> ## Documentation Index
> Fetch the complete documentation index at: https://docs.hopae.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Create App

> Create a new app in the workspace.

Creates an app and returns its credentials.

<Note>
  New to Hopae Connect? See the [Authentication](/api-reference/authentication) guide first to understand which credentials to use for which endpoints.
</Note>

## Request

<ParamField header="Authorization" type="string" required>
  `Bearer <API_KEY>` from Console > Developers > Workspace API Keys.
</ParamField>

<ParamField header="Content-Type" type="string">
  `application/json`
</ParamField>

<ParamField header="Idempotency-Key" type="string">
  Optional client-generated string (max 255 chars) to safely retry without creating duplicates. Scoped per workspace. A key is valid for 24 hours. If the same key is replayed with an identical body, the original response is returned with an `Idempotency-Replayed: true` header. Reusing the same key with a different body returns `409 IDEMPOTENCY_KEY_CONFLICT`.
</ParamField>

## Request Body

<ParamField body="name" type="string" required default="My App">
  Display name for the app.
</ParamField>

## Response

Returns the created App object, including the client secret. Store it securely.

<RequestExample>
  ```bash theme={null}
  curl -X POST \
    -H "Authorization: Bearer sk_workspace_test_..." \
    -H "Content-Type: application/json" \
    -H "Idempotency-Key: 5d42c2c4-f7a3-4c0b-8a6d-2d3c6d38b9c9" \
    -d '{"name":"My App"}' \
    "https://sandbox.api.hopae.com/connect/v1/apps"
  ```
</RequestExample>

<Note>
  The response includes a `Location` header pointing at the newly-created resource (e.g., `/connect/v1/apps/HqTRDIYH`).
</Note>

<ResponseExample>
  ```json theme={null}
  {
    "clientId": "HqTRDIYH",
    "clientSecret": "a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2",
    "name": "My App",
    "redirectUris": [],
    "providers": { "passport": { "enabled": true } },
    "defaultWorkflowId": "wf_6ec9b183",
    "workflows": [{ "workflowId": "wf_6ec9b183", "name": "My App", "nodes": [...] }],
    "organizationId": "org_...",
    "webhookConfig": { "enabled": false }
  }
  ```
</ResponseExample>

<Info>
  <code>clientId</code> is immutable. <code>clientSecret</code> can be rotated via [Rotate Client Secret](./rotate-client-secret) — direct update attempts via PATCH are silently dropped.
</Info>

<Info>
  **A default workflow is auto-materialized.** When you create an App, Hopae Connect automatically provisions a starter workflow (returned as `defaultWorkflowId`) with the `passport` provider pre-enabled. This lets you start running verifications immediately without first configuring a workflow.

  If you only need passport-based identity verification, you can use the default workflow as-is. If you want a custom workflow (e.g., different providers, branching logic, custom claims), create a new workflow via [Create Workflow](./create-workflow) and reference its `workflowId` when starting verifications.

  Note: creating a custom workflow does NOT delete the default workflow — both will coexist on the App until you explicitly delete one.
</Info>