application-post-applications.md

title	Create application
description	Create a new application.
author	Jackson-Woods
ms.localizationpriority	high
doc_type	apiPageType
ms.subservice	entra-applications
ms.date	05/14/2024

Create application

Namespace: microsoft.graph

[!INCLUDE beta-disclaimer]

Create a new application object. This API can also create an agentIdentityBlueprint object when the @odata.type property is set to #microsoft.graph.agentIdentityBlueprint.

Important

Do not share application client IDs (appId) in API documentation or code samples.

[!INCLUDE national-cloud-support]

Permissions

Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions only if your app requires it. For details about delegated and application permissions, see Permission types. To learn more about these permissions, see the permissions reference.

[!INCLUDE permissions-table]

[!INCLUDE rbac-application-apis-write]

HTTP request

POST /applications

Request headers

Name	Description
Authorization	Bearer {token}. Required. Learn more about authentication and authorization.
Content-Type	application/json. Required.

Request body

In the request body, supply a JSON representation of application object. The request body must contain displayName, which is a required property. To create an agentIdentityBlueprint, also set the @odata.type property to #microsoft.graph.agentIdentityBlueprint.

Response

If successful, this method returns 201 Created response code and an application or agentIdentityBlueprint object in the response body.

Examples

Example 1: Create an application with the default settings

Request

The following example shows a request.

HTTP

POST https://graph.microsoft.com/beta/applications
Content-type: application/json

{
  "displayName": "Display name"
}

C#

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

Go

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

Java

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

JavaScript

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

PHP

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

PowerShell

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

Python

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

---

Response

The following example shows the response.

Note: The response object shown here might be shortened for readability.

HTTP/1.1 201 Created
Content-type: application/json

{
    "@odata.context": "https://graph.microsoft.com/beta/$metadata#applications/$entity",
    "id": "03ef14b0-ca33-4840-8f4f-d6e91916010e",
    "deletedDateTime": null,
    "isFallbackPublicClient": null,
    "appId": "631a96bc-a705-4eda-9f99-fdaf9f54f6a2",
    "applicationTemplateId": null,
    "identifierUris": [],
    "createdDateTime": "2019-09-17T19:10:35.2742618Z",
    "displayName": "Display name",
    "isDeviceOnlyAuthSupported": null,
    "groupMembershipClaims": null,
    "optionalClaims": null,
    "addIns": [],
    "publisherDomain": "contoso.com",
    "samlMetadataUrl": "https://graph.microsoft.com/2h5hjaj542de/app",
    "signInAudience": "AzureADandPersonalMicrosoftAccount",
    "tags": [],
    "tokenEncryptionKeyId": null,
    "api": {
        "requestedAccessTokenVersion": 2,
        "acceptMappedClaims": null,
        "knownClientApplications": [],
        "oauth2PermissionScopes": [],
        "preAuthorizedApplications": []
    },
    "appRoles": [],
    "publicClient": {
        "redirectUris": []
    },
    "info": {
        "termsOfServiceUrl": null,
        "supportUrl": null,
        "privacyStatementUrl": null,
        "marketingUrl": null,
        "logoUrl": null
    },
    "keyCredentials": [],
    "parentalControlSettings": {
        "countriesBlockedForMinors": [],
        "legalAgeGroupRule": "Allow"
    },
    "passwordCredentials": [],
    "requiredResourceAccess": [],
    "uniqueName": null,
    "web": {
        "redirectUris": [],
        "homePageUrl": null,
        "logoutUrl": null,
        "implicitGrantSettings": {
            "enableIdTokenIssuance": false,
            "enableAccessTokenIssuance": false
        }
    },
    "windows" : null
}

Example 2: Create a new application and add a password secret

Request

HTTP

POST https://graph.microsoft.com/beta/applications
Content-type: application/json

{
  "displayName": "MyAppName",
  "passwordCredentials": [
    {
      "displayName": "Password name"
    }
  ]
}

C#

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

Go

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

Java

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

JavaScript

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

PHP

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

PowerShell

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

Python

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

---

Response

The following example shows the response. The secretText property in the response object contains the strong passwords or secret generated by Microsoft Entra ID and is 16-64 characters in length. There is no way to retrieve this password in the future.

Note: The response object shown here might be shortened for readability.

HTTP/1.1 200 OK
Content-type: application/json

{
    "@odata.context": "https://graph.microsoft.com/beta/$metadata#applications/$entity",
    "id": "83ab4737-da9d-4084-86f2-f8fbec220647",
    "deletedDateTime": null,
    "appId": "9519e58c-bd06-4120-a7fd-2220d4de8409",
    "applicationTemplateId": null,
    "disabledByMicrosoftStatus": null,
    "createdDateTime": "2024-04-01T19:10:02.6626202Z",
    "displayName": "MyAppName",
    "description": null,
    "keyCredentials": [],
    "parentalControlSettings": {
        "countriesBlockedForMinors": [],
        "legalAgeGroupRule": "Allow"
    },
    "passwordCredentials": [
        {
            "customKeyIdentifier": null,
            "displayName": "Password name",
            "endDateTime": "2026-04-01T19:10:02.6576213Z",
            "hint": "puE",
            "keyId": "09a0c91a-1bc3-4eaf-a945-c88c041fad6c",
            "secretText": "1234567890abcdefghijklmnopqrstuvwxyzabcd",
            "startDateTime": "2024-04-01T19:10:02.6576213Z"
        }
    ],
    "publicClient": {
        "redirectUris": []
    }
}

Example 3: Create a new multitenant application limited to only some tenants

Request

The following example creates a multitenant application that can only be used in two allowed Microsoft Entra tenants (and the tenant where the app is registered).

HTTP

POST https://graph.microsoft.com/beta/applications
Content-type: application/json

{
  "displayName": "MyAppName",
  "signInAudience": "AzureADMultipleOrgs",
  "signInAudienceRestrictions": {
    "@odata.type": "#microsoft.graph.allowedTenantsAudience",
    "isHomeTenantAllowed": true,
    "allowedTenantIds": [
      "818ce016-78c2-457c-91d7-c02c2faaa5fe",
      "c62670b0-53a1-4a38-b26c-4093cbaa510a"
    ]
  }
}

C#

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

Go

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

Java

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

JavaScript

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

PHP

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

PowerShell

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

Python

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

---

Response

The following example shows the response.

Note: The response object shown here might be shortened for readability.

HTTP/1.1 200 OK
Content-type: application/json

{
    "@odata.context": "https://graph.microsoft.com/beta/$metadata#applications/$entity",
    "id": "83ab4737-da9d-4084-86f2-f8fbec220647",
    "appId": "9519e58c-bd06-4120-a7fd-2220d4de8409",
    "createdDateTime": "2025-11-01T19:10:02.6626202Z",
    "displayName": "MyAppName",
    "signInAudience": "AzureADMultipleOrgs",
    "signInAudienceRestrictions": {
      "@odata.type": "#microsoft.graph.allowedTenantsAudience",
      "isHomeTenantAllowed": true,
      "allowedTenantIds": [
        "818ce016-78c2-457c-91d7-c02c2faaa5fe",
        "c62670b0-53a1-4a38-b26c-4093cbaa510a"
      ]
    }
}