Create App - hConnect

curl -X POST \
  -H "Authorization: Bearer sk_workspace_test_..." \
  -H "Content-Type: application/json" \
  -H "Idempotency-Key: 5d42c2c4-f7a3-4c0b-8a6d-2d3c6d38b9c9" \
  -d '{"name":"My App"}' \
  "https://sandbox.api.hopae.com/connect/v1/apps"

{
  "clientId": "HqTRDIYH",
  "clientSecret": "a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2",
  "name": "My App",
  "redirectUris": [],
  "providers": { "passport": { "enabled": true } },
  "defaultWorkflowId": "wf_6ec9b183",
  "workflows": [{ "workflowId": "wf_6ec9b183", "name": "My App", "nodes": [...] }],
  "organizationId": "org_...",
  "webhookConfig": { "enabled": false }
}

POST

apps

curl -X POST \
  -H "Authorization: Bearer sk_workspace_test_..." \
  -H "Content-Type: application/json" \
  -H "Idempotency-Key: 5d42c2c4-f7a3-4c0b-8a6d-2d3c6d38b9c9" \
  -d '{"name":"My App"}' \
  "https://sandbox.api.hopae.com/connect/v1/apps"

{
  "clientId": "HqTRDIYH",
  "clientSecret": "a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2",
  "name": "My App",
  "redirectUris": [],
  "providers": { "passport": { "enabled": true } },
  "defaultWorkflowId": "wf_6ec9b183",
  "workflows": [{ "workflowId": "wf_6ec9b183", "name": "My App", "nodes": [...] }],
  "organizationId": "org_...",
  "webhookConfig": { "enabled": false }
}

Creates an app and returns its credentials.

New to Hopae Connect? See the Authentication guide first to understand which credentials to use for which endpoints.

Request

Authorization

string

required

Bearer <API_KEY> from Console > Developers > Workspace API Keys.

Content-Type

string

application/json

Idempotency-Key

string

Optional client-generated string (max 255 chars) to safely retry without creating duplicates. Scoped per workspace. A key is valid for 24 hours. If the same key is replayed with an identical body, the original response is returned with an Idempotency-Replayed: true header. Reusing the same key with a different body returns 409 IDEMPOTENCY_KEY_CONFLICT.

Request Body

name

string

default:"My App"

required

Display name for the app.

Response

Returns the created App object, including the client secret. Store it securely.

curl -X POST \
  -H "Authorization: Bearer sk_workspace_test_..." \
  -H "Content-Type: application/json" \
  -H "Idempotency-Key: 5d42c2c4-f7a3-4c0b-8a6d-2d3c6d38b9c9" \
  -d '{"name":"My App"}' \
  "https://sandbox.api.hopae.com/connect/v1/apps"

The response includes a Location header pointing at the newly-created resource (e.g., /connect/v1/apps/HqTRDIYH).

{
  "clientId": "HqTRDIYH",
  "clientSecret": "a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2",
  "name": "My App",
  "redirectUris": [],
  "providers": { "passport": { "enabled": true } },
  "defaultWorkflowId": "wf_6ec9b183",
  "workflows": [{ "workflowId": "wf_6ec9b183", "name": "My App", "nodes": [...] }],
  "organizationId": "org_...",
  "webhookConfig": { "enabled": false }
}

clientId is immutable. clientSecret can be rotated via Rotate Client Secret — direct update attempts via PATCH are silently dropped.

A default workflow is auto-materialized. When you create an App, Hopae Connect automatically provisions a starter workflow (returned as defaultWorkflowId) with the passport provider pre-enabled. This lets you start running verifications immediately without first configuring a workflow.If you only need passport-based identity verification, you can use the default workflow as-is. If you want a custom workflow (e.g., different providers, branching logic, custom claims), create a new workflow via Create Workflow and reference its workflowId when starting verifications.Note: creating a custom workflow does NOT delete the default workflow — both will coexist on the App until you explicitly delete one.

List Apps Batch Create Apps

Documentation Index

​Request

​Request Body

​Response

Request

Request Body

Response