Client Management

CRUD operations for OAuth client applications, plus icon management and token revocation.

GET /api/oauth-clients

List all OAuth clients with search support.

Authentication: Required

Permissions Required: Superuser + token API feature

Query Parameters:

Parameter	Type	Default	Description
`q`	string	-	Search query (searches name, description)

Response:

Paginated HAL collection with embedded inf:oauth-client items.

{
  "_links": {
    "self": { "href": "/api/oauth-clients" }
  },
  "_embedded": {
    "inf:oauth-client": [
      {
        "_links": {
          "self": { "href": "/api/oauth-clients/client-uuid-123" }
        },
        "id": "client-uuid-123",
        "name": "My Application",
        "description": "External analytics dashboard",
        "url": "https://myapp.example.com",
        "client_id": "a6bd8f0f72b2c3275ff6",
        "redirect_uri": ["https://myapp.example.com/callback"],
        "pkce": false,
        "enableRefreshTokens": true
      }
    ]
  },
  "start": 0,
  "count": 1,
  "total": 3
}

GET /api/oauth-clients-list

Get a flat array of all OAuth clients with resolved icon URLs.

Authentication: Required

Response:

[
  {
    "id": "client-uuid-123",
    "name": "My Application",
    "description": "External analytics dashboard",
    "url": "https://myapp.example.com",
    "client_id": "a6bd8f0f72b2c3275ff6",
    "redirect_uri": ["https://myapp.example.com/callback"],
    "pkce": false,
    "enableRefreshTokens": true,
    "iconUrl": "/api/oauth-clients/client-uuid-123/icon"
  }
]

ETag Support: This endpoint supports ETags for efficient caching.

GET /api/oauth-client-templates

Get pre-built client templates for common OAuth applications.

Authentication: Required

Response:

{
  "_embedded": {
    "items": [
      {
        "group": "__top",
        "name": "Generic App",
        "oauthClient": {
          "name": "My Application",
          "description": "A generic OAuth application",
          "pkce": false,
          "enableRefreshTokens": true
        }
      },
      {
        "group": "__top",
        "name": "Informer CLI",
        "oauthClient": {
          "name": "Informer CLI",
          "client_id": "a6bd8f0f72b2c3275ff6",
          "pkce": true,
          "enableRefreshTokens": true
        }
      }
    ]
  }
}

Built-in Templates

Templates for Informer CLI and Informer GO are only shown if those clients are not already installed.

POST /api/oauth-clients

Create a new OAuth client application.

Authentication: Required

Permissions Required: Superuser + token API feature

Payload:

{
  "name": "My Application",
  "description": "External analytics dashboard",
  "url": "https://myapp.example.com",
  "redirect_uri": ["https://myapp.example.com/callback"],
  "pkce": false,
  "enableRefreshTokens": true,
  "svg": "<svg>...</svg>"
}

Field	Type	Required	Description
`name`	string	Yes	Client application name
`description`	string	No	Description
`url`	string	No	Application URL
`redirect_uri`	string or string[]	No	Allowed redirect URIs (must not contain fragments)
`client_id`	string	No	Custom client ID (auto-generated if omitted)
`pkce`	boolean	No	Enable PKCE support (default: `false`)
`enableRefreshTokens`	boolean	No	Issue refresh tokens (default: `false`)
`svg`	string	No	SVG content for the client icon

Response: 201 Created

{
  "id": "client-uuid-123",
  "name": "My Application",
  "client_id": "a6bd8f0f72b2c3275ff6",
  "pkce": false,
  "enableRefreshTokens": true
}

GET /api/oauth-clients/{id}

Get a single OAuth client with details including active token count.

Authentication: Required

Permissions Required: Superuser + token API feature

Path Parameters:

Parameter	Type	Description
`id`	string	Client UUID or client_id

Response:

{
  "_links": {
    "self": { "href": "/api/oauth-clients/client-uuid-123" },
    "inf:oauth-client-secrets": { "href": "/api/oauth-clients/client-uuid-123/secrets" },
    "inf:oauth-client-icon": { "href": "/api/oauth-clients/client-uuid-123/icon" },
    "inf:oauth-client-revoke": { "href": "/api/oauth-clients/client-uuid-123/_revoke" }
  },
  "id": "client-uuid-123",
  "name": "My Application",
  "description": "External analytics dashboard",
  "url": "https://myapp.example.com",
  "client_id": "a6bd8f0f72b2c3275ff6",
  "redirect_uri": ["https://myapp.example.com/callback"],
  "pkce": false,
  "enableRefreshTokens": true,
  "tokenCount": 12
}

Field	Description
`tokenCount`	Number of active tokens issued by this client

PUT /api/oauth-clients/{id}

Update an OAuth client's properties.

Authentication: Required

Permissions Required: Superuser + token API feature

Path Parameters:

Parameter	Type	Description
`id`	string	Client UUID or client_id

Payload:

Field	Type	Description
`name`	string	Client name
`description`	string	Description
`url`	string	Application URL
`redirect_uri`	string[]	Allowed redirect URIs
`pkce`	boolean	PKCE support
`enableRefreshTokens`	boolean	Refresh token support

Response: Updated client object.

DELETE /api/oauth-clients/{id}

Delete an OAuth client and all associated secrets and tokens.

Authentication: Required

Permissions Required: Superuser

Path Parameters:

Parameter	Type	Description
`id`	string	Client UUID or client_id

Response: 204 No Content

Cascade Delete

Deleting a client permanently removes all secrets, tokens, and active sessions for that client.

POST /api/oauth-clients/{id}/_revoke

Revoke all active tokens for a client without deleting the client itself.

Authentication: Required

Permissions Required: Superuser + token API feature

Path Parameters:

Parameter	Type	Description
`id`	string	Client UUID or client_id

Payload: Empty

Response: 200 OK

GET /api/oauth-clients/{id}/icon

Get the client's icon image.

Authentication: Required

Permissions Required: Superuser + token API feature

Path Parameters:

Parameter	Type	Description
`id`	string	Client UUID or client_id

Response: Binary image stream (SVG, PNG, etc.)

Error Responses:

404 Not Found - Client has no icon

PUT /api/oauth-clients/{id}/icon

Upload an icon for the client.

Authentication: Required

Permissions Required: Superuser + token API feature

Path Parameters:

Parameter	Type	Description
`id`	string	Client UUID or client_id

Payload:

Field	Type	Required	Description
`upload`	string	Yes	Upload temp ID from the storage upload endpoint
`progress`	string	No	Upload progress tracking ID

Response: 201 Created with the file record.

DELETE /api/oauth-clients/{id}/icon

Remove the client's icon.

Authentication: Required

Permissions Required: Superuser + token API feature

Path Parameters:

Parameter	Type	Description
`id`	string	Client UUID or client_id

Response: 204 No Content

GET /api/oauth-clients​

GET /api/oauth-clients-list​

GET /api/oauth-client-templates​

POST /api/oauth-clients​

GET /api/oauth-clients/{id}​

PUT /api/oauth-clients/{id}​

DELETE /api/oauth-clients/{id}​

POST /api/oauth-clients/{id}/_revoke​

GET /api/oauth-clients/{id}/icon​

PUT /api/oauth-clients/{id}/icon​

DELETE /api/oauth-clients/{id}/icon​

GET /api/oauth-clients

GET /api/oauth-clients-list

GET /api/oauth-client-templates

POST /api/oauth-clients

GET /api/oauth-clients/{id}

PUT /api/oauth-clients/{id}

DELETE /api/oauth-clients/{id}

POST /api/oauth-clients/{id}/_revoke

GET /api/oauth-clients/{id}/icon

PUT /api/oauth-clients/{id}/icon

DELETE /api/oauth-clients/{id}/icon