Skip to main content

Authentication

All endpoints require authentication via:
  • Bearer token in Authorization header, or
  • Active session cookie

List Apps

curl https://ave.day/api/apps \
  -H "Authorization: Bearer YOUR_TOKEN"

{
  "apps": [
    {
      "id": "app_123",
      "clientId": "app_abc123...",
      "name": "My Application",
      "description": "Application description",
      "websiteUrl": "https://example.com",
      "iconUrl": "https://example.com/icon.png",
      "redirectUris": ["https://example.com/callback"],
      "supportsE2ee": false,
      "allowedScopes": ["openid", "profile", "email", "offline_access"],
      "accessTokenTtlSeconds": 3600,
      "refreshTokenTtlSeconds": 2592000,
      "allowUserIdScope": false,
      "createdAt": "2024-01-01T00:00:00.000Z",
      "resources": [
        {
          "id": "res_123",
          "resourceKey": "api:read",
          "displayName": "API Access",
          "description": "Read access to API",
          "scopes": ["read", "write"],
          "audience": "https://api.example.com",
          "status": "active"
        }
      ]
    }
  ]
}
Returns all OAuth applications owned by the authenticated user, including associated resources.
apps
array
Array of OAuth applications

Create App

curl -X POST https://ave.day/api/apps \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "My Application",
    "description": "My app description",
    "redirectUris": ["https://example.com/callback"],
    "allowedScopes": ["openid", "profile", "email"],
    "accessTokenTtlSeconds": 3600
  }'

{
  "app": {
    "id": "app_123",
    "clientId": "app_abc123...",
    "name": "My Application",
    "description": "My app description",
    "websiteUrl": null,
    "iconUrl": null,
    "redirectUris": ["https://example.com/callback"],
    "supportsE2ee": false,
    "allowedScopes": ["openid", "profile", "email"],
    "accessTokenTtlSeconds": 3600,
    "refreshTokenTtlSeconds": 2592000,
    "allowUserIdScope": false,
    "createdAt": "2024-01-01T00:00:00.000Z"
  },
  "clientSecret": "secret_xyz789..."
}
Creates a new OAuth application. Returns the app details and clientSecret (shown only once).
name
string
required
Application name (2-64 characters)
description
string
Application description (max 200 characters)
websiteUrl
string
Application website URL (must be valid URL)
iconUrl
string
Application icon URL (must be valid URL)
redirectUris
string[]
required
OAuth redirect URIs (at least one required, must be valid URLs)
supportsE2ee
boolean
default:"false"
Whether app supports end-to-end encryption
allowedScopes
string[]
Allowed OAuth scopes. Valid values: openid, profile, email, offline_access, user_id
accessTokenTtlSeconds
number
default:"3600"
Access token lifetime in seconds (300-86400)
refreshTokenTtlSeconds
number
default:"2592000"
Refresh token lifetime in seconds (3600-31536000, default 30 days)
allowUserIdScope
boolean
default:"false"
Whether user_id scope is allowed
app
object
required
The created OAuth application (see List Apps for structure)
clientSecret
string
required
Client secret for OAuth authentication. Save this immediately - it cannot be retrieved later.

Update App

curl -X PATCH https://ave.day/api/apps/{appId} \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Updated Name",
    "redirectUris": ["https://example.com/new-callback"]
  }'

{
  "app": {
    "id": "app_123",
    "clientId": "app_abc123...",
    "name": "Updated Name",
    "description": "My app description",
    "websiteUrl": null,
    "iconUrl": null,
    "redirectUris": ["https://example.com/new-callback"],
    "supportsE2ee": false,
    "allowedScopes": ["openid", "profile", "email"],
    "accessTokenTtlSeconds": 3600,
    "refreshTokenTtlSeconds": 2592000,
    "allowUserIdScope": false,
    "createdAt": "2024-01-01T00:00:00.000Z"
  }
}
Updates an existing OAuth application. All fields are optional - only provided fields are updated.
appId
string
required
App ID to update
name
string
Application name (2-64 characters)
description
string
Application description (max 200 characters)
websiteUrl
string
Application website URL
iconUrl
string
Application icon URL
redirectUris
string[]
OAuth redirect URIs (at least one required if provided)
supportsE2ee
boolean
Whether app supports end-to-end encryption
allowedScopes
string[]
Allowed OAuth scopes
accessTokenTtlSeconds
number
Access token lifetime in seconds (300-86400)
refreshTokenTtlSeconds
number
Refresh token lifetime in seconds (3600-31536000)
allowUserIdScope
boolean
Whether user_id scope is allowed
app
object
required
The updated OAuth application

Delete App

curl -X DELETE https://ave.day/api/apps/{appId} \
  -H "Authorization: Bearer YOUR_TOKEN"

{
  "success": true
}
Deletes an OAuth application. This also deletes all associated resources and active sessions.
appId
string
required
App ID to delete
success
boolean
required
Returns true on successful deletion

Rotate Client Secret

curl -X POST https://ave.day/api/apps/{appId}/rotate-secret \
  -H "Authorization: Bearer YOUR_TOKEN"

{
  "clientSecret": "secret_new789..."
}
Generates a new client secret for the app. The old secret is immediately invalidated.
appId
string
required
App ID to rotate secret for
clientSecret
string
required
New client secret. Save this immediately - it cannot be retrieved later.

List Resources

curl https://ave.day/api/apps/{appId}/resources \
  -H "Authorization: Bearer YOUR_TOKEN"

{
  "resources": [
    {
      "id": "res_123",
      "resourceKey": "api:read",
      "displayName": "API Access",
      "description": "Read access to API",
      "scopes": ["read", "write"],
      "audience": "https://api.example.com",
      "status": "active",
      "ownerAppId": "app_123",
      "createdAt": "2024-01-01T00:00:00.000Z",
      "updatedAt": "2024-01-01T00:00:00.000Z"
    }
  ]
}
Returns all API resources for an OAuth application.
appId
string
required
App ID to list resources for
resources
array
required
Array of API resource objects

Create Resource

curl -X POST https://ave.day/api/apps/{appId}/resources \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "resourceKey": "api:read",
    "displayName": "API Access",
    "description": "Read access to API",
    "scopes": ["read", "write"],
    "audience": "https://api.example.com"
  }'

{
  "resource": {
    "id": "res_123",
    "resourceKey": "api:read",
    "displayName": "API Access",
    "description": "Read access to API",
    "scopes": ["read", "write"],
    "audience": "https://api.example.com",
    "status": "active",
    "ownerAppId": "app_123",
    "createdAt": "2024-01-01T00:00:00.000Z",
    "updatedAt": "2024-01-01T00:00:00.000Z"
  }
}
Creates an API resource for an OAuth application. Resources define scopes and audiences for access tokens.
appId
string
required
App ID to create resource for
resourceKey
string
required
Unique resource identifier (3-100 chars, lowercase alphanumeric with :_-)
displayName
string
required
Human-readable name (2-80 characters)
description
string
Resource description (max 240 characters)
scopes
string[]
required
Array of scope names (at least one required, 2-80 chars each)
audience
string
required
JWT audience value for this resource (3-200 characters)
status
string
default:"active"
Resource status: active or disabled
resource
object
required
The created API resource

Update Resource

curl -X PATCH https://ave.day/api/apps/{appId}/resources/{resourceId} \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "displayName": "Updated API Access",
    "status": "disabled"
  }'

{
  "resource": {
    "id": "res_123",
    "resourceKey": "api:read",
    "displayName": "Updated API Access",
    "description": "Read access to API",
    "scopes": ["read", "write"],
    "audience": "https://api.example.com",
    "status": "disabled",
    "ownerAppId": "app_123",
    "createdAt": "2024-01-01T00:00:00.000Z",
    "updatedAt": "2024-01-02T00:00:00.000Z"
  }
}
Updates an API resource. All fields are optional.
appId
string
required
App ID
resourceId
string
required
Resource ID to update
resourceKey
string
Resource key (must be unique)
displayName
string
Display name (2-80 characters)
description
string
Resource description (max 240 characters)
scopes
string[]
Array of scope names
audience
string
JWT audience value
status
string
Resource status: active or disabled
resource
object
required
The updated API resource

Delete Resource

curl -X DELETE https://ave.day/api/apps/{appId}/resources/{resourceId} \
  -H "Authorization: Bearer YOUR_TOKEN"

{
  "success": true
}
Deletes an API resource.
appId
string
required
App ID
resourceId
string
required
Resource ID to delete
success
boolean
required
Returns true on successful deletion

Build docs developers (and LLMs) love

Get started for freeTalk to us