The application REST API exposes which machine application plugins (ssh, luks, offline, …) are known to this server and which configuration options each plugin accepts per token type.

Application plugins are used to attach tokens to machines so the token can authenticate the user against the machine in a specific context (SSH login, LUKS unlock, offline OTP, …). See Application Plugins for the conceptual chapter and Machine endpoints for the endpoints that actually create the attachments.

16.1.1.24. Application endpoints

GET /application/

Return the application plugins available on this server and the configuration options each plugin accepts per token type.

The response is a dictionary keyed by application name (ssh, luks, offline, …). Each entry has an options sub-dictionary that is keyed by token type, and each token-type entry maps option names to a type descriptor. This is consumed by the WebUI when an admin attaches a token to a machine.

Requires admin authentication.

Example request:

GET /application/ HTTP/1.1
Host: example.com
Accept: application/json

Example response:

HTTP/1.1 200 OK
Content-Type: application/json

{
  "id": 1,
  "jsonrpc": "2.0",
  "result": {
    "status": true,
    "value": {
      "luks": {
        "options": {
          "totp": {
            "slot": {"type": "int"},
            "partition": {"type": "str"}
          }
        }
      },
      "ssh": {
        "options": {
          "sshkey": {
            "user": {"type": "str"}
          }
        }
      }
    }
  },
  "version": "privacyIDEA unknown"
}

Status Codes:

• 200 OK – applications dict in result.value.