Connected app-specific methods were introduced in Tableau 2021.4.

Connected app methods

A connected app can be used to securely authenticate (SSO) your users to Tableau content embedded in a custom application. A connected app enables you to establish a trusted relationship between Tableau and any custom application.

Using the connected app methods of the Tableau REST API, you can:

  • Create, query, update, and delete a Tableau connected app
  • Create, query, and delete the secret generated for a Tableau connected app

This functionality relates to UI elements and concepts described at:

Create Connected App

Create a connected app.

A connected app can be used to securely authenticate your users to Tableau content embedded in a custom application or for REST API authorization (introduced to Tableau Online in June 2022). By creating a connected app, you can establish a trusted relationship between Tableau and any custom application.

For more information about connected apps, see one of the following:

URI

POST /api/api-version/sites/site-id/connected-applications

Parameter Values

api-version The version of the API to use, such as 3.16. For more information, see REST API and Resource Versions.
site-id The unique ID of the site asset.

Request Body

<tsRequest>
  <connectedApplication name="name" enabled="enabled"
	projectId="project" domainSafelist="domainSafelist"
	unrestrictedEmbedding="unrestrictedEmbedding" />
</tsRequest>

Attribute Values

Any combination of attributes inside the <connectedApplication> element is valid, however name is required.

name Name of the connected app.
enabled (Optional) Controls whether the connected app is enabled or not. Value can be "true" or "false". If the state is not specified, the connected app is set to "false" and not enabled by default.
project

(Optional, embedding workflows only) The ID of the project that the connected app's access level is scoped to. To get the project ID, see Query Projects.

To scope the connected app's access to all projects on a site, omit the projectId attribute from the request.

domainSafelist

(Optional, embedding workflows only) A list of domains the connected app is allowed to be hosted. Specify one or more URLs, separated by spaces, using a format described in Domain allowlist rules(Link opens in a new window) in the Tableau Server Help or Domain allowlist rules(Link opens in a new window) in the Tableau Online Help.

For example: https://tableau.com https://myco.com:552 marketing.example.com

unrestrictedEmbedding (Optional, embedding workflows only) Controls whether the connected app can be hosted on all domains. If "true" value is specified, the connected app can be hosted on all domains. If "false" value is specified, the connected app can only be hosted on the domains specified in the <domainSafelist> attribute.

Permissions

Tableau Server admins or Tableau Online site admins only.

Response Code

201

Response Body

Example response:

<tsResponse>
  <connectedApplication>
	<name>ConnectedApp_MyCo</name>
	<enabled>true</enabled>
	<clientId>ac95d175-c844-4779-9d58-415e01fe7dab</clientId>
	<projectId>1f2f3e4e-5d6d-7c8c-9b0b-1a2a3f4f5e6e</projectId>
	<createdAt>2021-08-10T18:46:30Z</createdAt>
	<unrestrictedEmbedding>true</unrestrictedEmbedding>
  </connectedApplication>
</tsResponse>

Version

Version 3.14 and later. For more information, see REST API and Resource Versions.

Errors

HTTP status error Code Condition Details
400 400000 Bad request The content of the request body is missing or incomplete, or contains malformed XML.
400 400109 Bad request The request body can't be empty.
400 400143 Generic connected app error The connected app could not be deleted for some other reason than those specified in this table.
403 403000 Admin permissions required A non-admin user called this method and doesn't have adequate permissions to perform the action.
404 404000 Resource not found The site ID in the URI doesn't correspond to an existing site.
404 404041 Connected app not found The requested connected app could not be found.

Create Connected App Secret

Generate a secret for a connected app.

Secrets are tokens shared by Tableau and a custom application, and used to establish a trusted relationship.

A maximum of two secrets can be associated with a connected app. These secrets do not expire and remain valid until deleted. If a connected app has already reached its two secret maximum when another one is generated, an error is thrown.

URI

POST /api/api-version/sites/site-id/connected-applications/client-id/secrets

Parameter Values

api-version The version of the API to use, such as 3.16. For more information, see REST API and Resource Versions.
site-id The unique ID of the site asset.
client-id The unique ID of the connected app.

Request Body

None

Permissions

Tableau Server admins or Tableau Online site admins only.

Response Code

201

Response Body

The request returns details about the generated secret, including the secret value <value>.

Example response:

<tsResponse>
  <connectedApplicationSecret>
	<value>TO7/wkW+45U001IBtyNbtyIMYQ/GBM0XlRXqsgYqPlY=</value>
	<id>7ecc5c7c-d923-4ffd-917b-cab1bd89f03b</id>
	<createdAt>2021-08-10T18:48:40Z</createdAt>
  </connectedApplicationSecret>
</tsResponse>

Version

Version 3.14 and later. For more information, see REST API and Resource Versions.

Errors

HTTP status error Code Condition Details
400 400143 Generic connected app error The connected app could not be deleted for some other reason than those specified in this table.
400 400144 Secret limit exceeded

The connected app has already reached its two secret maximum.

403 403000 Admin permissions required A non-admin user called this method and doesn't have adequate permissions to perform the action.
404 404000 Resource not found The site ID in the URI doesn't correspond to an existing site.
404 404041 Connected app not found The requested connected app could not be found.
404 404042 Secret not found The requested secret for the connected app could not be found.

Delete Connected App

Permanently remove a connected app.

Deleting the connected app also deletes the secrets associated with the connected app. For more information about deleting a connected app, see one of the following: 

URI

DELETE api/api-version/sites/site-id/connected-applications/client-id

Parameter Values

api-version The version of the API to use, such as 3.16. For more information, see REST API and Resource Versions.
site-id The unique ID of the site asset.
client-id The unique ID of the connected app.

Permissions

Tableau Server admins or Tableau Online site admins only.

Response Code

204

Response Body

None

Version

Version 3.14 and later. For more information, see REST API and Resource Versions.

Errors

HTTP status error Code Condition Details
400 400143 Generic connected app error The connected app could not be deleted for some other reason than those specified in this table.
403 403000 Admin permissions required A non-admin user called this method and doesn't have adequate permissions to perform the action.
404 404000 Resource not found The site ID in the URI doesn't correspond to an existing site.
404 404041 Connected app not found The requested connected app could not be found.

Delete Connected App Secret

Permanently remove a secret associated with a connected app.

For more information about deleting a connected app, see one of the following:

URI

DELETE api/api-version/sites/site-id/connected-applications/client-id/secrets/secret-id

Parameter Values

api-version The version of the API to use, such as 3.16. For more information, see REST API and Resource Versions.
site-id The unique ID of the site asset.
client-id The unique ID of the connected app.
secret-id The unique ID of the connected app secret.

Permissions

Tableau Server admins or Tableau Online site admins only.

Response Code

204

Response Body

None

Version

Version 3.14 and later. For more information, see REST API and Resource Versions.

Errors

HTTP status error Code Condition Details
400 400143 Generic connected app error The connected app could not be deleted for some other reason than those specified in this table.
403 403000 Admin permissions required A non-admin user called this method and doesn't have adequate permissions to perform the action.
404 404000 Resource not found The site ID in the URI doesn't correspond to an existing site.
404 404041 Connected app not found The requested connected app could not be found.
404 404042 Secret not found The requested secret for the connected app could not be found.

Get Connected App

Query a connected app by its ID.

URI

GET api/api-version/sites/site-id/connected-applications/client-id

Parameter Values

api-version The version of the API to use, such as 3.16. For more information, see REST API and Resource Versions.
site-id The unique ID of the site asset.
client-id The unique ID of the connected app.

Request Body

None

Permissions

Tableau Server admins or Tableau Online site admins only.

Response Code

200

Response Body

The request returns details about the connected app, including the following:

  • <secret>: Information related to the secret only if it has been previously generated. To create a secret for a connected app, see Create Connected App Secret. To get the secret value, see Query Connected App Secret.
  • <name>: Name of the connected app.
  • <enabled>: Whether the connected app is enabled or not.
  • <clientId>: The ID of the connected app.
  • <projectId>: The project that the connected app's access level is scoped to.
  • <domainSafelist>: If specified, one or more domains that the connected app is allowed to be hosted on.
  • <unrestrictedEmbedding>: Whether the connected app can be hosted on all domains. If false is returned, the <domainSafelist> attribute determines the domain access.

Example response:

<tsResponse>
  <connectedApplications>
	<connectedApplication>
	  <secret>
		<id>7ecc5c7c-d923-4ffd-917b-cab1bd89f03b</id>
		<createdAt>2021-08-10T18:48:40Z</createdAt>
	  </secret>
	  <name>ConnectedApp_MyCo</name>
	  <enabled>true</enabled>
	  <clientId>ac95d175-c844-4779-9d58-415e01fe7dab</clientId>
	  <projectId>1f2f3e4e-5d6d-7c8c-9b0b-1a2a3f4f5e6e</projectId>
	  <createdAt>2021-08-10T18:46:30Z</createdAt>
	  <unrestrictedEmbedding>false</unrestrictedEmbedding>
	</connectedApplication>
  <connectedApplications>
</tsResponse>

Version

Version 3.14 and later. For more information, see REST API and Resource Versions.

Errors

HTTP status error Code Condition Details
400 400143 Generic connected app error The connected app could not be deleted for some other reason than those specified in this table.
403 403000 Admin permissions required A non-admin user called this method and doesn't have adequate permissions to perform the action.
404 404000 Resource not found The site ID in the URI doesn't correspond to an existing site.
404 404041 Connected app not found The requested connected app could not be found.

List Connected Apps

Query all connected apps configured on a site.

URI

GET api/api-version/sites/site-id/connected-applications

Parameter Values

api-version The version of the API to use, such as 3.16. For more information, see REST API and Resource Versions.
site-id The unique ID of the site asset.

Request Body

None

Permissions

Tableau Server admins or Tableau Online site admins only.

Response Code

200

Response Body

The request returns details about the connected app, including the following:

  • <secret>: Information related to the secret only if it has been previously generated. To create a secret for a connected app, see Create Connected App Secret. To get the secret value, see Query Connected App Secret.
  • <name>: Name of the connected app.
  • <enabled>: Whether the connected app is enabled or not.
  • <clientId>: The ID of the connected app.
  • <projectId>: The project that the connected app's access level is scoped to.
  • <domainSafelist>: If specified, one or more domains that the connected app is allowed to be hosted on.
  • <unrestrictedEmbedding>: Whether the connected app can be hosted on all domains. If false is returned, the <domainSafelist> attribute determines the domain access.

Example response:

<tsResponse>
  <connectedApplications>
	<connectedApplication>
	  <secret>
		<id>7ecc5c7c-d923-4ffd-917b-cab1bd89f03b</id>
		<createdAt>2021-08-10T18:48:40Z</createdAt>
	  </secret>
	  <name>ConnectedApp_MyCo</name>
	  <enabled>true</enabled>
	  <clientId>ac95d175-c844-4779-9d58-415e01fe7dab</clientId>
	  <projectId>1f2f3e4e-5d6d-7c8c-9b0b-1a2a3f4f5e6e</projectId>
	  <createdAt>2021-08-10T18:46:30Z</createdAt>
	  <domainSafelist>https://myco.com</domainSafelist>
	  <unrestrictedEmbedding>false</unrestrictedEmbedding>
	</connectedApplication>
	<connectedApplication>
	  <name>ConnectedApp_MyCo_stage1</name>
	  <enabled>false</enabled>
	  <clientId>7370df14-2741-43f9-bbdd-450f707530a0</clientId>
	  <projectId>1f2f3e4e-5d6d-7c8c-9b0b-1a2a3f4f5e6e</projectId>
	  <createdAt>2021-08-18T00:49:05Z</createdAt>
	  <projectId>1f2f3e4e-5d6d-7c8c-9b0b-1a2a3f4f5e6e</projectId>
	  <unrestrictedEmbedding>true</unrestrictedEmbedding>
	</connectedApplication>
	<connectedApplication>
	  <name>ConnectedApp_MyCo_stage2</name>
	  <enabled>false</enabled>
	  <clientId>f1e57298-ecd4-46a9-b8d9-e5ab0bf76a82</clientId>
	  <createdAt>2021-08-18T00:54:30Z</createdAt>
	</connectedApplication>
  <connectedApplications>
</tsResponse>

Version

Version 3.14 and later. For more information, see REST API and Resource Versions.

Errors

HTTP status error Code Condition Details
400 400143 Generic connected app error The connected app could not be deleted for some other reason than those specified in this table.
403 403000 Admin permissions required A non-admin user called this method and doesn't have adequate permissions to perform the action.
404 404000 Resource not found The site ID in the URI doesn't correspond to an existing site.
404 404041 Connected app not found The requested connected app could not be found.

Get Connected App Secret

Query a connected app secret and the token value using the connected app's ID.

Secrets are tokens shared by Tableau and a custom application, and used to establish a trusted relationship.

A maximum of two secrets can be associated with a connected app. These secrets do not expire and remain valid until deleted.

URI

GET api/api-version/sites/site-id/connected-applications/client-id/secrets/secret-id

Parameter Values

api-version The version of the API to use, such as 3.16. For more information, see REST API and Resource Versions.
site-id The unique ID of the site asset.
client-id The unique ID of the connected app.
secret-id The unique ID of the connected app secret.

Request Body

None

Permissions

Tableau Server admins or Tableau Online site admins only.

Response Code

200

Response Body

The request returns details about the secret associated with the connected app, including the following:

  • <value>: The token value of the secret.
  • <id>: The ID of the secret.

Example response:

<tsResponse>
  <connectedApplicationSecret>
	<value>TO7/wkW+45U001IBtyNbtyIMYQ/GBM0XlRXqsgYqPlY=</value>
	<id>7ecc5c7c-d923-4ffd-917b-cab1bd89f03b</id>
	<createdAt>2021-08-10T18:48:40Z</createdAt>
  </connectedApplicationSecret>
</tsResponse>

Version

Version 3.14 and later. For more information, see REST API and Resource Versions.

Errors

HTTP status error Code Condition Details
400 400143 Generic connected app error The connected app could not be deleted for some other reason than those specified in this table.
403 403000 Admin permissions required A non-admin user called this method and doesn't have adequate permissions to perform the action.
404 404000 Resource not found The site ID in the URI doesn't correspond to an existing site.
404 404041 Connected app not found The requested connected app could not be found.
404 404042 Secret not found The requested secret for the connected app could not be found.

Update Connected App

Update a connected app.

URI

PUT api/api-version/sites/site-id/connected-applications/client-id

Parameter Values

api-version The version of the API to use, such as 3.16. For more information, see REST API and Resource Versions.
site-id The unique ID of the site asset.
client-id The unique ID of the connected app.

Request Body

<tsRequest>
  <connectedApplication name="name" enabled="enabled"
	projectId="project" domainSafelist="domainsafelist"
	unrestrictedEmbedding="embedding" />
</tsRequest>

Attribute Values

Any combination of attributes inside the <connectedApplication> element is valid.

name (Optional) The new name of the connected app.
enabled (Optional) Controls whether the connected app is enabled or not. Value can be "true" or "false". If the state is not specified, the connected app is set to "false" and not enabled by default.
project

(Optional, embedding workflows only) The ID of the project that the connected app's access level is scoped to. To get the project ID, see Query Projects.

To scope the connected app's access to all projects on a site, omit the projectId attribute from the request.

domainsafelist

(Optional, embedding workflows only ) A list of domains the connected app is allowed to be hosted. Specify one or more URLs, separated by spaces, using a format described in Domain allowlist rules(Link opens in a new window) in the Tableau Server Help or Domain allowlist rules(Link opens in a new window) in the Tableau Online Help.

For example: https://tableau.com https://myco.com:552 marketing.example.com

embedding (Optional, embedding workflows only) Controls whether the connected app can be hosted on all domains. If "true" value is specified, the connected app can trust and connect to all domains. If "false" value is specified, the connected app can only be hosted on the domains specified in the <domainSafelist> attribute.

Permissions

Tableau Server admins or Tableau Online site admins only.

Response Code

200

Response Body

Example response:

<tsResponse>
  <connectedApplication>
	<secret>
	  <id>d8a51b6c-bf70-4aaf-959b-93d2ba4897e6</id>
	  <createdAt>2021-08-18T17:59:11Z</createdAt>
	</secret>
	<name>ConnectedApp_MyCo</name>
	<enabled>true</enabled>
	<clientId>9486dee1-ca98-4144-b6e0-f5c555e64796</clientId>
	 <projectId>1f2f3e4e-5d6d-7c8c-9b0b-1a2a3f4f5e6e</projectId>
	<createdAt>2021-08-18T17:48:03Z</createdAt>
	<unrestrictedEmbedding>true</unrestrictedEmbedding>
  </connectedApplication>
</tsResponse>

Note: The request will return the secret associated with the connected app only if it has been previously generated. To get the secret value, see Query Connected App Secret.

Version

Version 3.14 and later. For more information, see REST API and Resource Versions.

Errors

HTTP status error Code Condition Details
400 400000 Bad request The content of the request body is missing or incomplete, or contains malformed XML.
400 400109 Bad request The request body can't be empty.
400 400143 Generic connected app error The connected app could not be deleted for some other reason than those specified in this table.
403 403000 Admin permissions required A non-admin user called this method and doesn't have adequate permissions to perform the action.
404 404000 Resource not found The site ID in the URI doesn't correspond to an existing site.
404 404041 Connected app not found The requested connected app could not be found.

Thanks for your feedback!