Animesh is correct. The UI uses some Javascript to filter out CONTROLLED apps. It does not make a separate API call to get controlled apps. You can see the control type in the response object. It’s under the controlType attribute.
{
"id": "13419",
"appId": "69",
"serviceId": "14063",
"serviceAppId": "13419",
"name": "Orbitz For Business",
"description": "Corporate travel",
"appCenterEnabled": true,
"provisionRequestEnabled": false,
"controlType": "PERSONAL",
"mobile": true,
"privateApp": false,
"scriptName": "C:1-orbitz-for-business",
"status": "ACTIVE",
"icon": "sprite:genapp-default",
"health": {
"status": "HEALTHY",
"lastChanged": "1697637507494",
"since": 0,
"healthy": true
},
"enableSso": true,
"ssoMethod": "PASSWORD"
},
{
"id": "13420",
"appId": "70",
"serviceId": "14064",
"serviceAppId": "13420",
"name": "Outlook Web App",
"description": "Hosted email in the cloud",
"appCenterEnabled": true,
"provisionRequestEnabled": true,
"controlType": "CONTROLLED",
"mobile": true,
"privateApp": false,
"scriptName": "C:1-outlook-web-app",
"status": "ACTIVE",
"icon": "https://files.accessiq.sailpoint.com/modules/builds/static-assets/perpetual/identitynow/icons/2.0/outlook2/",
"health": {
"status": "HEALTHY",
"lastChanged": "1697637507495",
"since": 0,
"healthy": true
},
"enableSso": true,
"ssoMethod": "PASSWORD"
},