I want to create OAuth 2.0 client application using postman

I tried to create client application by following link. (using API token)


It did not allowed me to create the application, in fact it gave me error like “Resource not found”.

“errorCode”: “E0000007”,
“errorSummary”: “Not found: Resource not found: Sample Client App - Through API (App)”,
“errorLink”: “E0000007”,
“errorId”: “oae8GtOhEVbTr64_55Ma–tCw”,

Please help if anyone has come across such requirement.

Hi there! I recommend checking out Okta’s postman collection(s) - There’s an Apps API specific collection you can use to test: Postman Collections | Okta Developer

Hello pgosai,

In Postman you can export a call to various code </> including cURL. Could you do that and supply the call. Make sure you don’t supply your actual API Token when posting the cURL call.
A guess would be that you are accidentally doing a GET instead of a POST, but would need to see the entire command to know for sure.

Yes I have followed that and used their collection. But when creating it is giving such error response.

curl --location --request POST ‘https://dev-{actual url}.okta.com/api/v1/apps’
–header ‘Accept: application/json’
–header ‘Content-Type: application/json’
–header ‘Authorization: SSWS {API token}’
–data-raw ‘{
“name”: “Sample Client App - Through API”,
“label”: “Sample Client App”,
“signOnMode”: “OPENID_CONNECT”,
“credentials”: {
“oauthClient”: {
“token_endpoint_auth_method”: “client_secret_post”
“profile”: {
“label”: “Sample Client App”
“settings”: {
“oauthClient”: {
“consent_method”: “REQUIRED”,
“client_uri”: “http://localhost:8080”,
“logo_uri”: “http://developer.okta.com/assets/images/logo-new.png”,
“redirect_uris”: [
“https://{actual url}/signin-oidc-okta”
“post_logout_redirect_uris”: [
“https://{actual url}/signout-callback-oidc”
“response_types”: [
“grant_types”: [
“application_type”: “web”

Here is full call details. I have imported the collection that Okta provides. So, the call is POST call, not sure what is else is wrong in this.

The call mostly looks ok. The one thing that sticks out is for grant_types you only have “authorization_code”. Since your response_types includes “id_token”/“token” you would also need to add “implicit” to your grant_types. If you do not want to support “implicit” you would need to set response_types to only contain “code”.

Below is a working call I tested for comparison.

curl --location --request POST 'https://{DOMAIN}.okta.com/api/v1/apps' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--header 'Authorization: SSWS 001...' \
--data-raw '{
    "name": "oidc_client",
    "label": "AFF Test",
    "signOnMode": "OPENID_CONNECT",
    "credentials": {
      "oauthClient": {
        "token_endpoint_auth_method": "client_secret_post"

    "profile": {
        "appid": "APP-43",
        "label": "AFF Test"
    "settings": {
      "oauthClient": {
        "client_uri": "http://localhost:8080",
        "logo_uri": "http://developer.okta.com/assets/images/logo-new.png",
        "redirect_uris": [
        "response_types": [
        "grant_types": [
        "application_type": "web"
1 Like