Skip to main content
Version: 1.0.0

Administration External Applications API

Admin API for registering external applications and authorising them to access specific client/brand tenants.

Two-resource model

  1. External applications (/v1/admin/external-applications) — registry of OAuth2 applications that can call the platform. Each application is identified by its oAuthAppId (the OAuth2 client ID) and a human-readable slug. Soft-deleted applications (deleted: true) remain in the registry but are no longer authorised.

  2. Client mappings (/v1/admin/external-applications/{oAuthAppId}/clients) — the set of client/brand tenants a given application is authorised to access. A PUT on /{oAuthAppId}/clients/{slug} grants access; DELETE revokes it (soft delete).

Authentication: ADMIN role required (OAuth2 client-credentials, ADMIN scope).

Error envelope: { errorCode, message, timestamp, traceId } where errorCode follows the pattern {DOMAIN}{CLASSIFICATION}{SEQUENCE}.

Authentication

Security Scheme Type: oauth2
OAuth Flow (clientCredentials): Scopes:
  • ADMIN: Access to admin functionality