PingAuthorize API Reference

Trust Framework

The PingAuthorize Trust Framework defines all the entities that your organization can use to build policies. These entities include, for example, the HTTP request attributes that describe API requests protected by PingAuthorize Server and the services that identify the REST APIs themselves.

The PingAuthorize trust framework service provides endpoints to define the entities and configurations to target policies and rules when making dynamic authorization requests.

For detailed information about the PingAuthorize Trust Framework, refer to About the Trust Framework in the PingAuthorize Server Administration Guide.

Authorization Trust Framework definition data model

Property Type? Required? Mutable? Description

description

String

N/A

N/A

Arbitrary description for the definition.

fullName

String

N/A

N/A

A unique name generated by the system for each definition. It’s the concatenation of names in the definition hierarchy.

id

String

N/A

Read only

The resource’s unique identifier.

name

String

N/A

N/A

Arbitrary name for the definition.

numberOfChildren

String

N/A

N/A

Number of children of the definition.

parentId

String

N/A

N/A

ID of the parent definition.

permissions

Object

N/A

N/A

Permissions of the definition.

properties

N/A

N/A

N/A

Properties of the definition.

type

Object

Required

Mutable

Type of the definition. Refer to DefinitionType (ENUM) for all value options.

version

String

Required

Read only

A unique ID generated by the system for concurrency control purposes.

Authorization test case (definition) data model

Property Type? Required? Mutable? Description

testCase

Object

N/A

N/A

The field that was changed.

Authorization test scenario (definition) data model

Property Type? Required? Mutable? Description

testScenario

Object

N/A

N/A

The field that was changed.

Authorization assertion (definition) data model

Property Type? Required? Mutable? Description

assertion

Object

N/A

N/A

The field that was changed.

Authorization attribute (definition) data model

Property Type? Required? Mutable? Description

cacheConfig

Object

N/A

N/A

Whether to use caching and if so, a configuration of how to cache.

defaultValue

String

N/A

N/A

The default value of the attribute if no resolvers are applied.

isSecret

Boolean

N/A

N/A

If true, don’t display the value in decision tree logs.

querySettings

Object

N/A

N/A

Allows the user to specify an attribute to resolve its value from, so the user can call the decision engine and refer to the attribute without having to specify its value.

repetitionSource

String

N/A

N/A

The ID of the attribute with ValueType "Collection" to get the values from and (maybe process and) output each value. Set resolver to "Current Repetition Value" to use each value from the collection.

resolvers

Object

N/A

N/A

The resolvers dictate where the attribute gets its initial value from, which may then be processed by processors. The first resolver to satisfy its condition from top to bottom is the one that is used to derive the value.

valueProcessor

Object

N/A

N/A

The processor takes the current value of the attribute and transforms it to another value and/or type.

valueType

Object

N/A

N/A

The resulting type of the value of the attribute. Refer to ValueType (ENUM) for all value options.

Authorization effective permissions data model

Property Type? Required? Mutable? Description

definedOn

Object

N/A

N/A

The type and ID of the entity which the permission is defined for.

effectivePermissions

Object

N/A

N/A

A collection of permissions that the effective permission has.

inherited

Boolean

N/A

N/A

Whether the permission is inherited or not.

Authorization condition (definition) data model

Property Type? Required? Mutable? Description

condition

Object

N/A

N/A

The condition that defines the condition definition.

Authorization identity class (definition) data model

Property Type? Required? Mutable? Description

identityProperties

List

N/A

N/A

List of IDs of identity properties.

Authorization identity provider (definition) data model

Property Type? Required? Mutable? Description

identityProperties

List

N/A

N/A

List of IDs of identity properties.

Authorization service definition data model

Property Type? Required? Mutable? Description

cacheSettings

Object

N/A

N/A

Whether to use caching and if so, a configuration of how to cache.

description

String

N/A

N/A

A description of the service definition.

fullName

String

N/A

N/A

The full name of the service definition.

id

UUID

N/A

N/A

The unique identifier for the service definition.

secret

Boolean

N/A

N/A

If true, don’t display the value in decision tree logs.

name

String

N/A

N/A

The name of the service definition.

objectType

String

N/A

N/A

The type of object. Such as, "ServiceDefinition".

serviceResilience

Object

N/A

N/A

Configuration for fault tolerance. See the Service definition ServiceResilience data model for property descriptions.

serviceSettings

Object

N/A

N/A

The detailed service settings. See the Service definition ServiceSettings data model for property descriptions.

serviceType

String

N/A

N/A

The type of service being defined. Such as, "RESTFUL".

type

String

N/A

N/A

The category of the definition. Such as, "SERVICE".

valueProcessor

Object

N/A

N/A

The processor takes the current value of the attribute and transforms it to another value and/or type.

valueType

String

N/A

N/A

The resulting type of the value of the attribute. Refer to ValueType (ENUM) for all value options.

version

String

N/A

N/A

The version identifier of the service definition.

Service definition ServiceSettings data model

Property Type? Required? Mutable? Description

serviceSettings.authenticationAttributes

Object

N/A

N/A

Additional attributes used for service authentication.

serviceSettings.body

String

N/A

N/A

The payload content sent with the request.

serviceSettings.contentType

String

N/A

N/A

The MIME type of the content being sent or expected. Such as, application/json.

serviceSettings.customAuthenticationAttributes

Array

N/A

N/A

A list of custom authentication attributes.

serviceSettings.description

String

N/A

N/A

A description of the service settings.

serviceSettings.headers

Array

N/A

N/A

A list of key-value pairs representing request headers.

serviceSettings.restAuthenticationType

String

N/A

N/A

The type of authentication used for the REST service.

serviceSettings.serviceSettingsType

String

N/A

N/A

The type of service settings.

serviceSettings.tlsSettings

Object

N/A

N/A

The TLS settings details.

serviceSettings.tlsSettings.mtlsKeystore

String

N/A

N/A

The reference to the keystore used for mutual TLS authentication.

serviceSettings.tlsSettings.mtlsValidation

Boolean

N/A

N/A

Enables or disables mutual TLS validation.

serviceSettings.tlsSettings.tlsTruststore

String

N/A

N/A

Reference to the trust store used for validating the service’s certificate.

serviceSettings.tlsSettings.tlsValidationType

String

N/A

N/A

Specifies the type of TLS validation.

serviceSettings.urlFormat

String

N/A

N/A

The format for the endpoint URL of the service.

serviceSettings.verb

String

N/A

N/A

The HTTP method used for the request, such as GET, POST.

Service definition ServiceResilience data model

Property Type? Required? Mutable? Description

serviceResilience.circuitBreaker

Object

Optional

N/A

A circuit breaker object used to allow the system to handle PIP failures gracefully, ensuring that other functional PIPs can continue operating without disruption.

serviceResilience.circuitBreaker.failureThreshold

Integer

Optional

N/A

Number of consecutive failures to trip the breaker.

serviceResilience.circuitBreaker.resetDelaySeconds

Integer

Optional

N/A

Time to wait before transitioning from open to half-open.

serviceResilience.circuitBreaker.successThreshold

Integer

Optional

N/A

Number of consecutive successes to close the breaker.

serviceResilience.holdoffMilliseconds

Integer

Optional

N/A

The delay before attempting a retry.

serviceResilience.maximumConcurrentRequests

Integer

Optional

N/A

The maximum number of concurrent requests allowed to the service.

serviceResilience.maximumRequestsPerSecond

Double

Optional

N/A

The maximum rate of requests allowed to the service.

serviceResilience.maximumRetryCount

Integer

Optional

N/A

The maximum number of times the service call should be retried upon failure.

serviceResilience.retryJitter

Double

Optional

N/A

The retry jitter.

serviceResilience.retryStrategy

Object

Optional

N/A

The pattern used for retries.

serviceResilience.timeoutMilliseconds

Integer

Optional

N/A

The maximum time to wait for a service response, in milliseconds.

Authorization value processor (definition) data model

Property Type? Required? Mutable? Description

valueProcessor

Object

N/A

N/A

The processor that makes up the processor definition.

Authorization entity path segment data model

Property Type? Required? Mutable? Description

id

String

N/A

N/A

The unique ID of the entity.

shared

Boolean

N/A

N/A

The type of the entity.

type

String

N/A

N/A

Whether the entity is shared or not.

DefinitionType (ENUM)

Values

ACTION

ASSERTION

ATTRIBUTE

CONDITION

DOMAIN

IDENTITY_CLASS

IDENTITY_PROPERTY

IDENTITY_PROVIDER

NONE

SERVICE

TEST_CASE

TEST_SCENARIO

VALUE_PROCESSOR

ServiceType (ENUM)

Values

CAMEL

DATABASE

LDAP

NONE

RESTFUL

ValueType (ENUM)

Values

BOOLEAN

COLLECTION

DATE_TIME

DURATION

JSON

LOCAL_DATE

LOCAL_DATE_TIME

LOCAL_TIME

NUMBER

PERIOD

STRING

TIME_PERIOD

XML

ZONED_DATE_TIME

Response codes

Code Message

200

Successful operation.

201

Successfully created.

204

Successfully removed. No content.

400

The request could not be completed.

401

You do not have access to this resource.

403

You do not have permissions or are not licensed to make this request.

404

The requested resource was not found.