## appsAdd

**Type:** GraphQL mutations

**Description:**
Create a new app credential scoped to a user group with optional expiry.
Returns the access token once — it will never be queryable again.

### Arguments
- name (String)
- userGroupId (String)
- workspaceId (String)
- expireDate (Date)
- allowAllPermission (Boolean)
- noExpire (Boolean)

### Response
**Type:** AppTokenResult
**Description:**
Returned only from the appsAdd mutation.
Contains the access token which is shown once and never again.

#### Fields
- _id (String)
- accessToken (String)
---

## appsEdit

**Type:** GraphQL mutations

**Description:**
Update app name and expiration only.
Permissions (userGroupId, allowAllPermission) are locked after creation.

### Arguments
- _id (String)
- name (String)
- expireDate (Date)
- noExpire (Boolean)

### Response
**Type:** App
**Description:**
Third-party or internal app credential allowing scoped access for user groups.
Tokens are never exposed via queries — only returned once at creation.

#### Fields
- _id (String)
- isEnabled (Boolean)
- createdAt (Date)
- lastUsedAt (Date)
- name (String)
- userGroupId (String)
- workspaceId (String)
- expireDate (Date)
- allowAllPermission (Boolean)
- noExpire (Boolean)
- accessToken (String)
- userGroupName (String)
---

## appsRemove

**Type:** GraphQL mutations

**Description:**
Remove an app credential by id.

### Arguments
- _id (String)

### Response
**Type:** JSON