Create an Outbound App with Descope | Descope Documentation

Creating an Outbound App

To configure an outbound application within Descope, navigate to the Outbound Apps section of the console and select + Outbound App.

You can then select a custom connection, or one of our preconfigured applications within the outbound app library.

Once you have created your outbound application, you can configure it. The configuration is split into several sections: Outbound App Details, Account Information, Additional Settings, and Token Management.

This example will walk through configuring Google Contacts as an outbound application.

Custom API Key Apps

In addition to connecting to OAuth providers, you can create a Custom API Key App. This allows you to store and manage static API keys (or other secrets) for each user or tenant, associated with a specific app.

When creating an Outbound App, select the "Custom API Key" option.
You can then use Descope Flows or APIs to collect and store API keys for each user or tenant.
These keys are securely stored and can be retrieved or rotated as needed.

This is ideal for integrating with services that do not support OAuth, or for managing long-lived tokens.

Outbound App Details

Within this section, you can find and configure the information regarding your application below.

Logo (Optional): You can upload a logo for the outbound app by clicking the edit button on the logo. The "Connect To" consent button within your flows for the outbound app will automatically utilize the uploaded logo.
Outbound Name (Required): This is the configurable name of the application.
Description (Optional): This is the chosen description of your application, and it is editable.
Outbound App ID (Required): This is configurable only during the creation of the outbound application. Once the initial configuration is complete, this field will not be editable.

Account Information

Within this section, you will define the connection settings and scopes for your outbound application.

Connection Settings

Here, you will configure the connection to the outbound app provider. This example shows one of the preconfigured applications (Google Contacts).

Client ID (Required): The ID from the provider when creating your authentication account
Client Secret (Required): The secret from the provider when creating your authentication account
Callback Domain (Optional): The domain to use for callbacks. This will default to the configured domain within project settings.
Callback URL for app registration (Pre-defined): To use a custom domain in your OAuth verification screen, configure a custom domain on the Project page.

Note

It is important to note that the callback URL for outbound applications differs from the callback URL of OAuth authentication methods and will require you to add the additional URL to your application's callback domains list.

Scopes

Within this section, you will configure the scopes to associate with the outbound application. These configured scopes must also be configured on your provider's application.

Note

Where applicable, within non-custom applications, Descope prepopulates example scopes for the outbound application; however, Descope also links to the provider's scope documentation to allow you to review and refine the scopes requested further.

Example: Google Contacts Application

By default, Google Contacts prompts for full access:

Scope: https://www.googleapis.com/auth/contacts
Description: See, edit, download, and permanently delete your contacts

However, you can switch to read-only access by using:

Scope: https://www.googleapis.com/auth/contacts.readonly

This adjustment is shown in the example screenshot below:

In order to use the Google Contacts APIs with this scope however, you must also configure the https://www.googleapis.com/auth/contacts.readonly scope on your Google application.

See the example below:

Additional Settings

Within the additional settings section, you can configure more details for how your application behaves on successful consent, authorization, and token endpoint configuration.

Note

When using an application from the outbound app library, the authorization and token endpoint are prepopulated. These prepopulated endpoints should work as intended and not need to be altered during the app creation.

Redirect URL (Optional): The default redirect URL after a successful connection. This value will be overridden when using flows or specifying the redirect URL in the API/SDK call.
Authorization Endpoint (Required): The endpoint to request authorization from the user.
Token Endpoint (Required): The endpoint to exchange the authorization code for an access token.

Managing Outbound Apps

You can create, update, delete, and load outbound applications programmatically using the Descope Node SDK or directly via the REST API.

Create an Outbound Application

// Create an outbound application
const { id } = await descopeClient.management.outboundApplication.createApplication({
  name: 'my new app',
  description: 'my desc',
  // ...other fields (see schema below)
});

Update an Outbound Application

// Update an outbound application (overrides all fields)
await descopeClient.management.outboundApplication.updateApplication({
  id: 'my-app-id',
  name: 'my updated app',
  // ...other fields
});

Delete an Outbound Application

// Delete an outbound application by id
await descopeClient.management.outboundApplication.deleteApplication('my-app-id');

Load an Outbound Application

// Load an outbound application by id
const app = await descopeClient.management.outboundApplication.loadApplication('my-app-id');

Load All Outbound Applications

// Load all outbound applications
const appsRes = await descopeClient.management.outboundApplication.loadAllApplications();
appsRes.data.forEach((app) => {
  // do something
});

Was this helpful?

On this page