5W6V7U8T9S0R1Q",
  "client_id": "client_01J9Q2Z3X4Y5W6V7U8T9S0R1Q",
  "name": "My Application",
  "description": "Application description",
  "application_type": "oauth",
  "redirect_uris": [
    {
      "uri": "https://example.com/callback",
      "default": true
    }
  ],
  "uses_pkce": false,
  "is_first_party": true,
  "scopes": ["example-permission:read", "example-permission:write"],
  "created_at": "2024-01-15T12:30:00.000Z",
  "updated_at": "2024-01-15T12:30:00.000Z"
}

 {
  "object": "connect_application",
  "id": "app_01J9Q2Z3X4Y5W6V7U8T9S0R1Q",
  "client_id": "client_01J9Q2Z3X4Y5W6V7U8T9S0R1Q",
  "name": "My Application",
  "description": "Application description",
  "application_type": "oauth",
  "redirect_uris": [
    {
      "uri": "https://example.com/callback",
      "default": true
    }
  ],
  "uses_pkce": false,
  "is_first_party": false,
  "was_dynamically_registered": false,
  "organization_id": "org_01J9Q2Z3X4Y5W6V7U8T9S0R1Q",
  "scopes": ["example-permission:read", "example-permission:write"],
  "created_at": "2024-01-15T12:30:00.000Z",
  "updated_at": "2024-01-15T12:30:00.000Z"
}

 {
  "object": "connect_application",
  "id": "app_01J9Q2Z3X4Y5W6V7U8T9S0R1Q",
  "client_id": "client_01J9Q2Z3X4Y5W6V7U8T9S0R1Q",
  "name": "My Application",
  "description": "Application description",
  "application_type": "oauth",
  "redirect_uris": [
    {
      "uri": "https://example.com/callback",
      "default": true
    }
  ],
  "uses_pkce": false,
  "is_first_party": false,
  "was_dynamically_registered": true,
  "scopes": [],
  "created_at": "2024-01-15T12:30:00.000Z",
  "updated_at": "2024-01-15T12:30:00.000Z"
}

`OAuth Application`

Machine-to-Machine Applications

M2M applications are designed for server-to-server authentication without user interaction.

M2M Application Example

cURL

 {
  "object": "connect_application",
  "id": "app_01J9Q2Z3X4Y5W6V7U8T9S0R1Q",
  "client_id": "client_01J9Q2Z3X4Y5W6V7U8T9S0R1Q",
  "name": "Backend Service",
  "description": "Machine-to-machine application for API access",
  "application_type": "m2m",
  "organization_id": "org_01J9Q2Z3X4Y5W6V7U8T9S0R1Q",
  "scopes": ["api:read", "api:write", "api:admin"],
  "created_at": "2024-01-15T12:30:00.000Z",
  "updated_at": "2024-01-15T12:30:00.000Z"
}

`M2M Application`

Get a Connect Application

Retrieve details for a specific Connect Application by ID or client ID.

cURL

 curl "https://api.workos.com/connect/applications/conn_app_01HXYZ123456789ABCDEFGHIJ" \
  --header "Authorization: Bearer sk_example_123456789"

 {
  "application_type": "oauth",
  "redirect_uris": [
    {
      "uri": "https://example.com/callback",
      "default": true
    }
  ],
  "uses_pkce": true,
  "is_first_party": true,
  "object": "connect_application",
  "id": "conn_app_01HXYZ123456789ABCDEFGHIJ",
  "client_id": "client_01HXYZ123456789ABCDEFGHIJ",
  "description": "An application for managing user access",
  "name": "My Application",
  "scopes": [
    "openid",
    "profile",
    "email"
  ],
  "created_at": "2026-01-15T12:00:00.000Z",
  "updated_at": "2026-01-15T12:00:00.000Z"
}

GET

`/connect/applications/:id`

`Parameters`

`Returns`

List Connect Applications

List all Connect Applications in the current environment with optional filtering.

cURL

 curl "https://api.workos.com/connect/applications" \
  --header "Authorization: Bearer sk_example_123456789"

 {
  "object": "list",
  "data": [
    {
      "application_type": "oauth",
      "redirect_uris": [
        {
          "uri": "https://example.com/callback",
          "default": true
        }
      ],
      "uses_pkce": true,
      "is_first_party": true,
      "object": "connect_application",
      "id": "conn_app_01HXYZ123456789ABCDEFGHIJ",
      "client_id": "client_01HXYZ123456789ABCDEFGHIJ",
      "description": "An application for managing user access",
      "name": "My Application",
      "scopes": [
        "openid",
        "profile",
        "email"
      ],
      "created_at": "2026-01-15T12:00:00.000Z",
      "updated_at": "2026-01-15T12:00:00.000Z"
    }
  ],
  "list_metadata": {
    "before": "conn_app_01HXYZ123456789ABCDEFGHIJ",
    "after": "conn_app_01HXYZ987654321KJIHGFEDCBA"
  }
}

GET

`/connect/applications`

`Parameters`

`Returns` `object`

Create a Connect Application

Create a new Connect Application. Supports both OAuth and Machine-to-Machine (M2M) application types.

cURL

 curl -X POST https://api.workos.com/connect/applications \
  --header "Authorization: Bearer sk_example_123456789" \
  --header "Content-Type: application/json" \
  --data '{
    "name": "My OAuth App",
    "application_type": "oauth",
    "description": "Customer-facing OAuth application",
    "redirect_uris": [
      {
        "uri": "https://example.com/callback",
        "default": true
      }
    ],
    "uses_pkce": false,
    "is_first_party": false,
    "organization_id": "org_01J9Q2Z3X4Y5W6V7U8T9S0R1Q",
    "scopes": ["example-permission:write"]
  }'

 curl -X POST https://api.workos.com/connect/applications \
  --header "Authorization: Bearer sk_example_123456789" \
  --header "Content-Type: application/json" \
  --data '{
    "name": "My M2M App",
    "application_type": "m2m",
    "description": "Backend service application",
    "organization_id": "org_01J9Q2Z3X4Y5W6V7U8T9S0R1Q",
    "scopes": ["api:read", "api:write"]
  }'

 {
  "application_type": "oauth",
  "redirect_uris": [
    {
      "uri": "https://example.com/callback",
      "default": true
    }
  ],
  "uses_pkce": true,
  "is_first_party": true,
  "object": "connect_application",
  "id": "conn_app_01HXYZ123456789ABCDEFGHIJ",
  "client_id": "client_01HXYZ123456789ABCDEFGHIJ",
  "description": "An application for managing user access",
  "name": "My Application",
  "scopes": [
    "openid",
    "profile",
    "email"
  ],
  "created_at": "2026-01-15T12:00:00.000Z",
  "updated_at": "2026-01-15T12:00:00.000Z"
}

POST

`/connect/applications`

`Returns`

Update a Connect Application

Update an existing Connect Application. For OAuth applications, you can update redirect URIs. For all applications, you can update the name, description, and scopes.

cURL

 curl --request PUT \
  --url "https://api.workos.com/connect/applications/conn_app_01HXYZ123456789ABCDEFGHIJ" \
  --header "Authorization: Bearer sk_example_123456789" \
  --header "Content-Type: application/json" \
  -d @- <<'BODY'
    {
        "name": "My Application",
        "description": "An application for managing user access",
        "scopes": [
            "openid",
            "profile",
            "email"
        ],
        "redirect_uris": [
            {
                "uri": "https://example.com/callback",
                "default": true
            }
        ]
    }
BODY

 {
  "application_type": "oauth",
  "redirect_uris": [
    {
      "uri": "https://example.com/callback",
      "default": true
    }
  ],
  "uses_pkce": true,
  "is_first_party": true,
  "object": "connect_application",
  "id": "conn_app_01HXYZ123456789ABCDEFGHIJ",
  "client_id": "client_01HXYZ123456789ABCDEFGHIJ",
  "description": "An application for managing user access",
  "name": "My Application",
  "scopes": [
    "openid",
    "profile",
    "email"
  ],
  "created_at": "2026-01-15T12:00:00.000Z",
  "updated_at": "2026-01-15T12:00:00.000Z"
}

PUT

`/connect/applications/:id`

`Parameters`

`Returns`

Delete a Connect Application

Delete an existing Connect Application.

Request

cURL

 curl -X DELETE https://api.workos.com/connect/applications/app_01J9Q2Z3X4Y5W6V7U8T9S0R1Q \
  --header "Authorization: Bearer sk_example_123456789"

DELETE

`/connect/applications/:id`

`Parameters`

`Returns`

Client secrets Continue to the next section

Up next

Applications

OAuth Applications

OAuth Application

object: "connect_application"

id: string

client_id: string

name: string

description?: string

application_type: "oauth"

redirect_uris: array

uses_pkce: boolean

is_first_party: boolean

was_dynamically_registered?: boolean

organization_id?: string

scopes: string[]

created_at: string

updated_at: string

Machine-to-Machine Applications

M2M Application

object: "connect_application"

id: string

client_id: string

name: string

description?: string

application_type: "m2m"

organization_id: string

scopes: string[]

created_at: string

updated_at: string

Get a Connect Application

/connect/applications/:id

Parameters

id: string

Returns

connect_application: object

List Connect Applications

/connect/applications

Parameters

before?: string

after?: string

limit?: integer

order?: "normal" | "desc" | "asc"

organization_id?: string

Returns object

object: "list"

data: object[]

list_metadata: object

Create a Connect Application

/connect/applications

name: string

application_type: "oauth" | "m2m"

description?: string

scopes?: string[]

redirect_uris?: object[]

uses_pkce?: boolean

is_first_party: boolean

organization_id?: string

Returns

connect_application: object

Update a Connect Application

/connect/applications/:id

name?: string

description?: string

scopes?: string[]

redirect_uris?: object[]

Parameters

id: string

Returns

connect_application: object

Delete a Connect Application

/connect/applications/:id

Parameters

id: string

Returns

empty: empty

`OAuth Application`

`M2M Application`

`/connect/applications/:id`

`Parameters`

`Returns`

`/connect/applications`

`Parameters`

`Returns` `object`

`/connect/applications`

`Returns`

`/connect/applications/:id`

`Parameters`

`Returns`

`/connect/applications/:id`

`Parameters`

`Returns`