Title: WP_Application_Passwords::create_new_application_password
Published: December 9, 2020
Last modified: May 20, 2026

---

# WP_Application_Passwords::create_new_application_password( int $user_id, array $args = array() ): array|󠀁[WP_Error](https://developer.wordpress.org/reference/classes/wp_error/)󠁿

## In this article

 * [Parameters](https://developer.wordpress.org/reference/classes/wp_application_passwords/create_new_application_password/?output_format=md#parameters)
 * [Return](https://developer.wordpress.org/reference/classes/wp_application_passwords/create_new_application_password/?output_format=md#return)
 * [Source](https://developer.wordpress.org/reference/classes/wp_application_passwords/create_new_application_password/?output_format=md#source)
 * [Hooks](https://developer.wordpress.org/reference/classes/wp_application_passwords/create_new_application_password/?output_format=md#hooks)
 * [Related](https://developer.wordpress.org/reference/classes/wp_application_passwords/create_new_application_password/?output_format=md#related)
 * [Changelog](https://developer.wordpress.org/reference/classes/wp_application_passwords/create_new_application_password/?output_format=md#changelog)
 * [User Contributed Notes](https://developer.wordpress.org/reference/classes/wp_application_passwords/create_new_application_password/?output_format=md#user-contributed-notes)

[ Back to top](https://developer.wordpress.org/reference/classes/wp_application_passwords/create_new_application_password/?output_format=md#wp--skip-link--target)

Creates a new application password.

## 󠀁[Parameters](https://developer.wordpress.org/reference/classes/wp_application_passwords/create_new_application_password/?output_format=md#parameters)󠁿

 `$user_id`intrequired

User ID.

`$args`arrayoptional

Arguments used to create the application password.

 * `name` string
 * The name of the application password.
 * `app_id` string
 * A UUID provided by the application to uniquely identify it.

Default:`array()`

## 󠀁[Return](https://developer.wordpress.org/reference/classes/wp_application_passwords/create_new_application_password/?output_format=md#return)󠁿

 array|[WP_Error](https://developer.wordpress.org/reference/classes/wp_error/) Application
password details, or a [WP_Error](https://developer.wordpress.org/reference/classes/wp_error/)
instance if an error occurs.

 * `0` string
 * The generated application password in plain text.
 * `1` array
 *  The details about the created password.
    - `uuid` string
    - The unique identifier for the application password.
    - `app_id` string
    - A UUID provided by the application to uniquely identify it.
    - `name` string
    - The name of the application password.
    - `password` string
    - A one-way hash of the password.
    - `created` int
    - Unix timestamp of when the password was created.
    - `last_used` null
    - Null.
    - `last_ip` null
    - Null.

## 󠀁[Source](https://developer.wordpress.org/reference/classes/wp_application_passwords/create_new_application_password/?output_format=md#source)󠁿

    ```php
    public static function create_new_application_password( $user_id, $args = array() ) {
    	if ( ! empty( $args['name'] ) ) {
    		$args['name'] = sanitize_text_field( $args['name'] );
    	}

    	if ( empty( $args['name'] ) ) {
    		return new WP_Error( 'application_password_empty_name', __( 'An application name is required to create an application password.' ), array( 'status' => 400 ) );
    	}

    	$new_password    = wp_generate_password( static::PW_LENGTH, false );
    	$hashed_password = self::hash_password( $new_password );

    	$new_item = array(
    		'uuid'      => wp_generate_uuid4(),
    		'app_id'    => empty( $args['app_id'] ) ? '' : $args['app_id'],
    		'name'      => $args['name'],
    		'password'  => $hashed_password,
    		'created'   => time(),
    		'last_used' => null,
    		'last_ip'   => null,
    	);

    	$passwords   = static::get_user_application_passwords( $user_id );
    	$passwords[] = $new_item;
    	$saved       = static::set_user_application_passwords( $user_id, $passwords );

    	if ( ! $saved ) {
    		return new WP_Error( 'db_error', __( 'Could not save application password.' ) );
    	}

    	$network_id = get_main_network_id();
    	if ( ! get_network_option( $network_id, self::OPTION_KEY_IN_USE ) ) {
    		update_network_option( $network_id, self::OPTION_KEY_IN_USE, true );
    	}

    	/**
    	 * Fires when an application password is created.
    	 *
    	 * @since 5.6.0
    	 * @since 6.8.0 The hashed password value now uses wp_fast_hash() instead of phpass.
    	 *
    	 * @param int    $user_id      The user ID.
    	 * @param array  $new_item     {
    	 *     The details about the created password.
    	 *
    	 *     @type string $uuid      The unique identifier for the application password.
    	 *     @type string $app_id    A UUID provided by the application to uniquely identify it.
    	 *     @type string $name      The name of the application password.
    	 *     @type string $password  A one-way hash of the password.
    	 *     @type int    $created   Unix timestamp of when the password was created.
    	 *     @type null   $last_used Null.
    	 *     @type null   $last_ip   Null.
    	 * }
    	 * @param string $new_password The generated application password in plain text.
    	 * @param array  $args         {
    	 *     Arguments used to create the application password.
    	 *
    	 *     @type string $name   The name of the application password.
    	 *     @type string $app_id A UUID provided by the application to uniquely identify it.
    	 * }
    	 */
    	do_action( 'wp_create_application_password', $user_id, $new_item, $new_password, $args );

    	return array( $new_password, $new_item );
    }
    ```

[View all references](https://developer.wordpress.org/reference/files/wp-includes/class-wp-application-passwords.php/)
[View on Trac](https://core.trac.wordpress.org/browser/tags/7.0/src/wp-includes/class-wp-application-passwords.php#L89)
[View on GitHub](https://github.com/WordPress/wordpress-develop/blob/7.0/src/wp-includes/class-wp-application-passwords.php#L89-L153)

## 󠀁[Hooks](https://developer.wordpress.org/reference/classes/wp_application_passwords/create_new_application_password/?output_format=md#hooks)󠁿

 [do_action( ‘wp_create_application_password’, int $user_id, array $new_item, string $new_password, array $args )](https://developer.wordpress.org/reference/hooks/wp_create_application_password/)

Fires when an application password is created.

## 󠀁[Related](https://developer.wordpress.org/reference/classes/wp_application_passwords/create_new_application_password/?output_format=md#related)󠁿

| Uses | Description | 
| [WP_Application_Passwords::hash_password()](https://developer.wordpress.org/reference/classes/wp_application_passwords/hash_password/)`wp-includes/class-wp-application-passwords.php` |

Hashes a plaintext application password.

  | 
| [wp_generate_uuid4()](https://developer.wordpress.org/reference/functions/wp_generate_uuid4/)`wp-includes/functions.php` |

Generates a random UUID (version 4).

  | 
| [update_network_option()](https://developer.wordpress.org/reference/functions/update_network_option/)`wp-includes/option.php` |

Updates the value of a network option that was already added.

  | 
| [get_network_option()](https://developer.wordpress.org/reference/functions/get_network_option/)`wp-includes/option.php` |

Retrieves a network’s option value based on the option name.

  | 
| [get_main_network_id()](https://developer.wordpress.org/reference/functions/get_main_network_id/)`wp-includes/functions.php` |

Gets the main network ID.

  | 
| [wp_generate_password()](https://developer.wordpress.org/reference/functions/wp_generate_password/)`wp-includes/pluggable.php` |

Generates a random password drawn from the defined set of characters.

  | 
| [__()](https://developer.wordpress.org/reference/functions/__/)`wp-includes/l10n.php` |

Retrieves the translation of $text.

  | 
| [sanitize_text_field()](https://developer.wordpress.org/reference/functions/sanitize_text_field/)`wp-includes/formatting.php` |

Sanitizes a string from user input or from the database.

  | 
| [do_action()](https://developer.wordpress.org/reference/functions/do_action/)`wp-includes/plugin.php` |

Calls the callback functions that have been added to an action hook.

  | 
| [WP_Error::__construct()](https://developer.wordpress.org/reference/classes/wp_error/__construct/)`wp-includes/class-wp-error.php` |

Initializes the error.

  |

[Show 5 more](https://developer.wordpress.org/reference/classes/wp_application_passwords/create_new_application_password/?output_format=md#)
[Show less](https://developer.wordpress.org/reference/classes/wp_application_passwords/create_new_application_password/?output_format=md#)

| Used by | Description | 
| [WP_REST_Application_Passwords_Controller::create_item()](https://developer.wordpress.org/reference/classes/wp_rest_application_passwords_controller/create_item/)`wp-includes/rest-api/endpoints/class-wp-rest-application-passwords-controller.php` |

Creates an application password.

  |

## 󠀁[Changelog](https://developer.wordpress.org/reference/classes/wp_application_passwords/create_new_application_password/?output_format=md#changelog)󠁿

| Version | Description | 
| [6.8.0](https://developer.wordpress.org/reference/since/6.8.0/) | The hashed password value now uses [wp_fast_hash()](https://developer.wordpress.org/reference/functions/wp_fast_hash/) instead of phpass. | 
| [5.7.0](https://developer.wordpress.org/reference/since/5.7.0/) | Returns [WP_Error](https://developer.wordpress.org/reference/classes/wp_error/) if application name already exists. | 
| [5.6.0](https://developer.wordpress.org/reference/since/5.6.0/) | Introduced. |

## 󠀁[User Contributed Notes](https://developer.wordpress.org/reference/classes/wp_application_passwords/create_new_application_password/?output_format=md#user-contributed-notes)󠁿

 1.  [Skip to note 2 content](https://developer.wordpress.org/reference/classes/wp_application_passwords/create_new_application_password/?output_format=md#comment-content-5315)
 2.   [Danish Ali Malik](https://profiles.wordpress.org/danish-ali/)  [  5 years ago  ](https://developer.wordpress.org/reference/classes/wp_application_passwords/create_new_application_password/#comment-5315)
 3. [You must log in to vote on the helpfulness of this note](https://login.wordpress.org?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Fclasses%2Fwp_application_passwords%2Fcreate_new_application_password%2F%23comment-5315)
    Vote results for this note: 0[You must log in to vote on the helpfulness of this note](https://login.wordpress.org?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Fclasses%2Fwp_application_passwords%2Fcreate_new_application_password%2F%23comment-5315)
 4. **Basic Usage**
     Generate the application password for the logged-in users if not
    already exists.
 5.     ```php
        $user_id = get_current_user_id();
        $app_exists = WP_Application_Passwords::application_name_exists_for_user( $user_id, 'your-app-name' );
    
        if ( ! $app_exists ) {
        	$app_pass = WP_Application_Passwords::create_new_application_password( $user_id, array( 'name' => 'your-app-name' ) );
        }
        ```
    
 6.  [Log in to add feedback](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Fclasses%2Fwp_application_passwords%2Fcreate_new_application_password%2F%3Freplytocom%3D5315%23feedback-editor-5315)

You must [log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Fclasses%2Fwp_application_passwords%2Fcreate_new_application_password%2F)
before being able to contribute a note or feedback.