Manage Portal Applications - Anypoint Platform APIs

Overview

Applications are the credential-bearing objects portal consumers use to call APIs. Each application has a clientId / clientSecret pair and can hold multiple contracts against published APIs. This workflow covers the application lifecycle from a portal-consumer perspective: inventory, name-availability check, create, update, secret rotation, and deletion.

What you'll build: A clean application portfolio with the credentials you need to consume portal APIs.

Prerequisites

Before starting, ensure:

Authentication ready
- Valid portal-consumer Bearer token
- Membership in the portal
Portal context known
- targetOrganizationId — Anypoint organization hosting the portal
- portalId — the portal you are a member of

Step 1: List Your Applications

Start by viewing the applications already registered under your portal membership.

api-experience-hub-consumer.getApplications

$ curl -X GET ${baseUrl}/xapi/v1/portals/{targetOrganizationId}/{portalId}/applications \
  -H "Authorization: Bearer ${authToken}" \
  -H "Content-Type: application/json"

Captured Variables

applications $.applications[*]

Your existing applications in this portal

applicationId $.applications[*].id

ID used by the per-application operations

Step 2: Check Application-Name Availability

Before creating a new application, confirm the desired name is not already taken in the portal.

api-experience-hub-consumer.checkExistenceApplicationName

$ curl -X GET ${baseUrl}/xapi/v1/portals/{targetOrganizationId}/{portalId}/applications/exists \
  -H "Authorization: Bearer ${authToken}" \
  -H "Content-Type: application/json"

Captured Variables

nameAvailable $.available

Whether the proposed name is free to use

What happens next: If taken, pick a different name and re-check; if free, proceed to Step 3.

Step 3: Create a New Application

api-experience-hub-consumer.createApplication

$ curl -X POST ${baseUrl}/xapi/v1/portals/{targetOrganizationId}/{portalId}/assets/{groupId}/{assetId}/{minorVersion}/applications \
  -H "Authorization: Bearer ${authToken}" \
  -H "Content-Type: application/json"

Captured Variables

createdApplicationId $.id

The new application ID

clientId $.clientId

OAuth client ID issued to the application

clientSecret $.clientSecret

OAuth client secret (shown only at creation — store it securely)

What happens next: Capture the clientSecret now — it is not retrievable later; you must rotate via Step 5 if lost.

Step 4: Update Application Metadata

Change an application's name, description, or OAuth redirect URIs after creation.

api-experience-hub-consumer.updateApplication

$ curl -X PUT ${baseUrl}/xapi/v1/portals/{targetOrganizationId}/{portalId}/applications/{applicationId} \
  -H "Authorization: Bearer ${authToken}" \
  -H "Content-Type: application/json"

Captured Variables

updatedApplicationId $.id

Confirmed ID of the updated application

Step 5: Reset Client Secret

Rotate the clientSecret — e.g., after a suspected leak or as part of key-rotation policy.

api-experience-hub-consumer.resetClientSecretForApplication

$ curl -X POST ${baseUrl}/xapi/v1/portals/{targetOrganizationId}/{portalId}/applications/{applicationId}/secret/reset \
  -H "Authorization: Bearer ${authToken}" \
  -H "Content-Type: application/json"

Captured Variables

newClientSecret $.clientSecret

Newly generated client secret (store it securely — only shown once)

What happens next: Update every consumer of this application to use the new secret. The previous secret is invalidated.

Step 6: View Application Details

Inspect a single application's current state — metadata plus any derived info.

api-experience-hub-consumer.getApplicationDetailById

$ curl -X GET ${baseUrl}/xapi/v1/portals/{targetOrganizationId}/{portalId}/applications/{applicationId} \
  -H "Authorization: Bearer ${authToken}" \
  -H "Content-Type: application/json"

Captured Variables

applicationDetails $

Current application metadata (clientId present; secret never returned)

Step 7: Delete an Application (Optional)

Remove an application that is no longer in use. All contracts bound to it are revoked.

api-experience-hub-consumer.deleteApplication

$ curl -X DELETE ${baseUrl}/xapi/v1/portals/{targetOrganizationId}/{portalId}/applications/{applicationId} \
  -H "Authorization: Bearer ${authToken}" \
  -H "Content-Type: application/json"

Captured Variables

deletedApplicationId $.id

Confirmation of the deleted application

Name	Value	Source
No variables yet

Completion Checklist

[ ] Existing applications reviewed
[ ] Unique application name confirmed
[ ] New application created and secret captured
[ ] Metadata kept up to date (name, description, redirect URIs)
[ ] Secrets rotated on schedule or after incidents
[ ] Stale applications deleted

What You've Built

✅ Healthy Application Portfolio — Active applications with fresh credentials, no stale clients lingering.

Next Steps

Request API access — See request-api-access to create a contract from an application against a published API.
Monitor contracts — See the contract-listing steps in request-api-access to audit which APIs each application consumes.