Nexus

Nexus APIs

Requires the client.write or client.write.all permission.

Creates a new Auth0 client application with the specified configuration. The client will be created in the Auth0 tenant associated with the specified tenant ID.

Parameters

Name	In	Required	Description
`tenantId`	path	Yes	The ID of the tenant where the client will be created

Request body

Request payload

Example

{
  "id": "string",
  "name": "string",
  "mobile": {
    "ios": {
      "team_id": "string",
      "app_bundle_identifier": "string"
    },
    "android": {
      "keystore_hash": "string",
      "app_package_name": "string"
    }
  },
  "app_type": "string",
  "logo_uri": "string",
  "callbacks": [
    "string"
  ],
  "description": "string",
  "grant_types": [
    "string"
  ],
  "web_origins": [
    "string"
  ],
  "allowed_origins": [
    "string"
  ],
  "client_metadata": {
    "owners": "string",
    "productName": "string",
    "client_upn_key": "string",
    "applicationName": "string",
    "manuallyCreated": false
  },
  "initiate_login_uri": "string",
  "allowed_logout_urls": [
    "string"
  ]
}

Schema

Name	Type	Attributes	Description	Extensions
`app_type`	`string`	required	The type of application (e.g., "regular_web", "spa", "native", "non_interactive"). minLength: 1	—
`name`	`string`	required	The name of the client application. minLength: 1	—
`allowed_logout_urls`	`string[]`	nullable	A set of URLs that are valid to redirect to after logout from Auth0.	—
`allowed_origins`	`string[]`	nullable	Additional origins allowed to make cross-origin resource sharing (CORS) requests.	—
`callbacks`	`string[]`	nullable	Callback URLs for the OAuth2 authentication process.	—
`client_metadata`		—	Custom metadata for Auth0 clients.	—
`description`	`string`	nullable	Optional description of the client.	—
`grant_types`	`string[]`	nullable	The grant types this client supports.	—
`id`	`string`	nullable	The unique identifier for the client (generated by Auth0).	—
`initiate_login_uri`	`string`	nullable	The initiate login URI for the application.	—
`logo_uri`	`string`	nullable	A URI to a logo for the client.	—
`mobile`		—	Mobile device settings for Auth0 client applications.	—
`web_origins`	`string[]`	nullable	Comma-separated list of allowed origins for use with Cross-Origin Authentication, Device Flow, and web message response mode.	—

Example

{
  "id": "string",
  "name": "string",
  "mobile": {
    "ios": {
      "team_id": "string",
      "app_bundle_identifier": "string"
    },
    "android": {
      "keystore_hash": "string",
      "app_package_name": "string"
    }
  },
  "app_type": "string",
  "logo_uri": "string",
  "callbacks": [
    "string"
  ],
  "description": "string",
  "grant_types": [
    "string"
  ],
  "web_origins": [
    "string"
  ],
  "allowed_origins": [
    "string"
  ],
  "client_metadata": {
    "owners": "string",
    "productName": "string",
    "client_upn_key": "string",
    "applicationName": "string",
    "manuallyCreated": false
  },
  "initiate_login_uri": "string",
  "allowed_logout_urls": [
    "string"
  ]
}

Schema

Name	Type	Attributes	Description	Extensions
`app_type`	`string`	required	The type of application (e.g., "regular_web", "spa", "native", "non_interactive"). minLength: 1	—
`name`	`string`	required	The name of the client application. minLength: 1	—
`allowed_logout_urls`	`string[]`	nullable	A set of URLs that are valid to redirect to after logout from Auth0.	—
`allowed_origins`	`string[]`	nullable	Additional origins allowed to make cross-origin resource sharing (CORS) requests.	—
`callbacks`	`string[]`	nullable	Callback URLs for the OAuth2 authentication process.	—
`client_metadata`		—	Custom metadata for Auth0 clients.	—
`description`	`string`	nullable	Optional description of the client.	—
`grant_types`	`string[]`	nullable	The grant types this client supports.	—
`id`	`string`	nullable	The unique identifier for the client (generated by Auth0).	—
`initiate_login_uri`	`string`	nullable	The initiate login URI for the application.	—
`logo_uri`	`string`	nullable	A URI to a logo for the client.	—
`mobile`		—	Mobile device settings for Auth0 client applications.	—
`web_origins`	`string[]`	nullable	Comma-separated list of allowed origins for use with Cross-Origin Authentication, Device Flow, and web message response mode.	—

Example

{
  "id": "string",
  "name": "string",
  "mobile": {
    "ios": {
      "team_id": "string",
      "app_bundle_identifier": "string"
    },
    "android": {
      "keystore_hash": "string",
      "app_package_name": "string"
    }
  },
  "app_type": "string",
  "logo_uri": "string",
  "callbacks": [
    "string"
  ],
  "description": "string",
  "grant_types": [
    "string"
  ],
  "web_origins": [
    "string"
  ],
  "allowed_origins": [
    "string"
  ],
  "client_metadata": {
    "owners": "string",
    "productName": "string",
    "client_upn_key": "string",
    "applicationName": "string",
    "manuallyCreated": false
  },
  "initiate_login_uri": "string",
  "allowed_logout_urls": [
    "string"
  ]
}

Schema

Name	Type	Attributes	Description	Extensions
`app_type`	`string`	required	The type of application (e.g., "regular_web", "spa", "native", "non_interactive"). minLength: 1	—
`name`	`string`	required	The name of the client application. minLength: 1	—
`allowed_logout_urls`	`string[]`	nullable	A set of URLs that are valid to redirect to after logout from Auth0.	—
`allowed_origins`	`string[]`	nullable	Additional origins allowed to make cross-origin resource sharing (CORS) requests.	—
`callbacks`	`string[]`	nullable	Callback URLs for the OAuth2 authentication process.	—
`client_metadata`		—	Custom metadata for Auth0 clients.	—
`description`	`string`	nullable	Optional description of the client.	—
`grant_types`	`string[]`	nullable	The grant types this client supports.	—
`id`	`string`	nullable	The unique identifier for the client (generated by Auth0).	—
`initiate_login_uri`	`string`	nullable	The initiate login URI for the application.	—
`logo_uri`	`string`	nullable	A URI to a logo for the client.	—
`mobile`		—	Mobile device settings for Auth0 client applications.	—
`web_origins`	`string[]`	nullable	Comma-separated list of allowed origins for use with Cross-Origin Authentication, Device Flow, and web message response mode.	—

Example

{
  "id": "string",
  "name": "string",
  "mobile": {
    "ios": {
      "team_id": "string",
      "app_bundle_identifier": "string"
    },
    "android": {
      "keystore_hash": "string",
      "app_package_name": "string"
    }
  },
  "app_type": "string",
  "logo_uri": "string",
  "callbacks": [
    "string"
  ],
  "description": "string",
  "grant_types": [
    "string"
  ],
  "web_origins": [
    "string"
  ],
  "allowed_origins": [
    "string"
  ],
  "client_metadata": {
    "owners": "string",
    "productName": "string",
    "client_upn_key": "string",
    "applicationName": "string",
    "manuallyCreated": false
  },
  "initiate_login_uri": "string",
  "allowed_logout_urls": [
    "string"
  ]
}

Schema

Name	Type	Attributes	Description	Extensions
`app_type`	`string`	required	The type of application (e.g., "regular_web", "spa", "native", "non_interactive"). minLength: 1	—
`name`	`string`	required	The name of the client application. minLength: 1	—
`allowed_logout_urls`	`string[]`	nullable	A set of URLs that are valid to redirect to after logout from Auth0.	—
`allowed_origins`	`string[]`	nullable	Additional origins allowed to make cross-origin resource sharing (CORS) requests.	—
`callbacks`	`string[]`	nullable	Callback URLs for the OAuth2 authentication process.	—
`client_metadata`		—	Custom metadata for Auth0 clients.	—
`description`	`string`	nullable	Optional description of the client.	—
`grant_types`	`string[]`	nullable	The grant types this client supports.	—
`id`	`string`	nullable	The unique identifier for the client (generated by Auth0).	—
`initiate_login_uri`	`string`	nullable	The initiate login URI for the application.	—
`logo_uri`	`string`	nullable	A URI to a logo for the client.	—
`mobile`		—	Mobile device settings for Auth0 client applications.	—
`web_origins`	`string[]`	nullable	Comma-separated list of allowed origins for use with Cross-Origin Authentication, Device Flow, and web message response mode.	—

Example

{
  "id": "string",
  "name": "string",
  "mobile": {
    "ios": {
      "team_id": "string",
      "app_bundle_identifier": "string"
    },
    "android": {
      "keystore_hash": "string",
      "app_package_name": "string"
    }
  },
  "app_type": "string",
  "logo_uri": "string",
  "callbacks": [
    "string"
  ],
  "description": "string",
  "grant_types": [
    "string"
  ],
  "web_origins": [
    "string"
  ],
  "allowed_origins": [
    "string"
  ],
  "client_metadata": {
    "owners": "string",
    "productName": "string",
    "client_upn_key": "string",
    "applicationName": "string",
    "manuallyCreated": false
  },
  "initiate_login_uri": "string",
  "allowed_logout_urls": [
    "string"
  ]
}

Schema

Name	Type	Attributes	Description	Extensions
`app_type`	`string`	required	The type of application (e.g., "regular_web", "spa", "native", "non_interactive"). minLength: 1	—
`name`	`string`	required	The name of the client application. minLength: 1	—
`allowed_logout_urls`	`string[]`	nullable	A set of URLs that are valid to redirect to after logout from Auth0.	—
`allowed_origins`	`string[]`	nullable	Additional origins allowed to make cross-origin resource sharing (CORS) requests.	—
`callbacks`	`string[]`	nullable	Callback URLs for the OAuth2 authentication process.	—
`client_metadata`		—	Custom metadata for Auth0 clients.	—
`description`	`string`	nullable	Optional description of the client.	—
`grant_types`	`string[]`	nullable	The grant types this client supports.	—
`id`	`string`	nullable	The unique identifier for the client (generated by Auth0).	—
`initiate_login_uri`	`string`	nullable	The initiate login URI for the application.	—
`logo_uri`	`string`	nullable	A URI to a logo for the client.	—
`mobile`		—	Mobile device settings for Auth0 client applications.	—
`web_origins`	`string[]`	nullable	Comma-separated list of allowed origins for use with Cross-Origin Authentication, Device Flow, and web message response mode.	—

Example

{
  "id": "string",
  "name": "string",
  "mobile": {
    "ios": {
      "team_id": "string",
      "app_bundle_identifier": "string"
    },
    "android": {
      "keystore_hash": "string",
      "app_package_name": "string"
    }
  },
  "app_type": "string",
  "logo_uri": "string",
  "callbacks": [
    "string"
  ],
  "description": "string",
  "grant_types": [
    "string"
  ],
  "web_origins": [
    "string"
  ],
  "allowed_origins": [
    "string"
  ],
  "client_metadata": {
    "owners": "string",
    "productName": "string",
    "client_upn_key": "string",
    "applicationName": "string",
    "manuallyCreated": false
  },
  "initiate_login_uri": "string",
  "allowed_logout_urls": [
    "string"
  ]
}

Schema

Name	Type	Attributes	Description	Extensions
`app_type`	`string`	required	The type of application (e.g., "regular_web", "spa", "native", "non_interactive"). minLength: 1	—
`name`	`string`	required	The name of the client application. minLength: 1	—
`allowed_logout_urls`	`string[]`	nullable	A set of URLs that are valid to redirect to after logout from Auth0.	—
`allowed_origins`	`string[]`	nullable	Additional origins allowed to make cross-origin resource sharing (CORS) requests.	—
`callbacks`	`string[]`	nullable	Callback URLs for the OAuth2 authentication process.	—
`client_metadata`		—	Custom metadata for Auth0 clients.	—
`description`	`string`	nullable	Optional description of the client.	—
`grant_types`	`string[]`	nullable	The grant types this client supports.	—
`id`	`string`	nullable	The unique identifier for the client (generated by Auth0).	—
`initiate_login_uri`	`string`	nullable	The initiate login URI for the application.	—
`logo_uri`	`string`	nullable	A URI to a logo for the client.	—
`mobile`		—	Mobile device settings for Auth0 client applications.	—
`web_origins`	`string[]`	nullable	Comma-separated list of allowed origins for use with Cross-Origin Authentication, Device Flow, and web message response mode.	—

Example

{
  "id": "string",
  "name": "string",
  "mobile": {
    "ios": {
      "team_id": "string",
      "app_bundle_identifier": "string"
    },
    "android": {
      "keystore_hash": "string",
      "app_package_name": "string"
    }
  },
  "app_type": "string",
  "logo_uri": "string",
  "callbacks": [
    "string"
  ],
  "description": "string",
  "grant_types": [
    "string"
  ],
  "web_origins": [
    "string"
  ],
  "allowed_origins": [
    "string"
  ],
  "client_metadata": {
    "owners": "string",
    "productName": "string",
    "client_upn_key": "string",
    "applicationName": "string",
    "manuallyCreated": false
  },
  "initiate_login_uri": "string",
  "allowed_logout_urls": [
    "string"
  ]
}

Schema

Name	Type	Attributes	Description	Extensions
`app_type`	`string`	required	The type of application (e.g., "regular_web", "spa", "native", "non_interactive"). minLength: 1	—
`name`	`string`	required	The name of the client application. minLength: 1	—
`allowed_logout_urls`	`string[]`	nullable	A set of URLs that are valid to redirect to after logout from Auth0.	—
`allowed_origins`	`string[]`	nullable	Additional origins allowed to make cross-origin resource sharing (CORS) requests.	—
`callbacks`	`string[]`	nullable	Callback URLs for the OAuth2 authentication process.	—
`client_metadata`		—	Custom metadata for Auth0 clients.	—
`description`	`string`	nullable	Optional description of the client.	—
`grant_types`	`string[]`	nullable	The grant types this client supports.	—
`id`	`string`	nullable	The unique identifier for the client (generated by Auth0).	—
`initiate_login_uri`	`string`	nullable	The initiate login URI for the application.	—
`logo_uri`	`string`	nullable	A URI to a logo for the client.	—
`mobile`		—	Mobile device settings for Auth0 client applications.	—
`web_origins`	`string[]`	nullable	Comma-separated list of allowed origins for use with Cross-Origin Authentication, Device Flow, and web message response mode.	—

Example

{
  "id": "string",
  "name": "string",
  "mobile": {
    "ios": {
      "team_id": "string",
      "app_bundle_identifier": "string"
    },
    "android": {
      "keystore_hash": "string",
      "app_package_name": "string"
    }
  },
  "app_type": "string",
  "logo_uri": "string",
  "callbacks": [
    "string"
  ],
  "description": "string",
  "grant_types": [
    "string"
  ],
  "web_origins": [
    "string"
  ],
  "allowed_origins": [
    "string"
  ],
  "client_metadata": {
    "owners": "string",
    "productName": "string",
    "client_upn_key": "string",
    "applicationName": "string",
    "manuallyCreated": false
  },
  "initiate_login_uri": "string",
  "allowed_logout_urls": [
    "string"
  ]
}

Schema

Name	Type	Attributes	Description	Extensions
`app_type`	`string`	required	The type of application (e.g., "regular_web", "spa", "native", "non_interactive"). minLength: 1	—
`name`	`string`	required	The name of the client application. minLength: 1	—
`allowed_logout_urls`	`string[]`	nullable	A set of URLs that are valid to redirect to after logout from Auth0.	—
`allowed_origins`	`string[]`	nullable	Additional origins allowed to make cross-origin resource sharing (CORS) requests.	—
`callbacks`	`string[]`	nullable	Callback URLs for the OAuth2 authentication process.	—
`client_metadata`		—	Custom metadata for Auth0 clients.	—
`description`	`string`	nullable	Optional description of the client.	—
`grant_types`	`string[]`	nullable	The grant types this client supports.	—
`id`	`string`	nullable	The unique identifier for the client (generated by Auth0).	—
`initiate_login_uri`	`string`	nullable	The initiate login URI for the application.	—
`logo_uri`	`string`	nullable	A URI to a logo for the client.	—
`mobile`		—	Mobile device settings for Auth0 client applications.	—
`web_origins`	`string[]`	nullable	Comma-separated list of allowed origins for use with Cross-Origin Authentication, Device Flow, and web message response mode.	—

Responses

201

Example

{
  "id": "string",
  "name": "string",
  "type": "string",
  "mobile": {
    "ios": {
      "team_id": "string",
      "app_bundle_identifier": "string"
    },
    "android": {
      "keystore_hash": "string",
      "app_package_name": "string"
    }
  },
  "owners": [
    "string"
  ],
  "secret": "string",
  "logoUrl": "string",
  "grantTypes": [
    "string"
  ],
  "productName": "string",
  "callbackUrls": [
    "string"
  ],
  "client_upn_key": "string",
  "applicationName": "string",
  "manuallyCreated": false,
  "clientAuthMethod": "string",
  "allowedLogoutUrls": [
    "string"
  ],
  "allowedWebOrigins": [
    "string"
  ],
  "idTokenExpiration": 0,
  "allowedCorsOrigins": [
    "string"
  ],
  "refreshTokenReuseInterval": 0,
  "refreshTokenAbsoluteLifetime": 0,
  "isRefreshTokenRotationEnabled": false,
  "allowCrossOriginAuthentication": false,
  "refreshTokenInactivityLifetime": 0,
  "isRefreshTokenAbsoluteExpirationEnabled": false,
  "isRefreshTokenInactivityLifetimeEnabled": false
}

Schema

Name Type Attributes Description Extensions

allowCrossOriginAuthentication boolean nullable When allowed, cross-origin authentication allows applications to make authentication requests when the Lock widget or custom HTML is used. —

allowedCorsOrigins string[] nullable Additional origins allowed to make cross-origin resource sharing (CORS) requests. Allowed callback URLs are already included in this list. —

allowedLogoutUrls string[] nullable A set of URLs that are valid to redirect to after logout from Auth0. Multiple values should be comma separated. —

allowedWebOrigins string[] nullable Comma-separated list of allowed origins for use with Cross-Origin Authentication, Device Flow, and web message response mode. —

applicationName string nullable The name of the application associated with the client. —

callbackUrls string[] nullable Callback URLs for the OAuth2 authentication process. Multiple values should be comma separated. —

clientAuthMethod

ClientAuthMethod

—

The method a client applicaiton uses to authenticate with Auth0 when necessary (such as when using the token endpoint)

Value	Description
`None`	—
`ClientSecretPost`	—
`ClientSecretBasic`	—

—

client_upn_key string nullable The client UPN key for user principal name mapping. —

grantTypes string[] nullable The grant types supported for this application —

id string nullable The unique identifier that is also used in OAuth/OIDC authorization flows. —

idTokenExpiration integer (int32) nullable This setting allows you to set the lifetime of the id_token (in seconds) —

isRefreshTokenAbsoluteExpirationEnabled boolean nullable When enabled, a refresh_token will expire based on an absolute lifetime, after which the token can no longer be used. If rotation is enabled, an expiration lifetime must be set. —

isRefreshTokenInactivityLifetimeEnabled boolean nullable When enabled, a refresh_token will expire based on a specified inactivity lifetime, after which the token can no longer be used. —

isRefreshTokenRotationEnabled boolean nullable When enabled, as a result of exchanging a refresh token, a new refresh token will be issued and the existing token will be invalidated. This allows for automatic detection of token reuse if the token is leaked. In addition, an absolute expiration lifetime must be set. —

logoUrl string nullable A URL to a logo for the client. —

manuallyCreated boolean — Indicates whether the client was created manually (true) or via Terraform (false). —

mobile — Mobile device settings for Auth0 client applications. —

name string nullable The name of the client. —

owners string[] nullable A list of roles or user IDs who have permissions over this client. —

productName string nullable The name of the product associated with the client. —

refreshTokenAbsoluteLifetime integer (int32) nullable Sets the absolute lifetime of a refresh_token (in seconds). —

refreshTokenInactivityLifetime integer (int32) nullable Sets the inactivity lifetime of a refresh_token (in seconds). —

refreshTokenReuseInterval integer (int32) nullable The allowable leeway time that the same refresh_token can be used to request an access_token without triggering automatic reuse detection. —

secret string nullable A client secret is a secret passphrase that proves to the authentication server that the client app is authorized to make a request on behalf of the user. —

type string nullable The type of client. —

Example

{
  "id": "string",
  "name": "string",
  "type": "string",
  "mobile": {
    "ios": {
      "team_id": "string",
      "app_bundle_identifier": "string"
    },
    "android": {
      "keystore_hash": "string",
      "app_package_name": "string"
    }
  },
  "owners": [
    "string"
  ],
  "secret": "string",
  "logoUrl": "string",
  "grantTypes": [
    "string"
  ],
  "productName": "string",
  "callbackUrls": [
    "string"
  ],
  "client_upn_key": "string",
  "applicationName": "string",
  "manuallyCreated": false,
  "clientAuthMethod": "string",
  "allowedLogoutUrls": [
    "string"
  ],
  "allowedWebOrigins": [
    "string"
  ],
  "idTokenExpiration": 0,
  "allowedCorsOrigins": [
    "string"
  ],
  "refreshTokenReuseInterval": 0,
  "refreshTokenAbsoluteLifetime": 0,
  "isRefreshTokenRotationEnabled": false,
  "allowCrossOriginAuthentication": false,
  "refreshTokenInactivityLifetime": 0,
  "isRefreshTokenAbsoluteExpirationEnabled": false,
  "isRefreshTokenInactivityLifetimeEnabled": false
}

Schema

Name Type Attributes Description Extensions

allowCrossOriginAuthentication boolean nullable When allowed, cross-origin authentication allows applications to make authentication requests when the Lock widget or custom HTML is used. —

allowedCorsOrigins string[] nullable Additional origins allowed to make cross-origin resource sharing (CORS) requests. Allowed callback URLs are already included in this list. —

allowedLogoutUrls string[] nullable A set of URLs that are valid to redirect to after logout from Auth0. Multiple values should be comma separated. —

allowedWebOrigins string[] nullable Comma-separated list of allowed origins for use with Cross-Origin Authentication, Device Flow, and web message response mode. —

applicationName string nullable The name of the application associated with the client. —

callbackUrls string[] nullable Callback URLs for the OAuth2 authentication process. Multiple values should be comma separated. —

clientAuthMethod

ClientAuthMethod

—

The method a client applicaiton uses to authenticate with Auth0 when necessary (such as when using the token endpoint)

Value	Description
`None`	—
`ClientSecretPost`	—
`ClientSecretBasic`	—