Step 1: Create an application

POST {{apiPath}}/environments/{{envID}}/applications

You can use the POST /environments/{{envID}}/applications endpoint to create the new application. In this case, to return a refresh token, the application's grantTypes property specifies both the AUTHORIZATION_CODE and the REFRESH_TOKEN grant types.

For the REFRESH_TOKEN grant, the application configuration supports the following properties in the request body:

refreshTokenDuration

The lifetime in seconds of the refresh token.

refreshTokenRollingDuration

The number of seconds a refresh token can be exchanged before re-authentication is required.

refreshTokenRollingGracePeriodDuration

The number of seconds that a refresh token may be reused after having been exchanged for a new set of tokens.

The response data returns information about the new application, including its id property, which identifies the UUID for this application resource. The application's UUID is required in the next step to get the application's secret.

Request Body

{"name"=>"AppWithCodeGrant_{{$timestamp}}", "enabled"=>true, "type"=>"WEB_APP", "protocol"=>"OPENID_CONNECT", "responseTypes"=>["CODE"], "grantTypes"=>["AUTHORIZATION_CODE", "REFRESH_TOKEN"], "tokenEndpointAuthMethod"=>"CLIENT_SECRET_BASIC", "refreshTokenDuration"=>2592000, "refreshTokenRollingDuration"=>2592000, "refreshTokenRollingGracePeriodDuration"=>60, "postLogoutRedirectUris"=>["https://www.example.com"], "redirectUris"=>["https://www.example.com"]}

HEADERS

Key	Datatype	Required	Description
`Authorization`	string
`Content-Type`	string