An OAuth client represents the connection between an organization and a VCS provider. By default, you can globally access an OAuth client throughout the organization, or you can have scope access to one or more projects.
GET /organizations/:organization_name/oauth-clients
:organization_name The name of the organization.
This endpoint allows you to list VCS connections between an organization and a VCS provider (GitHub, Bitbucket, or GitLab) for use when creating or setting up workspaces.
Query ParametersThis endpoint supports pagination with standard URL query parameters. Remember to percent-encode [ as %5B and ] as %5D if your tooling doesn't automatically encode URLs. If neither pagination query parameters are provided, the endpoint will not be paginated and will return all results.
page[number] Optional. If omitted, the endpoint will return the first page. page[size] Optional. If omitted, the endpoint will return 20 oauth clients per page. Sample Request
curl \
--header "Authorization: Bearer $TOKEN" \
--header "Content-Type: application/vnd.api+json" \
--request GET \
https://app.terraform.io/api/v2/organizations/my-organization/oauth-clients
{
"data": [
{
"id": "oc-XKFwG6ggfA9n7t1K",
"type": "oauth-clients",
"attributes": {
"created-at": "2018-04-16T20:42:53.771Z",
"callback-url": "https://app.terraform.io/auth/35936d44-842c-4ddd-b4d4-7c741383dc3a/callback",
"connect-path": "/auth/35936d44-842c-4ddd-b4d4-7c741383dc3a?organization_id=1",
"service-provider": "github",
"service-provider-display-name": "GitHub",
"name": null,
"http-url": "https://github.com",
"api-url": "https://api.github.com",
"key": null,
"rsa-public-key": null,
"organization-scoped": false
},
"relationships": {
"organization": {
"data": {
"id": "my-organization",
"type": "organizations"
},
"links": {
"related": "/api/v2/organizations/my-organization"
}
},
"projects": {
"data": [
{ "id": "prj-AwfuCJTkdai4xj9w", "type": "projects" }
]
},
"oauth-tokens": {
"data": [],
"links": {
"related": "/api/v2/oauth-clients/<OAUTH_CLIENT_ID>/oauth-tokens"
}
},
"agent-pool": {
"data": {
"id": "apool-VsmjEMcYkShrckpK",
"type": "agent-pools"
},
"links": {
"related": "/api/v2/agent-pools/apool-VsmjEMcYkShrckpK"
}
}
}
}
]
}
GET /oauth-clients/:id
:id The ID of the OAuth Client to show Sample Request
curl \
--header "Authorization: Bearer $TOKEN" \
--header "Content-Type: application/vnd.api+json" \
--request GET \
https://app.terraform.io/api/v2/oauth-clients/oc-XKFwG6ggfA9n7t1K
{
"data": {
"id": "oc-XKFwG6ggfA9n7t1K",
"type": "oauth-clients",
"attributes": {
"created-at": "2018-04-16T20:42:53.771Z",
"callback-url": "https://app.terraform.io/auth/35936d44-842c-4ddd-b4d4-7c741383dc3a/callback",
"connect-path": "/auth/35936d44-842c-4ddd-b4d4-7c741383dc3a?organization_id=1",
"service-provider": "github",
"service-provider-display-name": "GitHub",
"name": null,
"http-url": "https://github.com",
"api-url": "https://api.github.com",
"key": null,
"rsa-public-key": null,
"organization-scoped": false
},
"relationships": {
"organization": {
"data": {
"id": "my-organization",
"type": "organizations"
},
"links": {
"related": "/api/v2/organizations/my-organization"
}
},
"projects": {
"data": [
{ "id": "prj-AwfuCJTkdai4xj9w", "type": "projects" }
]
},
"oauth-tokens": {
"data": [],
"links": {
"related": "/api/v2/oauth-clients/<OAUTH_CLIENT_ID>/oauth-tokens"
}
},
"agent-pool": {
"data": {
"id": "apool-VsmjEMcYkShrckpK",
"type": "agent-pools"
},
"links": {
"related": "/api/v2/agent-pools/apool-VsmjEMcYkShrckpK"
}
}
}
}
}
POST /organizations/:organization_name/oauth-clients
:organization_name The name of the organization that will be connected to the VCS provider. The organization must already exist in the system, and the user must have permission to manage VCS settings. (More about permissions.)
This endpoint allows you to create a VCS connection between an organization and a VCS provider (GitHub or GitLab) for use when creating or setting up workspaces. By using this API endpoint, you can provide a pre-generated OAuth token string instead of going through the process of creating a GitHub or GitLab OAuth Application.
To learn how to generate one of these token strings for your VCS provider, you can read the following documentation:
This POST endpoint requires a JSON object with the following properties as a request payload.
Properties without a default value are required.
Key path Type Default Descriptiondata.type string Must be "oauth-clients". data.attributes.service-provider string The VCS provider being connected with. Valid options are "github", "github_enterprise", "gitlab_hosted", "gitlab_community_edition", "gitlab_enterprise_edition", or "ado_server". data.attributes.name string null An optional display name for the OAuth Client. If left null, the UI will default to the display name of the VCS provider. data.attributes.key string The OAuth Client key. It can refer to a Consumer Key, Application Key, or another type of client key for the VCS provider. data.attributes.http-url string The homepage of your VCS provider (e.g. "https://github.com" or "https://ghe.example.com" or "https://gitlab.com"). data.attributes.api-url string The base URL as per your VCS provider's API documentation (e.g. "https://api.github.com", "https://ghe.example.com/api/v3" or "https://gitlab.com/api/v4"). data.attributes.oauth-token-string string The token string you were given by your VCS provider data.attributes.private-key string Required for Azure DevOps Server. Not used for any other providers. The text of the SSH private key associated with your Azure DevOps Server account. data.attributes.secret string The OAuth client secret. For Bitbucket Data Center, the secret is the text of the SSH private key associated with your Bitbucket Data Center application link. data.attributes.rsa-public-key string Required for Bitbucket Data Center in conjunction with the secret. Not used for any other providers. The text of the SSH public key associated with your Bitbucket Data Center application link. data.attributes.organization-scoped boolean Whether or not the OAuth client is scoped to all projects and workspaces in the organization. Defaults to true. data.relationships.projects.data[] array[object] [] A list of resource identifier objects that defines which projects are associated with the OAuth client. If data.attributes.organization-scoped is set to false, the OAuth client is only available to this list of projects. Each object in this list must contain a project id and use the "projects" type. For example, { "id": "prj-AwfuCJTkdai4xj9w", "type": "projects" }. data.relationships.agent-pool.data object {} The Agent Pool associated to the VCS connection. This pool will be responsible for forwarding VCS Provider API calls and cloning VCS repositories. Sample Payload
{
"data": {
"type": "oauth-clients",
"attributes": {
"service-provider": "github",
"http-url": "https://github.com",
"api-url": "https://api.github.com",
"oauth-token-string": "4306823352f0009d0ed81f1b654ac17a",
"organization-scoped": false
},
"relationships": {
"projects": {
"data": [
{ "id": "prj-AwfuCJTkdai4xj9w", "type": "projects" }
]
},
"agent-pool": {
"data": {
"id": "apool-VsmjEMcYkShrckzzz",
"type": "agent-pools"
}
}
}
}
}
curl \
--header "Authorization: Bearer $TOKEN" \
--header "Content-Type: application/vnd.api+json" \
--request POST \
--data @payload.json \
https://app.terraform.io/api/v2/organizations/my-organization/oauth-clients
{
"data": {
"id": "oc-XKFwG6ggfA9n7t1K",
"type": "oauth-clients",
"attributes": {
"created-at": "2018-04-16T20:42:53.771Z",
"callback-url": "https://app.terraform.io/auth/35936d44-842c-4ddd-b4d4-7c741383dc3a/callback",
"connect-path": "/auth/35936d44-842c-4ddd-b4d4-7c741383dc3a?organization_id=1",
"service-provider": "github",
"service-provider-display-name": "GitHub",
"name": null,
"http-url": "https://github.com",
"api-url": "https://api.github.com",
"key": null,
"rsa-public-key": null,
"organization-scoped": false
},
"relationships": {
"organization": {
"data": {
"id": "my-organization",
"type": "organizations"
},
"links": {
"related": "/api/v2/organizations/my-organization"
}
},
"projects": {
"data": [
{ "id": "prj-AwfuCJTkdai4xj9w", "type": "projects" }
]
},
"oauth-tokens": {
"data": [],
"links": {
"related": "/api/v2/oauth-clients/<OAUTH_CLIENT_ID>/oauth-tokens"
}
},
"agent-pool": {
"data": {
"id": "apool-VsmjEMcYkShrckzzz",
"type": "agent-pools"
}
}
}
}
}
PATCH /oauth-clients/:id
:id The ID of the OAuth Client to update.
Use caution when changing attributes with this endpoint; editing an OAuth client that workspaces are currently using can have unexpected effects.
Request BodyThis PATCH endpoint requires a JSON object with the following properties as a request payload.
Key path Type Default Descriptiondata.type string Must be "oauth-clients". data.attributes.name string (previous value) An optional display name for the OAuth Client. If set to null, the UI will default to the display name of the VCS provider. data.attributes.key string (previous value) The OAuth Client key. It can refer to a Consumer Key, Application Key, or another type of client key for the VCS provider. data.attributes.secret string (previous value) The OAuth client secret. For Bitbucket Data Center, this secret is the text of the SSH private key associated with your Bitbucket Data Center application link. data.attributes.rsa-public-key string (previous value) Required for Bitbucket Data Center in conjunction with the secret. Not used for any other providers. The text of the SSH public key associated with your Bitbucket Data Center application link. data.attributes.organization-scoped boolean (previous value) Whether or not the OAuth client is available to all projects and workspaces in the organization. data.relationships.projects array[object] (previous value) A list of resource identifier objects that defines which projects are associated with the OAuth client. If data.attributes.organization-scoped is set to false, the OAuth client is only available to this list of projects. Each object in this list must contain a project id and use the "projects" type. For example, { "id": "prj-AwfuCJTkdai4xj9w", "type": "projects" }. Sending an empty array clears all project assignments. data.relationships.agent-pool.data object {} The Agent Pool associated to the VCS connection. This pool will be responsible for forwarding VCS Provider API calls and cloning VCS repositories. Sample Payload
{
"data": {
"id": "oc-XKFwG6ggfA9n7t1K",
"type": "oauth-clients",
"attributes": {
"key": "key",
"secret": "secret",
"organization-scoped": false
},
"relationships": {
"projects": {
"data": [
{ "id": "prj-AwfuCJTkdai4xj9w", "type": "projects" }
]
},
"agent-pool": {
"data": {
"id": "apool-VsmjEMcYkShrckzzz",
"type": "agent-pools"
}
}
}
}
}
curl \
--header "Authorization: Bearer $TOKEN" \
--header "Content-Type: application/vnd.api+json" \
--request PATCH \
--data @payload.json \
https://app.terraform.io/api/v2/oauth-clients/oc-XKFwG6ggfA9n7t1K
{
"data": {
"id": "oc-XKFwG6ggfA9n7t1K",
"type": "oauth-clients",
"attributes": {
"created-at": "2018-04-16T20:42:53.771Z",
"callback-url": "https://app.terraform.io/auth/35936d44-842c-4ddd-b4d4-7c741383dc3a/callback",
"connect-path": "/auth/35936d44-842c-4ddd-b4d4-7c741383dc3a?organization_id=1",
"service-provider": "github",
"service-provider-display-name": "GitHub",
"name": null,
"http-url": "https://github.com",
"api-url": "https://api.github.com",
"key": null,
"rsa-public-key": null,
"organization-scoped": false
},
"relationships": {
"organization": {
"data": {
"id": "my-organization",
"type": "organizations"
},
"links": {
"related": "/api/v2/organizations/my-organization"
}
},
"projects": {
"data": [
{ "id": "prj-AwfuCJTkdai4xj9w", "type": "projects" }
]
},
"oauth-tokens": {
"data": [],
"links": {
"related": "/api/v2/oauth-clients/<OAUTH_CLIENT_ID>/oauth-tokens"
}
},
"agent-pool": {
"data": {
"id": "apool-VsmjEMcYkShrckzzz",
"type": "agent-pools"
}
}
}
}
}
DELETE /oauth-clients/:id
:id The ID of the OAuth Client to destroy
This endpoint allows you to remove an existing connection between an organization and a VCS provider (GitHub, Bitbucket, or GitLab).
Note: Removing the OAuth Client will unlink workspaces that use this connection from their repositories, and these workspaces will need to be manually linked to another repository.
Status Response Reason 204 Empty response The OAuth Client was successfully destroyed 404 JSON API error object Organization or OAuth Client not found, or user unauthorized to perform action Sample Requestcurl \
--header "Authorization: Bearer $TOKEN" \
--header "Content-Type: application/vnd.api+json" \
--request DELETE \
https://app.terraform.io/api/v2/oauth-clients/oc-XKFwG6ggfA9n7t1K
POST /oauth-clients/:id/relationships/projects
:id The ID of the OAuth client to attach to a project. Use the List OAuth Clients endpoint to reference your OAuth client IDs. Request Body
This POST endpoint requires a JSON object with the following properties as a request payload.
Properties without a default value are required.
Key path Type Default Descriptiondata[] array[object] [] A list of resource identifier objects that defines which projects to attach the OAuth client to. These objects must contain id and type properties, and the type property must be projects (e.g. { "id": "prj-AwfuCJTkdai4xj9w", "type": "projects" }). Sample Payload
{
"data": [
{ "id": "prj-AwfuCJTkdai4xj9w", "type": "projects" },
{ "id": "prj-2HRvNs49EWPjDqT1", "type": "projects" }
]
}
curl \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/vnd.api+json" \
--request POST \
--data @payload.json \
https://app.terraform.io/api/v2/oauth-clients/oc-XKFwG6ggfA9n7t1K/relationships/projects
DELETE /oauth-clients/:id/relationships/projects
:id The ID of the oauth client you want to detach from the specified projects. Use the "List OAuth Clients" endpoint to find IDs. Request Body
This DELETE endpoint requires a JSON object with the following properties as a request payload.
Properties without a default value are required.
Key path Type Default Descriptiondata[] array[object] [] A list of resource identifier objects that defines which projects are associated with the OAuth client. If data.attributes.organization-scoped is set to false, the OAuth client is only available to this list of projects. Each object in this list must contain a project id and use the "projects" type. For example, { "id": "prj-AwfuCJTkdai4xj9w", "type": "projects" }. Sample Payload
{
"data": [
{ "id": "prj-AwfuCJTkdai4xj9w", "type": "projects" },
{ "id": "prj-2HRvNs49EWPjDqT1", "type": "projects" }
]
}
curl \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/vnd.api+json" \
--request DELETE \
--data @payload.json \
https://app.terraform.io/api/v2/oauth-clients/oc-XKFwG6ggfA9n7t1K/relationships/projects
The GET endpoints above can optionally return related resources, if requested with the include query parameter. The following resource types are available:
oauth_tokens The OAuth tokens managed by this client projects The projects scoped to this client
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4