ApiManagementThird party apps
POST
/v2/mgmt/thirdparty/app/loadall

Authorization

Descope Project ID and Management Key
AuthorizationBearer <token>

Project ID:Management Key as bearer token.

In: header

Request Body

application/json

page?integer
Formatint32
limit?integer
Formatint32

Loads all third party applications in the structured scope-claim mapping model, using a valid management key. Legacy attributesScopes are converted to scopeClaimMapping and returned empty.

curl -X POST "https://api.descope.com/v2/mgmt/thirdparty/app/loadall" \  -H "Content-Type: application/json" \  -d '{}'
{  "apps": [    {      "id": "string",      "name": "string",      "description": "string",      "clientId": "string",      "logo": "string",      "loginPageUrl": "string",      "approvedCallbackUrls": [        "string"      ],      "permissionsScopes": [        {          "name": "string",          "description": "string",          "optional": true,          "values": [            "string"          ]        }      ],      "dynamic": true,      "status": "string",      "logoUrl": "string",      "jwtBearerSettings": {        "issuers": {          "property1": {            "jwksUri": "string",            "signAlgorithm": "string",            "userInfoUri": "string",            "externalIdFieldName": "string"          },          "property2": {            "jwksUri": "string",            "signAlgorithm": "string",            "userInfoUri": "string",            "externalIdFieldName": "string"          }        },        "jwtBearerGrantTypeAudienceToUse": "string",        "jwtBearerGrantTypeScopeToUse": "string",        "jwtBearerGrantTypeCustomClaimsToUse": "string"      },      "sessionSettings": {        "enabled": true,        "refreshTokenExpiration": 0,        "refreshTokenExpirationUnit": "string",        "sessionTokenExpiration": 0,        "sessionTokenExpirationUnit": "string",        "userTemplateId": "string",        "keyTemplateId": "string",        "keySessionTokenExpiration": 0,        "keySessionTokenExpirationUnit": "string"      },      "nonConfidentialClient": true,      "audienceWhitelist": [        "string"      ],      "forceAddAllAuthorizationInfo": true,      "connectionsScopes": [        {          "name": "string",          "description": "string",          "optional": true,          "values": [            "string"          ]        }      ],      "defaultAudience": "string",      "skipConsentScreen": true,      "useResources": true,      "customAttributes": {        "attribute-key": "attribute-value"      },      "cibaSettings": {        "enabled": true,        "expirationTime": 0,        "expirationTimeUnit": "string",        "emailServiceProvider": "string",        "emailServiceProviderFallback": "string",        "emailServiceTemplateId": "string",        "loginPageURL": "string"      },      "jarSettings": {        "enforce": true,        "publicKey": "string",        "maxLifetimeSeconds": 0,        "fapi": true      },      "allowedTenants": [        "string"      ],      "clientType": "string",      "forcePkce": true,      "allowPartialScopes": true,      "scopeClaimMapping": [        {          "scope": "string",          "claims": {            "property1": "string",            "property2": "string"          },          "description": "string",          "useProjectMapping": true,          "mandatory": true        }      ]    }  ],  "total": 0}
export interface Response {apps?: ThirdPartyApplicationV2[]total?: number}export interface ThirdPartyApplicationV2 {id?: stringname?: stringdescription?: stringclientId?: stringlogo?: stringloginPageUrl?: stringapprovedCallbackUrls?: string[]permissionsScopes?: {name?: stringdescription?: stringoptional?: booleanvalues?: string[]}[]dynamic?: booleanstatus?: stringlogoUrl?: stringjwtBearerSettings?: {issuers?: {[k: string]: IssuerSettings}jwtBearerGrantTypeAudienceToUse?: stringjwtBearerGrantTypeScopeToUse?: stringjwtBearerGrantTypeCustomClaimsToUse?: string}sessionSettings?: {enabled?: booleanrefreshTokenExpiration?: numberrefreshTokenExpirationUnit?: stringsessionTokenExpiration?: numbersessionTokenExpirationUnit?: stringuserTemplateId?: stringkeyTemplateId?: stringkeySessionTokenExpiration?: numberkeySessionTokenExpirationUnit?: string}nonConfidentialClient?: booleanaudienceWhitelist?: string[]forceAddAllAuthorizationInfo?: booleanconnectionsScopes?: {name?: stringdescription?: stringoptional?: booleanvalues?: string[]}[]defaultAudience?: stringskipConsentScreen?: booleanuseResources?: boolean/** * Custom attributes as key-value pairs. Keys must be strings; values can be strings, numbers, booleans, or arrays. */customAttributes?: {[k: string]: string}cibaSettings?: ThirdPartyApplicationCIBASettings/** * JAR (JWT-Secured Authorization Request, RFC 9101) settings for Third Party Applications */jarSettings?: {enforce?: booleanpublicKey?: stringmaxLifetimeSeconds?: numberfapi?: boolean}allowedTenants?: string[]clientType?: stringforcePkce?: booleanallowPartialScopes?: booleanscopeClaimMapping?: {scope?: string/** * claims is consulted only when useProjectMapping is false. When useProjectMapping is true, *  the project-wide mapping's entry for `scope` provides the claims and this field is ignored. */claims?: {[k: string]: string}description?: string/** * useProjectMapping, when true, reuses the project-wide ScopeClaimMapping's entry for this *  scope (the app's `claims` field is ignored). Default false uses the app's own `claims`. */useProjectMapping?: boolean/** * mandatory, when true, means the scope is always granted and cannot be deselected by the *  user on the consent screen. Mirrors the inverse of the legacy ApplicationScope.optional. */mandatory?: boolean}[]}export interface IssuerSettings {jwksUri?: stringsignAlgorithm?: stringuserInfoUri?: stringexternalIdFieldName?: string}export interface ThirdPartyApplicationCIBASettings {enabled?: booleanexpirationTime?: numberexpirationTimeUnit?: stringemailServiceProvider?: stringemailServiceProviderFallback?: stringemailServiceTemplateId?: stringloginPageURL?: string}
Was this helpful?