Create resource | API Reference | Descope Documentation

POST

/v1/mgmt/resource/create

Authorization

Descope Project ID and Management Key

AuthorizationBearer <token>

Project ID:Management Key as bearer token.

In: header

Request Body

application/json

name?string

scopes?object

userAccess?string

clientAccess?string

description?string

uri?string

type?string

dynamicRegistrationSettings?object

DynamicRegistrationSettings groups the DCR/CIMD configuration plus inline client-side defaults for an mcp-typed Resource. Only meaningful when the parent Resource has type=mcp.

When useTemplate is true, the resource MUST reference a non-empty dynamicRegistrationTemplateId, and the client defaults (loginPageURL, sessionSettings, skipConsentScreen, forceAddAllAuthorizationInfo, tags, plus template-only approvedCallbackUrls and logo) are sourced from that template. When useTemplate is false, the inline fields on this message are used directly.

Create a new resource, using a valid management key.

curl -X POST "https://api.descope.com/v1/mgmt/resource/create" \
  -H "Content-Type: application/json" \
  -d '{}'

curl -X POST "https://api.descope.com/v1/mgmt/resource/create" \  -H "Content-Type: application/json" \  -d '{}'

ResponseOK

{
  "resource": {
    "id": "string",
    "version": "string",
    "name": "string",
    "scopes": {
      "permissionsScopes": [
        {
          "name": "string",
          "description": "string",
          "optional": true,
          "values": [
            "string"
          ]
        }
      ],
      "attributesScopes": [
        {
          "name": "string",
          "description": "string",
          "optional": true,
          "values": [
            "string"
          ]
        }
      ],
      "connectionsScopes": [
        {
          "name": "string",
          "description": "string",
          "optional": true,
          "values": [
            "string"
          ]
        }
      ]
    },
    "createdTime": "string",
    "modifiedTime": "string",
    "userAccess": "string",
    "clientAccess": "string",
    "description": "string",
    "uri": "string",
    "type": "string",
    "dynamicRegistrationSettings": {
      "dynamicRegistration": {
        "enabled": true,
        "disableApprovedScopesAsDefault": true,
        "flowId": "string"
      },
      "cimdSettings": {
        "enabled": true,
        "domainPolicies": {
          "policies": [
            {
              "domainPattern": "string",
              "enabled": true
            }
          ]
        }
      },
      "dynamicRegistrationTemplateId": "string",
      "useTemplate": true,
      "loginPageURL": "string",
      "skipConsentScreen": true,
      "forceAddAllAuthorizationInfo": true,
      "tags": [
        "string"
      ],
      "sessionSettings": {
        "enabled": true,
        "refreshTokenExpiration": 0,
        "refreshTokenExpirationUnit": "string",
        "sessionTokenExpiration": 0,
        "sessionTokenExpirationUnit": "string",
        "userTemplateId": "string",
        "keyTemplateId": "string",
        "keySessionTokenExpiration": 0,
        "keySessionTokenExpirationUnit": "string"
      }
    }
  }
}

{  "resource": {    "id": "string",    "version": "string",    "name": "string",    "scopes": {      "permissionsScopes": [        {          "name": "string",          "description": "string",          "optional": true,          "values": [            "string"          ]        }      ],      "attributesScopes": [        {          "name": "string",          "description": "string",          "optional": true,          "values": [            "string"          ]        }      ],      "connectionsScopes": [        {          "name": "string",          "description": "string",          "optional": true,          "values": [            "string"          ]        }      ]    },    "createdTime": "string",    "modifiedTime": "string",    "userAccess": "string",    "clientAccess": "string",    "description": "string",    "uri": "string",    "type": "string",    "dynamicRegistrationSettings": {      "dynamicRegistration": {        "enabled": true,        "disableApprovedScopesAsDefault": true,        "flowId": "string"      },      "cimdSettings": {        "enabled": true,        "domainPolicies": {          "policies": [            {              "domainPattern": "string",              "enabled": true            }          ]        }      },      "dynamicRegistrationTemplateId": "string",      "useTemplate": true,      "loginPageURL": "string",      "skipConsentScreen": true,      "forceAddAllAuthorizationInfo": true,      "tags": [        "string"      ],      "sessionSettings": {        "enabled": true,        "refreshTokenExpiration": 0,        "refreshTokenExpirationUnit": "string",        "sessionTokenExpiration": 0,        "sessionTokenExpirationUnit": "string",        "userTemplateId": "string",        "keyTemplateId": "string",        "keySessionTokenExpiration": 0,        "keySessionTokenExpirationUnit": "string"      }    }  }}

TypeScript

export interface Response {
/**
 * Resource CRUD messages
 */
resource?: {
id?: string
version?: string
name?: string
scopes?: {
permissionsScopes?: {
name?: string
description?: string
optional?: boolean
values?: string[]
}[]
attributesScopes?: {
name?: string
description?: string
optional?: boolean
values?: string[]
}[]
connectionsScopes?: Projectv1[]
}
createdTime?: string
modifiedTime?: string
userAccess?: string
clientAccess?: string
description?: string
uri?: string
type?: string
dynamicRegistrationSettings?: DynamicRegistrationSettings
}
}
/**
 * Keep this message synchronized with the matching one in ManagementService
 */
export interface Projectv1 {
name?: string
description?: string
optional?: boolean
values?: string[]
}
/**
 * DynamicRegistrationSettings groups the DCR/CIMD configuration plus inline
 *  client-side defaults for an mcp-typed Resource. Only meaningful when the
 *  parent Resource has type=mcp.
 * 
 *  When useTemplate is true, the resource MUST reference a non-empty
 *  dynamicRegistrationTemplateId, and the client defaults
 *  (loginPageURL, sessionSettings, skipConsentScreen,
 *  forceAddAllAuthorizationInfo, tags, plus template-only approvedCallbackUrls
 *  and logo) are sourced from that template. When useTemplate is false, the
 *  inline fields on this message are used directly.
 */
export interface DynamicRegistrationSettings {
dynamicRegistration?: Projectv11
cimdSettings?: {
enabled?: boolean
domainPolicies?: CIMDDomainPolicies
}
dynamicRegistrationTemplateId?: string
useTemplate?: boolean
loginPageURL?: string
skipConsentScreen?: boolean
forceAddAllAuthorizationInfo?: boolean
tags?: string[]
sessionSettings?: {
enabled?: boolean
refreshTokenExpiration?: number
refreshTokenExpirationUnit?: string
sessionTokenExpiration?: number
sessionTokenExpirationUnit?: string
userTemplateId?: string
keyTemplateId?: string
keySessionTokenExpiration?: number
keySessionTokenExpirationUnit?: string
}
}
export interface Projectv11 {
enabled?: boolean
disableApprovedScopesAsDefault?: boolean
flowId?: string
}
export interface CIMDDomainPolicies {
policies?: CIMDDomainPolicy[]
}
export interface CIMDDomainPolicy {
domainPattern?: string
enabled?: boolean
}

export interface Response {/** * Resource CRUD messages */resource?: {id?: stringversion?: stringname?: stringscopes?: {permissionsScopes?: {name?: stringdescription?: stringoptional?: booleanvalues?: string[]}[]attributesScopes?: {name?: stringdescription?: stringoptional?: booleanvalues?: string[]}[]connectionsScopes?: Projectv1[]}createdTime?: stringmodifiedTime?: stringuserAccess?: stringclientAccess?: stringdescription?: stringuri?: stringtype?: stringdynamicRegistrationSettings?: DynamicRegistrationSettings}}/** * Keep this message synchronized with the matching one in ManagementService */export interface Projectv1 {name?: stringdescription?: stringoptional?: booleanvalues?: string[]}/** * DynamicRegistrationSettings groups the DCR/CIMD configuration plus inline *  client-side defaults for an mcp-typed Resource. Only meaningful when the *  parent Resource has type=mcp. *  *  When useTemplate is true, the resource MUST reference a non-empty *  dynamicRegistrationTemplateId, and the client defaults *  (loginPageURL, sessionSettings, skipConsentScreen, *  forceAddAllAuthorizationInfo, tags, plus template-only approvedCallbackUrls *  and logo) are sourced from that template. When useTemplate is false, the *  inline fields on this message are used directly. */export interface DynamicRegistrationSettings {dynamicRegistration?: Projectv11cimdSettings?: {enabled?: booleandomainPolicies?: CIMDDomainPolicies}dynamicRegistrationTemplateId?: stringuseTemplate?: booleanloginPageURL?: stringskipConsentScreen?: booleanforceAddAllAuthorizationInfo?: booleantags?: string[]sessionSettings?: {enabled?: booleanrefreshTokenExpiration?: numberrefreshTokenExpirationUnit?: stringsessionTokenExpiration?: numbersessionTokenExpirationUnit?: stringuserTemplateId?: stringkeyTemplateId?: stringkeySessionTokenExpiration?: numberkeySessionTokenExpirationUnit?: string}}export interface Projectv11 {enabled?: booleandisableApprovedScopesAsDefault?: booleanflowId?: string}export interface CIMDDomainPolicies {policies?: CIMDDomainPolicy[]}export interface CIMDDomainPolicy {domainPattern?: stringenabled?: boolean}

Was this helpful?