# About Snyk Apps

Snyk Apps are integrations that extend the functionality of the Snyk platform, allowing you to create a Snyk experience to suit your specific needs.

For example, a Snyk App might automate Snyk [application security testing](https://snyk.io/learn/application-security/testing/) as part of a build tool. Another Snyk App might stream Snyk security testing results into an incident management tool. You can create your own reporting, metrics, or even a user management App. You can move your automated Snyk API scripts and transform them into a Snyk App, which will add a better UX/UI experience for your Snyk Organization users.

The easiest way to start building a new Snyk App is to clone the [Demo Snyk Apps ](https://github.com/snyk/snyk-apps-demo)GitHub repository. You can either modify the demo to suit your App design or use it as a base for creating your own Snyk App. See the [Snyk Apps blog post](https://snyk.io/blog/snyk-apps-beta-build-custom-apps-extend-snyk-security-into-workflows/) for more details.

This document describes how to create a new Snyk App in the language of your choice. Use this document along with the [API reference documentation for Snyk Apps](/snyk-api/reference/apps.md).

Snyk Apps are based on the [Snyk API](/snyk-api/snyk-api.md) so that your integrations are inherently stable and secure.

## Integrating Apps with Snyk

The Snyk Apps platform uses an [OAuth 2.0](http://oauth.net/2/) authorization flow. This allows your Snyk App to get an access token to act on behalf of the user or Tenant, depending on the scopes you request. There are many OAuth 2.0 libraries available that will greatly simplify the integration. The [Snyk Apps Demo](https://github.com/snyk/snyk-apps-demo) uses the popular JavaScript library [passport.js](http://www.passportjs.org/packages/passport-oauth2/).

See the Snyk [OAuth2 API documentation](/snyk-api/oauth2-api.md) for details.

## How do Apps connect?

When a Snyk App is created, it is set up to use `a specific context`, either `tenant` or `user`. Set this with the `context` field if you are creating a Snyk App with the API or the `--context` flag if you are using the CLI. If the `context` is not specified, a Snyk App will default to the `tenant` context, which is preferred unless your Snyk App specifically needs to perform operations as an individual user.

### User context

Authorizing a Snyk App that has the `user` context grants the Snyk App access to perform actions on behalf of the user. The Snyk App will have access to the same set of Organizations and Groups as the installing user, as well as access to any new Snyk Organizations and Groups the user is added to. If the installing user deactivates their account, any installed apps having the `user` context that user has installed will lose access to Snyk.

### Tenant context

When a user authorizes a Snyk App that has the `tenant` context, the user selects the way to connect to either a Snyk Organization or a Group, with access to either all or one of the Organizations in the Group. The resulting connection is no longer tied to that specific user, so it is not bound by the user’s access or lifecycle but is linked to the lifecycle of the Organization. For more information, see [Organizations](/snyk-platform-administration/groups-and-organizations/organizations.md) and [Groups](/snyk-platform-administration/groups-and-organizations/groups.md).

The `scopes` of an App determine which actions an App can perform while connected to a Snyk account. The`scopes` are related to actions performed through Snyk Organizations, which determine the API endpoints that can be used in an App. Endpoints authorized through a Snyk Group are not supported. For more information about scopes, see [Scopes to request](/snyk-api/using-specific-snyk-apis/snyk-apps-apis/scopes-to-request.md).

### Snyk Organization ID

The final step for the integration process is to [get the ID of the Snyk Organization the user has authorized](/snyk-api/using-specific-snyk-apis/snyk-apps-apis/set-up-a-snyk-app-using-the-oauth2-api/retrieve-the-app-org-ids.md). This ID is needed to use most API endpoints, so the App must associate it with the user's account or workspace for future use.

## Managing Snyk Apps from the UI

Snyk provides a user-friendly interface for managing your authorized Snyk Apps. This allows you to easily view and control which Apps have access to your Snyk account.

### Open the Management UI

Navigate to your personal **Account Settings** and select the **Authorized Snyk Apps** option.

You can also navigate directly to the [Authorized Snyk Apps page](https://app.snyk.io/account/manage/authorized-apps) or open the page from your Organization **Settings**.

<figure><img src="/files/V1ozd5O3DVAXcwf8Stvo" alt="Snyk Apps management UI"><figcaption><p>Snyk Apps management UI</p></figcaption></figure>

### Revoking a Snyk App from the management UI

On the Authorized Snyk Apps page, you will see a list of all the Snyk Apps that you have integrated and authorized. The page displays relevant information about each App, including the date when it was authorized.

If you wish to revoke access for a particular Snyk App:

* Locate the specific App in the list of authorized Apps.
* Click the **Revoke** button next to the App.

Revoking access will prevent the App from further accessing your Snyk account and performing actions on your behalf. This gives you full control over which Apps can interact with your Snyk data and ensures that you can manage your App integrations securely.

By using the Snyk Apps management UI, you can maintain a clear overview of your authorized Apps and make adjustments to their access as needed, enhancing the security and customization of your Snyk experience.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.snyk.io/snyk-api/using-specific-snyk-apis/snyk-apps-apis/about-snyk-apps.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.