Applications/Inbound Apps

Inbound Apps with SDKs

You can use the Descope management SDK to create, update, patch, delete, and load Inbound Apps, as well as manage secrets and consents. The management SDK requires a management key, which can be generated from the Company Settings page of the Descope console.

Note

Currently, Inbound App management functions are only supported in the Java SDK. You can use our API directly if you are using another backend framework.

Install SDK

// Include the following in your `pom.xml` (for Maven)
<dependency>
    <artifactId>java-sdk</artifactId>
    <groupId>com.descope</groupId>
    <version>sdk-version</version> // Check https://github.com/descope/descope-java/releases for the latest versions
</dependency>

Import and initialize Management SDK

import com.descope.client;
 
// Initialized after setting the DESCOPE_PROJECT_ID env var (and optionally DESCOPE_MANAGEMENT_KEY)
var descopeClient = new DescopeClient();
 
// ** Or directly **
var descopeClient = new DescopeClient(Config.builder()
        .projectId("__ProjectID__")
        .managementKey("management-key")
        .build());
 
// Set up the inbound apps service
InboundAppsService inboundAppsService = descopeClient.getManagementServices().getInboundAppsService();

Create Inbound Application

This operation creates a new inbound application with the provided details.

// Args:
//   name (String): Name of the inbound app (required)
//   id (String): Optional custom app ID
//   description (String): Optional description
//   logo (String): Optional logo URL
//   loginPageUrl (String): Optional login page URL
//   approvedCallbackUrls (String[]): Optional list of approved callback URLs
//   permissionsScopes (InboundAppScope[]): Optional array of permission scopes
//   attributesScopes (InboundAppScope[]): Optional array of attribute scopes
try {
    InboundAppCreateResponse response = inboundAppsService.createApplication(
        InboundAppRequest.builder()
            .name("My Inbound App")
            // .id("optional-custom-id")
            // .description("optional-description")
            // .logo("optional-logo")
            // .loginPageUrl("optional-loginPageUrl")
            // .approvedCallbackUrls(new String[] { "https://example.com/callback1", "https://example.com/callback2" })
            // .permissionsScopes(new InboundAppScope[] {
            //     InboundAppScope.builder()
            //         .name("scope-name") // required for each scope
            //         .description("optional description")
            //         // .values(new String[] { "value1", "value2" }) // if supported
            //         .build()
            // })
            // .attributesScopes(new InboundAppScope[] {
            //     InboundAppScope.builder()
            //         .name("attribute-scope-name") // required for each attribute scope
            //         .description("optional description")
            //         // .values(new String[] { "value1", "value2" }) // if supported
            //         .build()
            // })
            .build()
    );
    String appId = response.getId();
    String secret = response.getSecret();
} catch (DescopeException de) {
    // Handle the error
}

Update Inbound Application

This operation updates an existing inbound application, overwriting all fields with the provided values.

// Args:
//   id (String): App ID (required)
//   name (String): Name (required)
//   description (String): Optional description
//   logo (String): Optional logo URL
//   loginPageUrl (String): Optional login page URL
//   approvedCallbackUrls (String[]): Optional list of approved callback URLs
//   permissionsScopes (InboundAppScope[]): Optional array of permission scopes
//   attributesScopes (InboundAppScope[]): Optional array of attribute scopes
try {
    inboundAppsService.updateApplication(
        InboundAppRequest.builder()
            .id("app-id")
            .name("Updated Name")
            // .description("optional-description")
            // .logo("optional-logo")
            // .loginPageUrl("optional-loginPageUrl")
            // .approvedCallbackUrls(new String[] { "https://example.com/callback1" })
            // .permissionsScopes(new InboundAppScope[] {
            //     InboundAppScope.builder().name("scope-name").build()
            // })
            // .attributesScopes(new InboundAppScope[] {
            //     InboundAppScope.builder().name("attribute-scope-name").build()
            // })
            .build()
    );
} catch (DescopeException de) {
    // Handle the error
}

Patch Inbound Application

This operation updates only the provided fields of an inbound application.

// Args:
//   id (String): App ID (required)
//   name (String): Optional name
//   description (String): Optional description
//   logo (String): Optional logo URL
//   loginPageUrl (String): Optional login page URL
//   approvedCallbackUrls (String[]): Optional list of approved callback URLs
//   permissionsScopes (InboundAppScope[]): Optional array of permission scopes
//   attributesScopes (InboundAppScope[]): Optional array of attribute scopes
try {
    inboundAppsService.patchApplication(
        InboundAppRequest.builder()
            .id("app-id")
            // .name("Patched Name")
            // .description("optional-description")
            // .logo("optional-logo")
            // .loginPageUrl("optional-loginPageUrl")
            // .approvedCallbackUrls(new String[] { "https://example.com/callback1" })
            // .permissionsScopes(new InboundAppScope[] {
            //     InboundAppScope.builder().name("scope-name").build()
            // })
            // .attributesScopes(new InboundAppScope[] {
            //     InboundAppScope.builder().name("attribute-scope-name").build()
            // })
            .build()
    );
} catch (DescopeException de) {
    // Handle the error
}

Delete Inbound Application

This operation deletes an inbound application by its ID.

try {
    inboundAppsService.deleteApplication("app-id");
} catch (DescopeException de) {
    // Handle the error
}

Load Inbound Application

This operation loads a specific inbound application by its ID.

try {
    InboundApp app = inboundAppsService.loadApplication("app-id");
} catch (DescopeException de) {
    // Handle the error
}

Load Inbound Application by Client ID

This operation loads a specific inbound application by its client ID.

try {
    InboundApp app = inboundAppsService.loadApplicationByClientId("client-id");
} catch (DescopeException de) {
    // Handle the error
}

Get Inbound Application Secret

This operation retrieves the application's secret by its ID.

try {
    String secret = inboundAppsService.getApplicationSecret("app-id");
} catch (DescopeException de) {
    // Handle the error
}

Rotate Inbound Application Secret

This operation rotates the application's secret and returns the new secret.

try {
    String newSecret = inboundAppsService.rotateApplicationSecret("app-id");
} catch (DescopeException de) {
    // Handle the error
}

Load All Inbound Applications

This operation loads all inbound applications in the project.

try {
    InboundApp[] apps = inboundAppsService.loadAllApplications();
    for (InboundApp app : apps) {
        // Do something
    }
} catch (DescopeException de) {
    // Handle the error
}

Delete User Consents for Inbound App

This operation deletes user consents for an inbound app. At least one identifying field must be set.

// Args:
//   consentIds (String[]): Optional array of consent IDs to delete
//   appId (String): Optional inbound app ID
//   userIds (String[]): Optional array of user IDs
//   tenantId (String): Optional tenant ID
// At least one of consentIds, appId, userIds, or tenantId must be provided
try {
    inboundAppsService.deleteConsents(
        InboundAppConsentDeleteOptions.builder()
            // .consentIds(new String[] { "consent-id-1", "consent-id-2" })
            // .appId("app-id")
            // .userIds(new String[] { "user-id-1", "user-id-2" })
            // .tenantId("tenant-id")
            .build()
    );
} catch (DescopeException de) {
    // Handle the error
}

Delete Tenant Consents for Inbound App

This operation deletes tenant consents for an inbound app. At least one identifying field must be set.

// Args:
//   consentIds (String[]): Optional array of tenant consent IDs to delete
//   appId (String): Optional inbound app ID
//   tenantId (String): Optional tenant ID
// At least one of consentIds, appId, or tenantId must be provided
try {
    inboundAppsService.deleteTenantConsents(
        InboundAppTenantConsentDeleteOptions.builder()
            // .consentIds(new String[] { "consent-id-1", "consent-id-2" })
            // .appId("app-id")
            // .tenantId("tenant-id")
            .build()
    );
} catch (DescopeException de) {
    // Handle the error
}

Search Consents for Inbound Apps

This operation searches consents for inbound apps. All fields are optional and can be used to filter results.

// Args:
//   appId (String): Optional inbound app ID to filter by
//   userId (String): Optional user ID to filter by
//   consentId (String): Optional consent ID to filter by
//   tenantId (String): Optional tenant ID to filter by
//   page (String): Optional page token for pagination
try {
    InboundAppConsentSearchResponse res = inboundAppsService.searchConsents(
        InboundAppConsentSearchOptions.builder()
            // .appId("app-id")
            // .userId("user-id")
            // .consentId("consent-id")
            // .tenantId("tenant-id")
            // .page("page-token")
            .build()
    );
    // res.getConsents(), res.getTotal()
} catch (DescopeException de) {
    // Handle the error
}
Was this helpful?

Use Cases for Inbound Apps

A list of popular use cases for inbound apps, and how they can be implemented.

Outbound Apps

Discover how Descope's Outbound Apps enable seamless integration with third-party platforms, enhancing user experiences with additional OAuth consents.

On this page