Capitán
Capitán6d ago

Confused about API implementation in my automation

Hi, I’m new to ZITADEL and currently automating organization, project, and application setup. My goal is: 1. Run a script that starts ZITADEL via Docker 2. Automatically create a project and an application 3. Store the generated client ID and secret in an .env file for other apps I got this working using: zitadel.project.v2.ProjectService/CreateProject zitadel.application.v2.ApplicationService/CreateApplication It works fine, but my coworker requested that the application should be of type web and use POST as the auth method. These settings seem to vary by app, but I don’t see such fields in the v2 API docs. When I inspected the ZITADEL UI network requests, the app creation call seems to use the v1 API, which makes me wonder if I’m missing something. Environment: ZITADEL version: 4.6.2 Is there a way to specify application type (web) and auth method (POST) via the v2 API, or do we still need to use v1 for that? Thanks!
17 Replies
Ask Inkeep
Ask Inkeep6d ago
Hi @Capitán, I'm an AI assistant for ZITADEL. While a team member reviews this question, I'll see if I can find relevant sources for your question. Answer Based on the available documentation, the v2 API does support specifying application type and auth method through the CreateApplication endpoint (1) . When creating an application with the v2 API, you need to include the OIDC configuration in your request body. The structure allows you to specify: - Application Type via the applicationType field (with values like OIDC_APP_TYPE_WEB, OIDC_APP_TYPE_USER_AGENT, OIDC_APP_TYPE_NATIVE) - Auth Method via the authMethodType field (with values including OIDC_AUTH_METHOD_TYPE_BASIC, OIDC_AUTH_METHOD_TYPE_POST, OIDC_AUTH_METHOD_TYPE_NONE, OIDC_AUTH_METHOD_TYPE_PRIVATE_KEY_JWT) The v2 API uses a unified CreateApplication endpoint with type-specific configuration blocks (OIDC, SAML, or API) , rather than the v1 approach which had separate endpoints for each application type (2) . For your use case (web application with POST auth method) , your request body should include an oidcConfiguration object with applicationType: "OIDC_APP_TYPE_WEB" and authMethodType: "OIDC_AUTH_METHOD_TYPE_POST" (1) . Regarding the Console UI still using v1 APIs - there's an open GitHub issue tracking the migration of Console application UIs to the v2 API (3) , which explains why you're seeing v1 calls in the network requests. ​ To learn more, see the sources I considered: [1] CreateApplication [2] Migrate from v1 APIs to v2 APIs [3] Console: Change Application UIs to API v2 ​ Feel free to tag @Ask Inkeep with additional questions.
Capitán
CapitánOP6d ago
@Ask Inkeep There is no mention of Application Type in the docs. The navigation button for oidc_configuration and saml_configuration are not working. Is this the ui issue then?
Ask Inkeep
Ask Inkeep6d ago
Thanks for the follow-up, @Capitán. I'll get back to you soon. Answer I wasn't able to find a direct answer to your specific question about the documentation navigation buttons or application type configuration in the v2 API based on the available sources. The sources I have access to primarily cover SAML integration, identity providers, and custom login UI topics, but don't include the detailed API v2 reference documentation for the CreateApplication endpoint that would show the oidc_configuration structure and applicationType field. For questions about: - API v2 documentation navigation issues - Specific fields in the CreateApplication endpoint - The oidc_configuration and saml_configuration parameters I'd recommend: 1. Checking the API reference directly at your ZITADEL instance: `https://your-instance/docs/apis/resources/application_service_v2%60 2. Reviewing the ZITADEL API documentation 3. Contacting support through: - Contact - GitHub - Discord Would you like me to try providing a general answer based on my knowledge of how OIDC application configuration typically works? Feel free to tag @Ask Inkeep with additional questions. Got it. Tagging @Rajat for additional help.
Capitán
CapitánOP6d ago
@Ask Inkeep can you give me the endpoints and available parameters?
Ask Inkeep
Ask Inkeep6d ago
Thanks for the follow-up, @Capitán. I'll get back to you soon. Answer I wasn't able to find a direct answer, here are some relevant sources: 1. Migrate from v1 APIs to v2 APIs (1) : This source explains that the v2 API uses a single CreateApplication endpoint with type-specific configuration (OIDC, SAML, or API) in the request body, replacing the v1's multiple type-specific endpoints like AddOIDCApp, AddSAMLApp, and AddAPIApp. 2. Add app requests to resource API (2) : This GitHub issue discusses the v2 API structure for creating applications, mentioning that CreateApplication uses a OneOf structure with application-type specific bodies for OIDC, SAML, and API configurations. For the complete endpoint specification and all available parameters for the v2 CreateApplication endpoint, I recommend: - Visit Contact - Visit GitHub - Visit Discord Would you like a general answer based on my knowledge instead? ​ To learn more, see the sources I considered: [1] Migrate from v1 APIs to v2 APIs [2] Add app requests to resource API ​ Feel free to tag @Ask Inkeep with additional questions.
Capitán
CapitánOP5d ago
@Rajat Can you please help me with this? @Ask Inkeep TThe migrate from v1 apis to v2 apis says to specify the type of application, you will include its specific configuration object within the request body. For example, to create a OIDC app, you will provide a oidc object in the request. All properties that are common to every application, such as name, are now top-level fields in the request body, consistent across all types. Where are the sample for those request?
Ask Inkeep
Ask Inkeep5d ago
Thanks for the follow-up, @Capitán. I'll get back to you soon. Answer The v2 API documentation provides request body samples for creating applications (1) . For creating an OIDC web application with POST auth method, your request body structure should look like this : 
{
  "projectId": "string",
  "applicationId": "string",
  "name": "string",
  "oidcConfiguration": {
    "authMethodType": "OIDC_AUTH_METHOD_TYPE_POST"
  }
}
{
  "projectId": "string",
  "applicationId": "string",
  "name": "string",
  "oidcConfiguration": {
    "authMethodType": "OIDC_AUTH_METHOD_TYPE_POST"
  }
}
The key fields you need are : - projectId (required) - The ID of the project where the application will be created - name (required) - Publicly visible name of the application - oidcConfiguration - Contains OIDC-specific settings - authMethodType - Set to OIDC_AUTH_METHOD_TYPE_POST for POST authentication The endpoint is : 
POST <https://$CUSTOM-DOMAIN/zitadel.application.v2.ApplicationService/CreateApplication>
POST <https://$CUSTOM-DOMAIN/zitadel.application.v2.ApplicationService/CreateApplication>
The v2 API uses a unified approach where you specify the application type through the configuration object you include (oidcConfiguration, samlConfiguration, or apiConfiguration) (2) . This replaces the v1 approach which had separate endpoints like AddOIDCApp, AddSAMLApp, and AddAPIApp . ​ To learn more, see the sources I considered: [1] CreateApplication [2] Migrate from v1 APIs to v2 APIs ​ Feel free to tag @Ask Inkeep with additional questions.
Capitán
CapitánOP5d ago
@Ask Inkeep what about application type? web, native, user agent, api, saml
Ask Inkeep
Ask Inkeep5d ago
Thanks for the follow-up, @Capitán. I'll get back to you soon. Answer I wasn't able to find a direct answer in the available v2 API documentation about specifying the application type (web, native, user agent) within the oidcConfiguration object. The v2 API uses different configuration objects to distinguish between OIDC, API, and SAML applications (1) : - oidcConfiguration for OIDC applications - apiConfiguration for API applications
- samlConfiguration for SAML applications However, the provided v2 documentation doesn't show an appType or applicationType field within the oidcConfiguration object . In contrast, the v1 API explicitly includes an appType parameter with values like OIDC_APP_TYPE_WEB, OIDC_APP_TYPE_USER_AGENT, and OIDC_APP_TYPE_NATIVE (2) (3) (4) . For your automation needs where you want to specify a web application with POST auth method, you may need to either: 1. Check if there are additional undocumented parameters in the v2 API 2. Use the v1 API endpoint which explicitly supports these settings (2) Would you like me to provide the v1 API request structure that includes both appType and authMethodType parameters? ​ To learn more, see the sources I considered: [1] CreateApplication [2] Create Application (OIDC) [3] Search Applications [4] Update OIDC Application Config ​ Feel free to tag @Ask Inkeep with additional questions.
Capitán
CapitánOP5d ago
@Ask Inkeep i think i found a clue, "The biggest change is in how you create/update applications. Instead of calling a specific endpoint for each type (e.g., CreateOidcApp, CreateSamlApp), you will now use a single CreateApp endpoint. To specify the type of application, you will include its specific configuration object within the request body. For example, to create a OIDC app, you will provide a oidc object in the request. All properties that are common to every application, such as name, are now top-level fields in the request body, consistent across all types." This was mentioned in migration docs.
Ask Inkeep
Ask Inkeep5d ago
Thanks for the follow-up, @Capitán. I'll get back to you soon. Answer --- You're on the right track. The v2 API consolidates application creation into a single endpoint where you specify the application type through the configuration object you include in the request body (1) . For OIDC applications specifically, the v1 API had explicit fields for appType (web, native, user agent) and authMethodType (basic, post, none, private key JWT) (2) . In v1, you would set: - appType: "OIDC_APP_TYPE_WEB" for a web application - authMethodType: "OIDC_AUTH_METHOD_TYPE_POST" for POST authentication Based on the migration documentation, the v2 approach uses the oidcConfiguration object within the CreateApplication request to specify OIDC-specific settings (1) . However, the available v2 documentation doesn't explicitly show how to specify the application type (web vs native vs user agent) within that configuration object. The v1 API structure for creating an OIDC web application with POST auth method looks like this (2) : 
{
  "name": "MyOIDCApp",
  "redirectUris": [
    "<http://localhost:4200/auth/callback%22>
  ],
  "responseTypes": [
    "OIDC_RESPONSE_TYPE_CODE"
  ],
  "grantTypes": [
    "OIDC_GRANT_TYPE_AUTHORIZATION_CODE"
  ],
  "appType": "OIDC_APP_TYPE_WEB",
  "authMethodType": "OIDC_AUTH_METHOD_TYPE_POST"
}
{
  "name": "MyOIDCApp",
  "redirectUris": [
    "<http://localhost:4200/auth/callback%22>
  ],
  "responseTypes": [
    "OIDC_RESPONSE_TYPE_CODE"
  ],
  "grantTypes": [
    "OIDC_GRANT_TYPE_AUTHORIZATION_CODE"
  ],
  "appType": "OIDC_APP_TYPE_WEB",
  "authMethodType": "OIDC_AUTH_METHOD_TYPE_POST"
}
If the v2 API doesn't yet expose the application type parameter in the oidcConfiguration, you may need to continue using the v1 endpoint (POST /management/v1/projects/:projectId/apps/oidc) for your automation until the v2 API fully supports these settings. ​ To learn more, see the sources I considered: [1] Migrate from v1 APIs to v2 APIs [2] Create Application (OIDC) ​ Feel free to tag @Ask Inkeep with additional questions.
Capitán
CapitánOP5d ago
@Rajat Please do let me know if you have any opinions, resources or snippets to share, Thanks again
Rajat
Rajat5d ago
hey @Capitán thanks for your question, I willl take a look and get back to you on it.
Capitán
CapitánOP5d ago
@Rajat Can you check if oidc_configuration and saml_configuration navigation on request body section works for you? https://zitadel.com/docs/apis/resources/application_service_v2/zitadel-application-v-2-application-service-create-application I have solved this issue 🙂
Rajat
Rajat4d ago
hey @Capitán good morning! glad that you were able to solve it, what did you do to fix it?. It will be helpful for future users.
Capitán
CapitánOP4d ago
I used following snippet for Type API application 
    payload := map[string]interface{}{
        "projectId":       projectID,
        "name":            app.Name,
        "applicationId":   app.ID,
        "applicationType": "APPLICATION_TYPE_API",
        "apiConfiguration": map[string]interface{}{
            "authMethodType": "API_AUTH_METHOD_TYPE_BASIC",
        },
    }
    payload := map[string]interface{}{
        "projectId":       projectID,
        "name":            app.Name,
        "applicationId":   app.ID,
        "applicationType": "APPLICATION_TYPE_API",
        "apiConfiguration": map[string]interface{}{
            "authMethodType": "API_AUTH_METHOD_TYPE_BASIC",
        },
    }
and for OIDC: 
    payload := map[string]interface{}{
        "projectId":       projectID,
        "name":            app.Name,
        "applicationId":   app.ID,
        "applicationType": "APPLICATION_TYPE_OIDC",
        "oidcConfiguration": map[string]interface{}{
            "version":                app.OIDC.Version,
            "redirectUris":           app.OIDC.RedirectURIs,
            "responseTypes":          app.OIDC.ResponseTypes,
            "grantTypes":             app.OIDC.GrantTypes,
            "appType":                app.OIDC.AppType,
            "authMethodType":         app.OIDC.AuthMethodType,
            "postLogoutRedirectUris": app.OIDC.PostLogoutRedirectURIs,
        },
    }
    payload := map[string]interface{}{
        "projectId":       projectID,
        "name":            app.Name,
        "applicationId":   app.ID,
        "applicationType": "APPLICATION_TYPE_OIDC",
        "oidcConfiguration": map[string]interface{}{
            "version":                app.OIDC.Version,
            "redirectUris":           app.OIDC.RedirectURIs,
            "responseTypes":          app.OIDC.ResponseTypes,
            "grantTypes":             app.OIDC.GrantTypes,
            "appType":                app.OIDC.AppType,
            "authMethodType":         app.OIDC.AuthMethodType,
            "postLogoutRedirectUris": app.OIDC.PostLogoutRedirectURIs,
        },
    }
And v2 endpoint: /zitadel.application.v2.ApplicationService/CreateApplication
Gigi the Giraffe (Zitadel)
Gigi the Giraffe (Zitadel)3d ago
🎉 Looks like you just helped out another community member! Thanks for being so helpful <@1214527612991315989>! You're now one step closer to leveling up—keep up the amazing peer support! 🚀

Did you find this page helpful?