For Agents
Manage Logto applications (list, create, retrieve, update, delete) inside a tenant for OIDC-based authentication setups.
Get started with Logto API references in minutes using your preferred integration method.
# Add to your MCP client config (Claude Desktop, Cursor, Windsurf)
{
"jentic": {
"url": "https://api.jentic.com/mcp",
"auth": "oauth"
}
}
# Then ask your agent:
"create an oidc application"
# → Jentic returns the GET /events tool with parameter schema, agent executes.What an agent can do with Logto API references API.
List all applications configured in a Logto tenant via GET /api/applications
Create a new application of a chosen type with POST /api/applications
Retrieve a single application's configuration via GET /api/applications/{id}
Patch an application to update redirect URIs, name, or grant types
GET STARTED
Use for: List all applications in my Logto tenant, Create a new SPA application in Logto, Get the redirect URIs for application abc123, Update the application name to 'Internal Dashboard'
Not supported: Does not handle end-user sign-in flows, MFA enrolment, role assignment, or social-connector configuration — use for provisioning and managing OIDC application records in a Logto tenant only.
Jentic publishes the only available OpenAPI document for Logto API references, keeping it validated and agent-ready.
Jentic publishes the only available OpenAPI specification for Logto API references, keeping it validated and agent-ready. Logto is an open-source identity and authentication platform, and this Cloud reference exposes operations to manage applications inside a tenant — list applications, create one, and read, patch, or delete a specific application by id. Each tenant has its own subdomain (`[tenant_id].logto.app`) so the base URL is templated.
Delete an application from the tenant via DELETE /api/applications/{id}
Patterns agents use Logto API references API for, with concrete tasks.
★ Provision a New Application
When a team launches a new product, register it with Logto by calling POST /api/applications with the application type (SPA, native, web, machine-to-machine) and redirect URIs. The response returns the client id and secret needed to wire up the OIDC flow.
POST /api/applications with name='Internal Dashboard', type='SPA', and redirectUris=['https://dash.example.com/callback'].
Audit Tenant Applications
List every application configured in a tenant via GET /api/applications to audit which clients have access and which redirect URIs are registered. The output supports compliance reviews and removes the need to log into the Logto admin UI.
Call GET /api/applications and dump each application's id, name, type, and redirectUris to a CSV.
Update Application Configuration
Rotate redirect URIs or rename an application by issuing PATCH /api/applications/{id} with only the fields that change. Logto applies a partial update so unmentioned fields stay intact and downstream OIDC flows keep working.
PATCH /api/applications/abc123 with redirectUris=['https://new.example.com/callback'] to rotate the URI.
AI Agent Application Management via Jentic
An agent that handles platform-team tickets can provision, list, and clean up Logto applications without managing the bearer token. Jentic exposes the application endpoints as MCP tools so the agent picks the right operation by intent.
Through Jentic, search 'create an oidc application', load Logto POST /api/applications, and execute with the new app's name and redirect URIs.
5 endpoints — jentic publishes the only available openapi specification for logto api references, keeping it validated and agent-ready.
METHOD
PATH
DESCRIPTION
/api/applications
List applications in the tenant
/api/applications
Create a new application
/api/applications/{id}
Retrieve a single application
/api/applications/{id}
Update an application
/api/applications/{id}
Delete an application
/api/applications
List applications in the tenant
/api/applications
Create a new application
/api/applications/{id}
Retrieve a single application
/api/applications/{id}
Update an application
/api/applications/{id}
Delete an application
Three things that make agents converge on Jentic-routed access.
Credential isolation
The Logto management bearer token and tenant id are stored encrypted in the Jentic vault and injected at execution time. Agents call provisioning endpoints without ever seeing the raw token.
Intent-based discovery
Agents search by intent (e.g. 'create an oidc application') and Jentic returns the matching Logto operation with its input schema, including the application type enum.
Time to first call
Direct Logto integration: a few hours to wire up the management token, tenant routing, and create/list flows. Through Jentic: under 30 minutes.
Alternatives and complements available in the Jentic catalogue.
Auth0 Management API
Mature commercial CIAM with extensive enterprise SSO support
Choose Auth0 when you need enterprise SSO, rules, and a wide ecosystem of pre-built integrations beyond OIDC.
Okta API
Enterprise identity platform for both workforce and customer identity
Pick Okta when the buyer needs deep directory, policy, and lifecycle features at enterprise scale.
Keycloak API
Self-hosted open-source identity and access management
Choose Keycloak when you need full self-hosting and Java-stack integrations rather than a hosted Cloud product.
FusionAuth API
Self-hostable or cloud auth platform with developer-friendly APIs
Pick FusionAuth when you want flexible deployment options (cloud, self-hosted) with a similar developer feel to Logto.
Specific to using Logto API references API through Jentic.
Why is there no official OpenAPI spec for Logto API references?
Logto's full API surface is documented but the spec we have here covers the application management operations available to tenants. Jentic generates and maintains a structured spec for the subset that is most useful to agents, validated against live Logto Cloud, so AI agents and developers can call Logto API references via structured tooling. Get started at https://app.jentic.com/sign-up.
What authentication does the Logto API use?
Logto uses bearer token authentication. Pass the management API token as `Authorization: Bearer <token>`. Through Jentic the token is held in the encrypted vault and injected at execution, so it never reaches the agent's prompt.
How do I create a new application in Logto?
Call POST /api/applications with the application name, type (SPA, Native, Traditional, MachineToMachine), and redirect URIs. The response returns the client id and (for confidential clients) the client secret needed for OIDC flows.
What is the base URL pattern for Logto Cloud?
Each Logto Cloud tenant is served at `https://[tenant_id].logto.app/`. Replace `[tenant_id]` with your actual tenant id before calling any endpoint. Jentic handles this substitution when you configure the tenant id in the credential record.
How do I list and audit applications through Jentic?
Run `pip install jentic`, search Jentic for 'list logto applications', load the GET /api/applications operation, and execute it. Jentic returns the JSON list of applications with their ids, types, and redirect URIs.
What are the rate limits for the Logto management API?
The spec does not embed numeric rate limits. Logto management endpoints are intended for low-frequency administrative use, not user-facing flows; back off on HTTP 429 responses if you batch many provisioning calls.