---
title: /users/user/oauth2/applications
description: Invoke this Advanced Identity Cloud-specific endpoint to list the applications granted OAuth 2.0 access and to delete tokens for a specified client.
component: pingoneaic-api
page_id: pingoneaic-api:am-oauth2:rest-api-oauth2-applications-endpoint
canonical_url: https://developer.pingidentity.com/pingoneaic-api/am-oauth2/rest-api-oauth2-applications-endpoint.html
keywords: ["OAuth 2.0", "API Explorer", "Endpoints", "Clients"]
section_ids:
  query-applications: Query applications
  delete-tokens-for-a-client: Delete tokens for a client
---

# /users/user/oauth2/applications

Invoke this Advanced Identity Cloud-specific endpoint to list the applications granted OAuth 2.0 access and to delete tokens for a specified client.

To call the endpoint, you must compose the path to the realm where the client is registered.

## Query applications

This example lists all the OAuth 2.0 clients holding active tokens granted in the `alpha` realm for the resource owner, `bjensen`. You must provide the SSO token of the tenant administrator or the resource owner as a header, and include the resource owner's `_id` in the URL:

```bash
$  curl --request GET \
--header "Accept-API-Version: resource=1.1" \
--header "<session-cookie-name>: Ua6fsH2vjgHqVY..." \
"https://<tenant-env-fqdn>/am/json/realms/root/realms/alpha/users/1dff18dc-ac57-4388-8127-dff309f80002/oauth2/applications?_queryFilter=true"
{
    "result": [
        {
            "_id": "myClient",
            "_rev": "-1121350941",
            "name": null,
            "scopes": {
                "write": "write"
            },
            "expiryDateTime": null,
            "logoUri": null
        }
    ],
    "resultCount": 1,
    "pagedResultsCookie": null,
    "totalPagedResultsPolicy": "NONE",
    "totalPagedResults": -1,
    "remainingPagedResults": -1
}
```

On success, Advanced Identity Cloud returns an HTTP 200 code and a JSON object with information about the tokens, such as the granted scopes and the ID for the client to which they belong.

## Delete tokens for a client

The following example deletes all tokens held by the OAuth 2.0 client `myClient` granted in the `alpha` realm by `bjensen`. You must provide the SSO token of the tenant administrator or the resource owner as a header, and include the `_id` of the resource owner and `_id` of the client (`myClient`) in the URL:

```bash
$ curl --request DELETE \
--header "Accept-API-Version: resource=1.1" \
--header "<session-cookie-name>: Ua6fsH2vjgHqVY..." \
"https://<tenant-env-fqdn>/am/json/realms/root/realms/alpha/users/1dff18dc-ac57-4388-8127-dff309f80002/oauth2/applications/myClient"
{
    "_id": "myClient",
    "_rev": "-1121350941",
    "name": null,
    "scopes": {
        "write": "write"
    },
    "expiryDateTime": null,
    "logoUri": null
}
```

On success, Advanced Identity Cloud returns an HTTP 200 code and a JSON object with information about the deleted tokens, such as the granted scopes and ID of the client.