This API call retrieves the settings applied to a given project. It requires the app-key in the Authorization header to authenticate the request. This endpoint is useful for reviewing project configurations, including token policies, cryptographic settings, and key rotation details.
GET /app/{app_id}
| Name | Type | Required | Description |
|---|---|---|---|
| Authorization | string | Yes | The app-key of the project. |
curl --request GET \
--url http://{{your-endpoint}}:{{your-port}}/app/{{app-id}} \
--header 'Authorization: {{app-key}}'const request = require('request');
const options = {
method: 'GET',
url: 'http://{{your-endpoint}}:{{your-port}}/app/{{app-id}}',
headers: {Authorization: '{{app-key}}'}
};
request(options, function (error, response, body) {
if (error) throw new Error(error);
console.log(body);
});import requests
url = "http://{{your-endpoint}}:{{your-port}}/app/{{app-id}}"
headers = {"Authorization": "{{app-key}}"}
response = requests.get(url, headers=headers)
print(response.json())<?php
$client = new \GuzzleHttp\Client();
$response = $client->request('GET', 'http://{{your-endpoint}}:{{your-port}}/app/{{app-id}}', [
'headers' => [
'Authorization' => '{{app-key}}',
],
]);
echo $response->getBody();package main
import (
"fmt"
"net/http"
"io"
)
func main() {
url := "http://{{your-endpoint}}:{{your-port}}/app/{{app-id}}"
req, _ := http.NewRequest("GET", url, nil)
req.Header.Add("Authorization", "{{app-key}}")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(res)
fmt.Println(string(body))
}AsyncHttpClient client = new DefaultAsyncHttpClient();
client.prepare("GET", "http://{{your-endpoint}}:{{your-port}}/app/{{app-id}}")
.setHeader("Authorization", "{{app-key}}")
.execute()
.toCompletableFuture()
.thenAccept(System.out::println)
.join();
client.close();{
"app": {
"id": "01JMQGZKJ6752H096HJ9T57X1Z",
"name": "app_2",
"description": "updated description",
"token_expiry": 3600,
"token_notbefore": 0,
"refresh_expiry": 1080,
"refresh_notbefore": 3000,
"key_type": "ECDSA",
"algo": "ES256",
"rotation_period": 7776000,
"add_time": 1740251319,
"update_time": 1740368005,
"last_key_rotate": 1740370099
}
}| Field | Type | Description |
|---|---|---|
| id | string (ULID) | A unique identifier for the application |
| name | string | The name of the application. |
| description | string | A brief description of the application. |
| token_expiry | int | The time (in seconds) after an issued token expires. |
| token_notbefore | int | The wait time (in seconds) before a auth token can be used after it's issued. |
| refresh_expiry | int | The expiration time (in seconds) for refresh tokens. |
| refresh_notbefore | int | The wait time (in seconds) before a refresh token can be used after it's issued. |
| key_type | string enum (RSA,ECDSA) | The cryptographic key type used (e.g., ECDSA). |
| algo | string enum (RS256, RS384, RS512, ES256, ES384, ES512, PS256, PS384, PS512) | The signing algorithm used (e.g., ES256). |
| rotation_period | int | The period (in seconds) after which cryptographic keys should be rotated. |
| add_time | int | The timestamp (Unix epoch) when the application was added. |
| update_time | int | The timestamp (Unix epoch) of the last update (0 if never updated). |
| last_key_rotate | int | The timestamp (Unix epoch) of the last key rotation (0 if never rotated). |
| Status Code | Description |
|---|---|
| 200 Ok | Success |
| 400 Bad Request | Mostly when the form validation fails. The error will be returned as a response. |
| 403 Access Denied | When the provided app key in Authorization header is invalid. |
| 500 Internal Server Error | Mostly because of the database error. Check the log for root cause details. |