CreateApplication - Resource Access Management - Alibaba Cloud Documentation Center

Creates an application.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer.

Debug

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

Operation: the value that you can use in the Action element to specify the operation on a resource.
Access level: the access level of each operation. The levels are read, write, and list.
Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
- The required resource types are displayed in bold characters.
- If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
Condition Key: the condition key that is defined by the cloud service.
Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.

Operation	Access level	Resource type	Condition key	Associated operation
ram:CreateApplication	Write	Application acs:ram::{#accountId}:application/*	none	none

Request parameters

Parameter	Type	Required	Description	Example
DisplayName	string	Yes	The display name of the application. The name can be up to 24 characters in length.	myapp
AppType	string	Yes	The type of the application. Valid values: WebApp: a web application that interacts with a browser. NativeApp: a native application that runs on an operating system, such as a desktop operating system or a mobile operating system. ServerApp: an application that accesses Alibaba Cloud services without the need of manual user logon. User provisioning is automated based on the System for Cross-Domain Identity Management (SCIM) protocol.	WebApp
RedirectUris	string	No	The callback URL. If you enter multiple callback URLs, separate them with semicolons (;).	https://www.example.com
SecretRequired	boolean	No	Indicates whether a secret is required. Valid values: true false Note For applications of the WebApp and ServerApp types, this parameter is automatically set to true and cannot be changed. For applications of the NativeApp type, this parameter can be set to true or false. If you do not set this parameter, false is used. Applications of the NativeApp type run in untrusted environments and the secrets of these applications are not protected. Therefore, we recommend that you do not set this parameter to true unless otherwise specified. For more information, see Use an application of the NativeApp type to log on to Alibaba Cloud.	true
AccessTokenValidity	integer	No	The validity period of the access token. Valid values: 900 to 10800. Unit: seconds. Default value: 3600.	3600
RefreshTokenValidity	integer	No	The validity period of the refreshed token. Valid values: 7200 to 31536000. Unit: seconds. Default value: For applications of the WebApp and ServerApp types, if this parameter is left empty, the value 2592000 is used. The value 2592000 indicates that the validity period of the refreshed token is 30 days. For applications of the NativeApp type, if this parameter is left empty, the value 7776000 is used. The value 7776000 indicates that the validity period of the refreshed token is 90 days.	2592000
PredefinedScopes	string	No	The scope of application permissions. For more information about the application permission scope, see Open authorization scope. You can also call the ListPredefinedScopes operation to obtain the permission scopes supported by different types of applications. If you enter multiple permission scopes, separate them with semicolons (;).	aliuid
RequiredScopes	string	No	The required permission. You can specify one or more permissions for the `RequiredScopes` parameter. After you specify this parameter, the required permissions are automatically selected and cannot be revoked when a user grants permissions on the application. If you enter multiple permissions, separate them with semicolons (;). Note If the permission that you specify for the `RequiredScopes` parameter is not included in value of the `PredefinedScopes` parameter, the permission does not take effect.	aliuid;profile
IsMultiTenant	boolean	No	Indicates whether the application can be installed by using other Alibaba Cloud accounts. Valid values: true: If you do not set this parameter for applications of the NativeApp and ServerApp types, true is used. false: If you do not set this parameter for applications of the WebApp type, false is used.	false
AppName	string	Yes	The application name. The name can be up to 64 characters in length. The name can contain letters, digits, periods (.), underscores (_), and hyphens (-).	myapp

Response parameters

Parameter	Type	Description	Example
	object
RequestId	string	The request ID.	6616F09B-2768-4C11-8866-A8EE4C4A583E
Application	object	The information about the application.
DisplayName	string	The display name of the application.	myapp
AccessTokenValidity	integer	The validity period of the access token. Unit: seconds.	3600
SecretRequired	boolean	Indicates whether a secret is required.	true
AccountId	string	The ID of the Alibaba Cloud account to which the application belongs.	177242285274****
CreateDate	string	The creation time.	2020-10-23T08:06:57Z
AppName	string	The application name.	myapp
RedirectUris	array	The callback URLs.
	string	The callback URL.	https://www.example.com
UpdateDate	string	The update time.	2020-10-23T08:06:57Z
DelegatedScope	object	The information about the permissions that are granted on the application.
PredefinedScopes	object []	The information about the permissions that are granted on the application.
Description	string	The description of the permission.	Obtain the OpenID of the user. This is the default permission that you cannot remove.
Required	boolean	Indicates whether the permission is automatically selected by default when you install the application. Valid values: true false `openid` is required by default.	true
Name	string	The name of the permission.	openid
AppId	string	The ID of the application.	472457090344041****
RefreshTokenValidity	integer	The validity period of the refresh token. Unit: seconds.	7776000
IsMultiTenant	boolean	Indicates whether the application can be installed by using other Alibaba Cloud accounts.	true
AppType	string	The application type.	WebApp

Examples

Sample success responses

JSONformat

{
  "RequestId": "6616F09B-2768-4C11-8866-A8EE4C4A583E",
  "Application": {
    "DisplayName": "myapp",
    "AccessTokenValidity": 3600,
    "SecretRequired": true,
    "AccountId": "177242285274****",
    "CreateDate": "2020-10-23T08:06:57Z",
    "AppName": "myapp",
    "RedirectUris": {
      "RedirectUri": [
        "https://www.example.com"
      ]
    },
    "UpdateDate": "2020-10-23T08:06:57Z",
    "DelegatedScope": {
      "PredefinedScopes": {
        "PredefinedScope": [
          {
            "Description": "Obtain the OpenID of the user. This is the default permission that you cannot remove.",
            "Required": true,
            "Name": "openid"
          }
        ]
      }
    },
    "AppId": "472457090344041****",
    "RefreshTokenValidity": 7776000,
    "IsMultiTenant": true,
    "AppType": "WebApp"
  }
}

Error codes

For a list of error codes, visit the Service error codes.

Change history

Change time

Summary of changes

Operation

2023-11-23

The request parameters of the API has changed. The response structure of the API has changed

see changesets

Change item	Change content
Input Parameters	The request parameters of the API has changed.
	Added Input Parameters: RequiredScopes
Output Parameters	The response structure of the API has changed.