> ## Documentation Index
> Fetch the complete documentation index at: https://docs.timbrix.mx/llms.txt
> Use this file to discover all available pages before exploring further.

# Create OAuth Application

> ⚠️ SECURITY: Creates an OAuth2 application. Only OWNERS and ADMINS can create OAuth apps. Returns client secret ONCE - store it securely!

Creates a new OAuth2 application for your organization. Only **OWNERS** and **ADMINS** can create OAuth apps.

<Warning>
  The client secret is returned **ONCE** in the response. Store it securely
  immediately - it cannot be retrieved later!
</Warning>

## Permissions

Only **OWNERS** and **ADMINS** can create OAuth applications.

## Request Body

| Field         | Type   | Required | Description                                  |
| ------------- | ------ | -------- | -------------------------------------------- |
| `name`        | string | Yes      | Application name (1-100 characters)          |
| `description` | string | No       | Application description (max 500 characters) |
| `redirectUri` | string | No       | Redirect URI for OAuth flow                  |
| `scopes`      | array  | Yes      | OAuth scopes requested                       |

## Available Scopes

* `read:user` - Read user information
* `write:user` - Modify user information
* `read:organization` - Read organization data
* `write:organization` - Modify organization data
* `read:members` - Read member information
* `write:members` - Modify members
* `read:webhooks` - Read webhook configuration
* `write:webhooks` - Manage webhooks
* `admin:organization` - Full organization admin access
* `admin:all` - Full system access

## Example Request

```bash theme={null}
curl -X POST http://localhost:3001/api/oauth/apps \
  -H "Authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "My Integration",
    "description": "Integration for managing organization data",
    "redirectUri": "https://example.com/callback",
    "scopes": ["read:organization", "write:organization"]
  }'
```

## Example Response

```json theme={null}
{
  "clientId": "app_1234567890abcdef",
  "clientSecret": "cs_1234567890abcdef",
  "name": "My Integration",
  "description": "Integration for managing organization data",
  "redirectUri": "https://example.com/callback",
  "scopes": ["read:organization", "write:organization"],
  "isActive": true,
  "createdAt": "2025-01-26T10:00:00Z"
}
```

## Security Notes

* The `clientSecret` is only returned once during creation
* Store the secret securely (environment variables, secret manager)
* Never commit secrets to version control
* Rotate secrets if compromised

## Common Errors

### 400 Bad Request

Invalid input data or validation errors.

### 401 Unauthorized

Authentication required.

### 403 Forbidden

Only owners and admins can create OAuth applications.


## OpenAPI

````yaml POST /oauth/apps
openapi: 3.1.0
info:
  title: Timbrix API
  description: >-
    REST API with OAuth2 server for managing organizations, members, and
    webhooks
  version: '1.0'
  contact: {}
servers:
  - url: http://sandbox.mintlify.com
    description: Sandbox environment
  - url: http://localhost:3001/api
    description: Local development
security: []
tags:
  - name: organizations
    description: Organization management endpoints
  - name: oauth
    description: OAuth2 authentication and authorization
  - name: webhooks
    description: Webhook configuration and delivery
  - name: users
    description: User information endpoints
  - name: api-keys
    description: API Keys management and validation
paths:
  /oauth/apps:
    post:
      tags:
        - oauth
      summary: Create a new OAuth application
      description: >-
        ⚠️ SECURITY: Creates an OAuth2 application. Only OWNERS and ADMINS can
        create OAuth apps. Returns client secret ONCE - store it securely!
      operationId: OAuthController_createApp
      parameters: []
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/CreateOAuthAppDto'
      responses:
        '201':
          description: >-
            OAuth application created successfully. Client secret returned only
            once - save it immediately!
        '400':
          description: Invalid input data. Check validation errors.
        '401':
          description: Authentication required. Provide a valid bearer token.
        '403':
          description: Access denied. Only owners and admins can create OAuth applications.
      security:
        - bearer: []
components:
  schemas:
    CreateOAuthAppDto:
      type: object
      properties:
        name:
          type: string
          description: Application name
          example: My Integration
          minLength: 1
          maxLength: 100
        description:
          type: string
          description: Application description
          example: Integration for managing organization data
          maxLength: 500
        redirectUri:
          type: string
          description: Redirect URI for OAuth flow
          example: https://example.com/callback
        scopes:
          type: array
          description: OAuth scopes requested
          example:
            - read:organization
            - write:organization
          items:
            type: string
            enum:
              - read:user
              - write:user
              - read:organization
              - write:organization
              - read:members
              - write:members
              - read:webhooks
              - write:webhooks
              - admin:organization
              - admin:all
      required:
        - name
        - scopes
  securitySchemes:
    bearer:
      scheme: bearer
      bearerFormat: JWT
      type: http

````