Mastodon
  • What is Mastodon?
  • Using Mastodon
    • Signing up for an account
    • Setting up your profile
    • Posting to your profile
    • Using the network features
    • Dealing with unwanted content
    • Promoting yourself and others
    • Set your preferences
    • More settings
    • Using Mastodon externally
    • Moving or leaving accounts
    • Running your own server
  • Running Mastodon
    • Preparing your machine
    • Installing from source
    • Configuring your environment
    • Configuring full-text search
    • Installing optional features
      • Object storage
      • Onion services
      • Captcha
      • Single Sign On
    • Setting up your new instance
    • Using the admin CLI
    • Upgrading to a new release
    • Backing up your server
    • Migrating to a new machine
    • Scaling up your server
    • Moderation actions
    • Troubleshooting errors
      • Database index corruption
    • Roles
  • Developing Mastodon apps
    • Getting started with the API
    • Playing with public data
    • Obtaining client app access
    • Logging in with an account
    • Libraries and implementations
  • Contributing to Mastodon
    • Technical overview
    • Setting up a dev environment
    • Code structure
    • Routes
    • Bug bounties and responsible disclosure
  • Spec compliance
    • ActivityPub
    • WebFinger
    • Security
    • Microformats
    • OAuth
    • Bearcaps
  • REST API
    • Datetime formats
    • Guidelines and best practices
    • OAuth Tokens
    • OAuth Scopes
    • Rate limits
  • API Methods
    • apps
      • oauth
      • emails
    • accounts
      • bookmarks
      • favourites
      • mutes
      • blocks
      • domain_blocks
      • filters
      • reports
      • follow_requests
      • endorsements
      • featured_tags
      • preferences
      • followed_tags
      • suggestions
      • tags
    • profile
    • statuses
      • media
      • polls
      • scheduled_statuses
    • timelines
      • conversations
      • lists
      • markers
      • streaming
    • grouped notifications
    • notifications
      • push
    • search
    • instance
      • trends
      • directory
      • custom_emojis
      • announcements
    • admin
      • accounts
      • canonical_email_blocks
      • dimensions
      • domain_allows
      • domain_blocks
      • email_domain_blocks
      • ip_blocks
      • measures
      • reports
      • retention
      • trends
    • proofs
    • oembed
  • API Entities
    • Account
    • AccountWarning
    • Admin::Account
    • Admin::CanonicalEmailBlock
    • Admin::Cohort
    • Admin::Dimension
    • Admin::DomainAllow
    • Admin::DomainBlock
    • Admin::EmailDomainBlock
    • Admin::Ip
    • Admin::IpBlock
    • Admin::Measure
    • Admin::Report
    • Announcement
    • Appeal
    • Application
    • Context
    • Conversation
    • CustomEmoji
    • DomainBlock
    • Error
    • ExtendedDescription
    • FamiliarFollowers
    • FeaturedTag
    • Filter
    • FilterKeyword
    • FilterResult
    • FilterStatus
    • IdentityProof
    • Instance
    • List
    • Marker
    • MediaAttachment
    • Notification
    • NotificationPolicy
    • NotificationRequest
    • Poll
    • Preferences
    • PreviewCard
    • PreviewCardAuthor
    • PrivacyPolicy
    • Quote
    • Reaction
    • Relationship
    • RelationshipSeveranceEvent
    • Report
    • Role
    • Rule
    • ScheduledStatus
    • Search
    • ShallowQuote
    • Status
    • StatusEdit
    • StatusSource
    • Suggestion
    • Tag
    • TermsOfService
    • Token
    • Translation
    • V1::Filter
    • V1::Instance
    • V1::NotificationPolicy
    • WebPushSubscription

Application

Represents an application that interfaces with the REST API to access accounts or post statuses.

    • Example
    • Attributes
      • name
      • website optional
      • scopes
      • redirect_uris
      • redirect_uri deprecated
      • vapid_key deprecated
    • CredentialApplication attributes
      • client_id
      • client_secret
      • client_secret_expires_at
    • See also

Example

{
  "name": "Test Application",
  "website": "https://app.example",
  "scopes": ["read", "write", "push"],
  "redirect_uri": "https://app.example/callback\nhttps://app.example/register",
  "redirect_uris": [
    "https://app.example/callback",
    "https://app.example/register"
  ]
}

Attributes

name

Description: The name of your application.
Type: String
Version history:
0.9.9 - added

website optional

Description: The website associated with your application.
Type: nullable String (URL)
Version history:
0.9.9 - added
3.5.1 - this property is now nullable

scopes

Description: The scopes for your application. This is the registered scopes string split on whitespace.
Type: Array of Strings
Version history:
4.3.0 - added

redirect_uris

Description: The registered redirection URI(s) for your application.
Type: Array of String (URLs or "urn:ietf:wg:oauth:2.0:oob" as values)
Version history:
4.3.0 - added

redirect_uri deprecated

Description: The registered redirection URI(s) for your application.
May contain \n characters when multiple redirect URIs are registered.
Type: String
Version history:
0.0.0 - added
4.3.0 - deprecated in favour of redirect_uris, since the value of this property is not a well-formed URI when multiple redirect URIs are registered

vapid_key deprecated

Description: Used for Push Streaming API. Returned with POST /api/v1/apps. Equivalent to WebPushSubscription#server_key and Instance#vapid_public_key
Type: String
Version history:
2.8.0 - added
4.3.0 - deprecated pending removal, please see api/v2/instance for this value (configuration.vapid.public_key)

CredentialApplication attributes

All Application attributes and the following:

client_id

Description: Client ID key, to be used for obtaining OAuth tokens
Type: String
Version history:
0.9.9 - added 4.3.0 - moved to CredentialApplication from Application

client_secret

Description: Client secret key, to be used for obtaining OAuth tokens
Type: String
Version history:
0.9.9 - added 4.3.0 - moved to CredentialApplication from Application

client_secret_expires_at

Description: When the client secret key will expire at, presently this always returns 0 indicating that OAuth Clients do not expire
Type: String
Version history:
4.3.0 - added

See also

apps API methods
Status (application attribute)
app/serializers/rest/application_serializer.rb
app/serializers/rest/credential_application_serializer.rb

Last updated October 10, 2024 · Improve this page

Sponsored by

Dotcom-Monitor LoadView Stephen Tures Swayable SponsorMotion

Join Mastodon · Blog ·

View source · CC BY-SA 4.0 · Imprint