Create an OAuth app

curl --request POST \
  --url https://api.hq.zone/v1/api/oauth/apps \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "client_name": "<string>",
  "grant_types": [
    "<string>"
  ],
  "redirect_uris": [
    "<string>"
  ],
  "response_types": [
    "<string>"
  ],
  "scope": "<string>",
  "token_endpoint_auth_method": "<string>"
}
'

{
  "client_id": "<string>",
  "client_type": "<string>",
  "name": "<string>",
  "redirect_uris": [
    "<string>"
  ],
  "registration_access_token": "<string>",
  "scopes": [
    "<string>"
  ],
  "client_secret": "<string>"
}

Tokens

Create an OAuth app

Registers a new OAuth application owned by the authenticated caller, validating the supplied client metadata (redirect URIs must be https or http loopback with no fragment, scopes must be known capability scopes). Returns the created app including its client_id and, for confidential clients, a client_secret, plus a registration_access_token used for later RFC 7592 management; the secret and registration token are shown only once and cannot be retrieved again. Each account is limited in how many apps it may register.

POST

api

oauth

apps

Create an OAuth app

curl --request POST \
  --url https://api.hq.zone/v1/api/oauth/apps \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "client_name": "<string>",
  "grant_types": [
    "<string>"
  ],
  "redirect_uris": [
    "<string>"
  ],
  "response_types": [
    "<string>"
  ],
  "scope": "<string>",
  "token_endpoint_auth_method": "<string>"
}
'

{
  "client_id": "<string>",
  "client_type": "<string>",
  "name": "<string>",
  "redirect_uris": [
    "<string>"
  ],
  "registration_access_token": "<string>",
  "scopes": [
    "<string>"
  ],
  "client_secret": "<string>"
}

Authorizations

Authorization

string

header

required

Personal Access Token. Send as Authorization: Bearer hq_pat_....

Body

application/json

client_name

string | null

grant_types

string[] | null

redirect_uris

string[]

response_types

string[] | null

scope

string | null

Space-delimited capability scopes the client may request.

token_endpoint_auth_method

string | null

Response

The created app (secret + registration token shown once)

client_id

string

required

client_type

string

required

name

string

required

redirect_uris

string[]

required

registration_access_token

string

required

The RFC 7592 management bearer; shown ONCE.

scopes

string[]

required

client_secret

string | null

Present only for confidential clients; shown ONCE, never retrievable.

List OAuth apps Update an OAuth app

⌘I