ApplicationsOutbound Apps

Outbound Apps with SDKs

You can use the Descope management SDK to fetch, delete, and manage Outbound App tokens. The management SDK requires a management key, which can be generated from the Company Settings page of the Descope console.

Install SDK

npm install @descope/node-sdk
pip install descope
// Include the following in your `pom.xml` (for Maven)
<dependency>
    <artifactId>java-sdk</artifactId>
    <groupId>com.descope</groupId>
    <version>sdk-version</version> // Check https://github.com/descope/descope-java/releases for the latest versions
</dependency>

Import and initialize Management SDK

import DescopeClient from '@descope/node-sdk';

// Initialized using environment variables DESCOPE_PROJECT_ID and DESCOPE_MANAGEMENT_KEY
const descopeClient = DescopeClient();

// Or directly
const descopeClient = DescopeClient({
    projectId: '__ProjectID__',
    managementKey: 'management-key'
});
from descope import DescopeClient

# Initialized using environment variables DESCOPE_PROJECT_ID and DESCOPE_MANAGEMENT_KEY
descope_client = DescopeClient()

# Or directly
descope_client = DescopeClient(
    project_id="__ProjectID__",
    management_key="management-key"
)
import com.descope.client;

// Initialized after setting the DESCOPE_PROJECT_ID env var (and optionally DESCOPE_MANAGEMENT_KEY)
var descopeClient = new DescopeClient();

// ** Or directly **
var descopeClient = new DescopeClient(Config.builder()
        .projectId("__ProjectID__")
        .managementKey("management-key")
        .build());

// Set up the outbound apps service
OutboundAppsService outboundAppsService = descopeClient.getManagementServices().getOutboundAppsService();

Fetch Outbound App Token

Fetch an access token for a specific outbound app and user. This is useful when you need to make API calls to third-party services on behalf of a user.

// Args:
//   appId (string): Outbound app ID (required)
//   userId (string): User ID (required)
//   tenantId (string): Optional tenant ID
//   options (object): Optional request options
try {
    const token = await descopeClient.management.outboundApplication.fetchToken(
        'app-id',
        'user-id'
    );
    const accessToken = token.data.accessToken;
} catch (error) {
    // Handle the error
}
# Args:
#   app_id (str): Outbound app ID (required)
#   user_id (str): User ID (required)
#   scopes (list): Optional list of scopes to request
try:
    token = descope_client.mgmt.outbound_application.fetch_token(
        app_id="app-id",
        user_id="user-id"
    )
    access_token = token["token"]["token"]
except Exception as e:
    # Handle the error
    print(f"Error: {e}")

Fetch Outbound App Token by Scopes

Fetch an access token with specific scopes for a user.

// Args:
//   appId (string): Outbound app ID (required)
//   userId (string): User ID (required)
//   scopes (string[]): List of scopes to request (required)
//   options (object): Optional request options
//   tenantId (string): Optional tenant ID
try {
    const token = await descopeClient.management.outboundApplication.fetchTokenByScopes(
        'app-id',
        'user-id',
        ['read', 'write']
    );
    const accessToken = token.data.accessToken;
} catch (error) {
    // Handle the error
}
# Args:
#   app_id (str): Outbound app ID (required)
#   user_id (str): User ID (required)
#   scopes (list): List of scopes to request (required)
try:
    token = descope_client.mgmt.outbound_application.fetch_token_by_scopes(
        app_id="app-id",
        user_id="user-id",
        scopes=["read", "write"]
    )
    access_token = token["token"]["token"]
except Exception as e:
    # Handle the error
    print(f"Error: {e}")

Delete Outbound App Token by Token ID

This operation deletes a specific outbound app token by its token ID.

// Args:
//   id (string): The token ID to delete
try {
    await descopeClient.management.outboundApplication.deleteTokenById('token-id');
} catch (error) {
    // Handle the error
}
# Args:
#   token_id (str): The token ID to delete
try:
    descope_client.mgmt.outbound_application.delete_token(token_id="token-id")
except Exception as e:
    # Handle the error
    print(f"Error: {e}")
// Args:
//   tokenId (String): The token ID to delete
try {
    outboundAppsService.deleteOutboundAppTokenById("token-id");
} catch (DescopeException de) {
    // Handle the error
}

Delete All Outbound App Tokens for a User

This operation deletes all outbound app tokens for a given user and app.

// Args:
//   appId (string): Outbound app ID (required)
//   userId (string): User ID (required)
try {
    await descopeClient.management.outboundApplication.deleteUserTokens('app-id', 'user-id');
} catch (error) {
    // Handle the error
}
# Args:
#   app_id (str): Outbound app ID (required)
#   user_id (str): User ID (required)
try:
    descope_client.mgmt.outbound_application.delete_user_tokens(
        app_id="app-id",
        user_id="user-id"
    )
except Exception as e:
    # Handle the error
    print(f"Error: {e}")
// Args:
//   appId (String): Outbound app ID (required)
//   userId (String): User ID (required)
try {
    outboundAppsService.deleteOutboundAppUserTokens(
        DeleteOutboundAppUserTokensRequest.builder()
            .appId("app-id")
            .userId("user-id")
            .build()
    );
} catch (DescopeException de) {
    // Handle the error
}
Was this helpful?

Example Tools

See how to use Descope Outbound Apps from the backend to fetch access tokens for providers like Salesforce, HubSpot, and Google Calendar.

Resources

Define API and MCP Server Resources in Descope with OAuth scopes, RBAC role mapping, and connection scope mapping for agent and client access.

On this page

Outbound Apps with SDKsInstall SDKImport and initialize Management SDKFetch Outbound App TokenFetch Outbound App Token by ScopesDelete Outbound App Token by Token IDDelete All Outbound App Tokens for a User