apps

Register client applications that can be used to obtain OAuth tokens.

Create an application

POST https://mastodon.example/api/v1/apps

Create a new application to obtain OAuth2 credentials. Returns: Application, with client_id and client_secret OAuth: Public Version history: 0.0.0 - added 2.7.2 - now returns vapid_key

Request Body

Name	Type	Description
client_name	string	A name for your application
redirect_uris	string	Where the user should be redirected after authorization. To display the authorization code to the user instead of redirecting to a web page, use urn:ietf:wg:oauth:2.0:oob in this parameter.
scopes	string	Space separated list of scopes. If none is provided, defaults to read.
website	string	A URL to the homepage of your app

200 Store the client_id and client_secret in your cache, as these will be used to obtain OAuth tokens.

{
  "id": "563419",
  "name": "test app",
  "website": null,
  "redirect_uri": "urn:ietf:wg:oauth:2.0:oob",
  "client_id": "TWhM-tNSuncnqN7DBJmoyeLnk6K3iJJ71KKXxgL1hPM",
  "client_secret": "ZEaFUFmF0umgBX1qKJDjaU99Q31lDkOU8NutzTOoliw",
  "vapid_key": "BCk-QqERU0q-CfYZjcuB6lnyyOYfJ2AifKqfeGIm7Z-HiTU5T9eTG5GxVA0_OH5mMlI4UkkDTpaZwozy0TzdZ2M="
}

422 If a required parameter is missing or improperly formatted, the request will fail.

Verify your app works

GET https://mastodon.example/api/v1/apps/verify_credentials

Confirm that the app's OAuth2 credentials work. Returns: Application OAuth level: App token Version history: 2.0.0 - added 2.7.2 - now returns vapid_key

Headers

Name	Type	Description
Authorization	string	Bearer <app token>

200 If the Authorization header was provided with a valid token, you should see your app returned as an Application entity.

{
  "name": "test app",
  "website": null,
  "vapid_key": "BCk-QqERU0q-CfYZjcuB6lnyyOYfJ2AifKqfeGIm7Z-HiTU5T9eTG5GxVA0_OH5mMlI4UkkDTpaZwozy0TzdZ2M="
}

401 If the Authorization header contains an invalid token, is malformed, or is not present, an error will be returned indicating an authorization failure.