Creating an Application Instance

Function

This API is used to create an application instance. It can be called only from the organization's management account or from a delegated administrator account of a cloud service.

URI

POST /v1/instances/{instance_id}/application-instances

**Table 1** Path parameters
Parameter	Mandatory	Type	Description
instance_id	Yes	String	Globally unique ID of an IAM Identity Center instance.

Request Parameters

**Table 2** Parameters in the request header
Parameter	Mandatory	Type	Description
X-Security-Token	No	String	Security token (session token) of your temporary security credentials. If a temporary security credential is used, this header is required.

**Table 3** Parameters in the request body
Parameter	Mandatory	Type	Description
name	Yes	String	Application instance UUID.
template_id	Yes	String	Application template ID.

Response Parameters

Status code: 201

**Table 4** Parameters in the response body
Parameter	Type	Description
application_instance	ApplicationInstanceDto object	Application instance.

**Table 5** ApplicationInstanceDto
Parameter	Type	Description
active_certificate	CertificateDto object	Activated certificates.
display	DisplayDto object	Display information of an application.
identity_provider_config	IdentityProviderConfigDto object	Identity provider configuration.
application_instance_id	String	Unique ID of an application instance.
name	String	Application UUID.
visible	Boolean	Whether an application is visible on the user portal.
response_config	ResponseConfigDto object	Application attribute configuration.
response_schema_config	ResponseSchemaConfigDto object	Configuration for application schema attribute mapping.
security_config	SecurityConfigDto object	Certificate configuration.
status	String	Application instance status.
template	ApplicationTemplateDto object	Information about the template that an application depends on.
service_provider_config	ServiceProviderConfigDto object	Service provider configuration.
client_id	String	OIDC client ID.
end_user_visible	Boolean	Visible to users or not.
managed_account	String	Account ID of a group member.

**Table 6** CertificateDto
Parameter	Type	Description
algorithm	String	Certificate generation algorithm.
certificate	String	Application certificate.
certificate_id	String	Application certificate ID.
expiry_date	Long	Certificate expiration time.
status	String	Certificate status.
key_size	String	Key size.
issue_date	Long	Certificate generation time.

**Table 7** IdentityProviderConfigDto
Parameter	Type	Description
issuer_url	String	Identity provider issuer.
metadata_url	String	Identity provider metadata.
remote_login_url	String	Remote login link of an identity provider.
remote_logout_url	String	Remote logout link of an identity provider.

**Table 8** ApplicationTemplateDto
Parameter	Type	Description
application	ApplicationTemplateDisplayDto object	Display information of an application template.
response_config	ResponseConfigDto object	Application attribute configuration.
response_schema_config	ResponseSchemaConfigDto object	Mapping configuration of application attributes.
sso_protocol	String	Supported protocols.
security_config	SecurityConfigDto object	Certificate configuration.
service_provider_config	ServiceProviderConfigDto object	Service provider configuration.
template_id	String	Unique ID of an application template.
template_version	String	Application template version.

**Table 9** ApplicationTemplateDisplayDto
Parameter	Type	Description
application_id	String	Application ID. Its prefix is app-.
display	DisplayDto object	Display information of an application.
application_type	String	Application type.

**Table 10** DisplayDto
Parameter	Type	Description
description	String	Application description.
display_name	String	Application display name.
icon	String	Application icon.

**Table 11** ResponseConfigDto
Parameter	Type	Description
properties	Map<String,ResponseSourceDetailsDto>	Additional configuration for attribute mapping.
subject	ResponseSourceDetailsDto object	Subject attribute mapping configuration.
relay_state	String	Relay state.
ttl	String	Session expiration time.

**Table 12** ResponseSourceDetailsDto
Parameter	Type	Description
source	Array of strings	Attribute mapping value.

**Table 13** ResponseSchemaConfigDto
Parameter	Type	Description
properties	Map<String,ResponseSchemaPropertiesDetailsDto>	Additional schema configuration for attribute mapping.
subject	ResponseSchemaSubjectDetailsDto object	Schema configuration for subject attribute mapping.
supported_name_id_formats	Array of strings	Subject NameID format supported by an application.

**Table 14** ResponseSchemaPropertiesDetailsDto
Parameter	Type	Description
attr_name_format	String	Additional attribute format.
include	String	Whether additional attributes are included.

**Table 15** ResponseSchemaSubjectDetailsDto
Parameter	Type	Description
name_id_format	String	NameID format.
include	String	Whether NameID is included.

**Table 16** SecurityConfigDto
Parameter	Type	Description
ttl	String	Certificate expiration time.

**Table 17** ServiceProviderConfigDto
Parameter	Type	Description
audience	String	SAML audience.
require_request_signature	Boolean	Whether a signature is required.
consumers	Array of ConsumersDto objects	SAML response recipient.
start_url	String	Application startup URL.

**Table 18** ConsumersDto
Parameter	Type	Description
binding	String	SAML transmission protocol.
default_value	Boolean	Whether it is the default recipient.
location	String	SAML ACS URL.

Status code: 400

**Table 19** Parameters in the response body
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error message.
request_id	String	Unique ID of a request.

Status code: 403

**Table 20** Parameters in the response body
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error message.
request_id	String	Unique ID of a request.
encoded_authorization_message	String	Encrypted error message.

Status code: 409

**Table 21** Parameters in the response body
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error message.
request_id	String	Unique ID of a request.

Example Request

Creating an application instance

POST https://{hostname}/v1/instances/{instance_id}/application-instances

{
  "name" : "a689ebed-1b68-44b0-af97-xxxxx",
  "template_id" : "tpl-88f215b39bfcxxxx"
}

Example Response

Status code: 201

Successful

{
  "application_instance" : {
    "active_certificate" : {
      "algorithm" : "SHA256withRSA",
      "certificate" : "certificate",
      "certificate_id" : "cer-ea56cf20-4ec3-445a-883f-eb70f35fe7d1",
      "expiry_date" : 1911427200000,
      "status" : "ACTIVE",
      "key_size" : "3072",
      "issue_date" : 1753695145064
    },
    "display" : {
      "description" : "Custom SAML 2.0 application",
      "display_name" : "Custom SAML 2.0 application",
      "icon" : ""
    },
    "identity_provider_config" : {
      "issuer_url" : "https://idcenter.ulanqab.huawei.com/v1/saml/assertion/OGMxZWVmM2EyNDE5NDVmNjljM2QzYTZiMDI1MmU3ODNfZC05NDE0MDdiNGIzX2FwcC1pbnMtYTAzM2M5MDcwMTZhNTlhZQ==",
      "metadata_url" : "https://idcenter.ulanqab.huawei.com/v1/saml/metadata/OGMxZWVmM2EyNDE5NDVmNjljM2QzYTZiMDI1MmU3ODNfZC05NDE0MDdiNGIzX2FwcC1pbnMtYTAzM2M5MDcwMTZhNTlhZQ==",
      "remote_login_url" : "https://idcenter.ulanqab.huawei.com/v1/saml/assertion/OGMxZWVmM2EyNDE5NDVmNjljM2QzYTZiMDI1MmU3ODNfZC05NDE0MDdiNGIzX2FwcC1pbnMtYTAzM2M5MDcwMTZhNTlhZQ==",
      "remote_logout_url" : "https://idcenter.ulanqab.huawei.com/v1/saml/logout/OGMxZWVmM2EyNDE5NDVmNjljM2QzYTZiMDI1MmU3ODNfZC05NDE0MDdiNGIzX2FwcC1pbnMtYTAzM2M5MDcwMTZhNTlhZQ=="
    },
    "application_instance_id" : "app-ins-a033c907016a59ae",
    "name" : "a689ebed-1b68-44b0-af97-0be880c30127",
    "visible" : true,
    "response_config" : {
      "properties" : { },
      "subject" : null,
      "relay_state" : null,
      "ttl" : "PT1H"
    },
    "response_schema_config" : {
      "properties" : { },
      "subject" : null,
      "supported_name_id_formats" : null
    },
    "security_config" : {
      "ttl" : "P5Y"
    },
    "status" : "CREATED",
    "template" : {
      "application" : {
        "application_id" : "app-ff1258a63a4axxxx",
        "display" : {
          "description" : "Custom SAML 2.0 application",
          "display_name" : "Custom SAML 2.0 application",
          "icon" : ""
        },
        "application_type" : ""
      },
      "response_config" : {
        "properties" : { },
        "subject" : null,
        "relay_state" : null,
        "ttl" : "PT1H"
      },
      "response_schema_config" : {
        "properties" : { },
        "subject" : null,
        "supported_name_id_formats" : null
      },
      "sso_protocol" : "SAML",
      "security_config" : {
        "ttl" : null
      },
      "service_provider_config" : {
        "audience" : null,
        "require_request_signature" : false,
        "consumers" : null,
        "start_url" : null
      },
      "template_id" : "tpl-88f215b39bfc7575",
      "template_version" : "1"
    },
    "service_provider_config" : {
      "audience" : null,
      "require_request_signature" : false,
      "consumers" : null,
      "start_url" : null
    },
    "client_id" : null,
    "end_user_visible" : null,
    "managed_account" : "8c1eef3a241945f69c3d3a6b0252e783"
  }
}

Status Codes

Status Code	Description
201	Successful.
400	Bad request.
403	Forbidden.
409	Conflict.

Error Codes

For details, see Error Codes.

Parent topic: Application Management

Previous topic: Application Management

Next topic: Listing Application Instances

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.

The system is busy. Please try again later.