Create App

Creates a new application.

Creates a new app

POSTyourpodURL.symphony.com/pod/v1/admin/app/create
Header parameters
Body

Application detail to create the app with

applicationInfoApplicationInfo (object)

Required information for creating an application.

iconUrlstring

Url to a icon to use for app. Must start with "https://".

Example: "https://myiconUrl.com"
descriptionstring

Description of the application.

Example: "a test app"
allowOriginsstring

The permitted domains to send or receive a request from. The field is for the purpose of CORS which set the app specific "ALLOW-ORIGIN-DOMAINS" header in HTTP.

Example: "mydomain.com"
permissionsarray of string

List of application permissions provisioned for the application. In addition to the known ones, custom permissions are accepted. A custom permission should only contain upper case alphanumeric characters and underscore. It should not be empty or only contain spaces and its length is limited to 64 characters.

Known permissions:

  • SEND_MESSAGES
  • GET_USER_CONNECTIONS
  • REQUEST_USER_CONNECTIONS
  • SET_PRESENCE
  • GET_PRESENCE
  • GET_BASIC_USER_INFO
  • GET_EXTENDED_USER_INFO
  • GET_BASIC_CONTACT_INFO
  • GET_EXTENDED_CONTACT_INFO
  • ACT_AS_USER
  • MANAGE_SIGNALS
  • MANAGE_USER_FOLLOWING
  • TRUST_APP
certstring

The app public certificate in pem format.

Example: "-----BEGIN PUBLIC KEY-----\\nMIICIANBgkqhw0BAQ...cCAwEAAQ==\\n-----END PUBLIC KEY-----"
authenticationKeysAppAuthenticationKeys (object)

App RSA keys information.

notificationAppNotification (object)

Application callback information

propertiesAppProperties (array of AppProperty (object))

Application configuration properties that are shared with the extension application, client side. Do not store sensitive information here. Since SBE 20.14.

Response

OK

Body
applicationInfoApplicationInfo (object)

Required information for creating an application.

iconUrlstring

Url to a icon to use for app. Must start with "https://".

Example: "https://myiconUrl.com"
descriptionstring

Description of the application.

Example: "a test app"
allowOriginsstring

The permitted domains to send or receive a request from. The field is for the purpose of CORS which set the app specific "ALLOW-ORIGIN-DOMAINS" header in HTTP.

Example: "mydomain.com"
permissionsarray of string

List of application permissions provisioned for the application. In addition to the known ones, custom permissions are accepted. A custom permission should only contain upper case alphanumeric characters and underscore. It should not be empty or only contain spaces and its length is limited to 64 characters.

Known permissions:

  • SEND_MESSAGES
  • GET_USER_CONNECTIONS
  • REQUEST_USER_CONNECTIONS
  • SET_PRESENCE
  • GET_PRESENCE
  • GET_BASIC_USER_INFO
  • GET_EXTENDED_USER_INFO
  • GET_BASIC_CONTACT_INFO
  • GET_EXTENDED_CONTACT_INFO
  • ACT_AS_USER
  • MANAGE_SIGNALS
  • MANAGE_USER_FOLLOWING
  • TRUST_APP
certstring

The app public certificate in pem format.

Example: "-----BEGIN PUBLIC KEY-----\\nMIICIANBgkqhw0BAQ...cCAwEAAQ==\\n-----END PUBLIC KEY-----"
authenticationKeysAppAuthenticationKeys (object)

App RSA keys information.

notificationAppNotification (object)

Application callback information

propertiesAppProperties (array of AppProperty (object))

Application configuration properties that are shared with the extension application, client side. Do not store sensitive information here. Since SBE 20.14.

Request
const response = await fetch('yourpodURL.symphony.com/pod/v1/admin/app/create', {
    method: 'POST',
    headers: {
      "sessionToken": "text",
      "Content-Type": "application/json"
    },
    body: JSON.stringify({}),
});
const data = await response.json();
Response
{
  "applicationInfo": {
    "appId": "my-test-app",
    "name": "my-test-app",
    "appUrl": "https://joe.mydomain.com",
    "domain": "mydomain.com",
    "publisher": "Joe Smith"
  },
  "iconUrl": "https://myiconUrl.com",
  "description": "a test app",
  "allowOrigins": "mydomain.com",
  "permissions": [
    "ACT_AS_USER",
    "SEND_MESSAGES"
  ],
  "cert": "-----BEGIN PUBLIC KEY-----\\nMIICIANBgkqhw0BAQ...cCAwEAAQ==\\n-----END PUBLIC KEY-----",
  "authenticationKeys": {
    "current": {
      "key": "-----BEGIN PUBLIC KEY-----\\nMIICIANBgkqhw0BAQ...cCAwEAAQ==\\n-----END PUBLIC KEY-----",
      "expirationDate": 1700815176000,
      "action": "SAVE"
    },
    "previous": {
      "key": "-----BEGIN PUBLIC KEY-----\\nMIICIANBgkqhw0BAQ...cCAwEAAQ==\\n-----END PUBLIC KEY-----",
      "expirationDate": 1700815176000,
      "action": "SAVE"
    }
  },
  "notification": {
    "url": "https://some.url",
    "apiKey": "test123456"
  },
  "properties": [
    {
      "key": "port",
      "value": 4000
    },
    {
      "key": "url",
      "value": "https://someother.url"
    }
  ]
}

Please note to use either:

  • cert attribute when using a certificate

  • or authenticationKeys object when using RSA Public Key

🚧 Roles and Privileges

Calling this endpoint requires the Super Administrator or User Provisioning role. See Bot Permissions for a list of roles and associated privileges.

📘 RSA Application Authentication

For more information on how to authenticate an application using RSA, refer to App Authentication.

Last updated