Skip to content
Wink

Create application

POST
/api/managing-entity/{managingEntityIdentifier}/application
 
curl --request POST \
  --url https://api.wink.travel/api/managing-entity/d5b8a3c2-9e6f-4a1b-8d34-7c2e1f0a5b69/application \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --header 'Wink-Version: 2.0' \
  --data '{ "name": "", "redirectUris": [ "" ], "postLogoutRedirectUris": [ "" ], "clientType": "WEB", "scopes": [ "" ], "iconIdentifier": "" }'

Registers a new OAuth2 client application and returns its auto-generated clientId and secret. Store the secret securely immediately—it cannot be retrieved later.

Authorizations

Section titled “Authorizations ”

Parameters

Section titled “ Parameters ”

Path Parameters

Section titled “Path Parameters ”
managingEntityIdentifier
required
string
""

Identifier of the managing entity that will own the application.

Example 
d5b8a3c2-9e6f-4a1b-8d34-7c2e1f0a5b69

Header Parameters

Section titled “Header Parameters ”
Wink-Version
string
default: 2.0.0
Allowed values: 2.0

Request Body required

Section titled “Request Body required ”
Media type application/json
object
name
required

Display name of the OAuth2 application.

string
"" >= 1 characters
Example 
Wink Inventory Integration
redirectUris
Array<string>
postLogoutRedirectUris
Array<string>
clientType

OAuth2 client type determining authentication flow and security profile: WEB uses client secret auth; SPA and MOBILE use PKCE; MACHINE_2_MACHINE uses client credentials.

string
""
Allowed values: WEB SPA MOBILE MACHINE_2_MACHINE
Example 
WEB
scopes
Array<string>
unique items
iconIdentifier

Optional Cloudinary public_id reference for this application’s icon (displayed on OAuth2 consent screen). Omit or null for no custom icon.

string | null
""

Responses

Section titled “ Responses ”

201

Section titled “201 ”

Created

Media type application/json
object
id
required

Unique application identifier.

string format: uuid
"" >= 1 characters
name
required

Display name of the newly created OAuth2 application.

string
"" >= 1 characters
redirectUris
Array<string>
postLogoutRedirectUris
Array<string>
scopes
Array<string>
clientId
required

OAuth2 client identifier. Use this when exchanging authorization codes for access tokens.

string
""
secretKey
required

OAuth2 client secret. Keep this confidential. Use with clientId to authenticate requests. Treat as a password.

string
""
Example 
{
  "id": "",
  "name": "",
  "redirectUris": [
    ""
  ],
  "postLogoutRedirectUris": [
    ""
  ],
  "scopes": [
    ""
  ],
  "clientId": "",
  "secretKey": ""
}

400

Section titled “400 ”

Bad Request

object
type
string format: uri
title
string
status
integer format: int32
detail
string
instance
string format: uri
properties
object
key
additional properties
Example generated
{
  "type": "https://example.com",
  "title": "example",
  "status": 1,
  "detail": "example",
  "instance": "https://example.com",
  "properties": {
    "additionalProperty": "example"
  }
}

401

Section titled “401 ”

Unauthorized

Media type */*
object
type
string format: uri
title
string
status
integer format: int32
detail
string
instance
string format: uri
properties
object
key
additional properties

403

Section titled “403 ”

Forbidden

Media type */*
object
type
string format: uri
title
string
status
integer format: int32
detail
string
instance
string format: uri
properties
object
key
additional properties

500

Section titled “500 ”

Internal Server Error

object
Example generated
{}