PingOne Platform APIs - Early Access

Authorization Services

Authorization services, also referred to as Policy Information Points or PIPs, represent third-party HTTP services or internal PingOne platform services (such as PingOne Protect) that may be called to retrieve data.

These endpoints provide operations to create, read, update, test, and delete authorization services.

For detailed information about authorization services resources and service types within the PingOne Authorize trust framework, refer to Services in the PingOne Cloud Platform Administrator Guide.

Authorization services data model

Property Type? Required? Mutable? Description

cacheSettings

Object

Optional

Mutable

The service’s cache settings.

cacheSettings.ttlSeconds

integer

Optional

Mutable

The service’s time to live in seconds.

description

String

Optional

Mutable

The authorization service resource’s description.

fullName

String

Required

Mutable

A unique name generated by the system for each service resource. It is the concatenation of names in the service resource hierarchy.

id

String

N/A

Read only

The resource’s unique identifier.

name

String

Required

Mutable

A user-friendly service name.

parent

Object

Optional

Mutable

The service resource’s parent.

parent.id

String

Optional

Mutable

The service resource’s parent ID.

serviceType

String

Required

Mutable

The type of service. Options are NONE, HTTP, CONNECTOR. Refer to the "serviceType property data model tables" section for information about the properties associated with each service type.

type

String

Required

Read only

The resource type. Options are SERVICE.

version

String

Required

Read only

A random ID generated by the system for concurrency control purposes.

The serviceType property supports the following three options: NONE, HTTP, and CONNECTOR. The NONE option does not require additional configuration. The HTTP and CONNECTOR service types require additional configuration property values in the request. The following tables describe the data models for these options.

HTTP serviceType data model properties

Property Type? Required? Mutable? Description

processor

Object

Optional

Mutable

The processor to transform the value returned from the resolver. Processor types are JSON_PATH, SPEL, XPATH, COLLECTION_FILTER, COLLECTION_TRANSFORM, CHAIN, and REFERENCE.

valueType

Object

Required

Mutable

The final output type of the service. Value types are BOOLEAN, STRING, NUMBER, XML, JSON, COLLECTION, DATE_TIME, LOCAL_TIME, LOCAL_DATE, LOCAL_DATE_TIME, ZONED_DATE_TIME, TIME_PERIOD, PERIOD, and DURATION.

serviceSettings

Object

Required

Mutable

The service settings object.

serviceSettings.maximumConcurrentReqests

Integer

Required

Mutable

The value must be greater than or equal to 1.

serviceSettings.maximumReqestsPerSecond

Decimal

Required

Mutable

The value must be greater than 0.

serviceSettings.timeoutMilliseconds

Integer

Required

Mutable

The value must be between 0 and 3000 (inclusive).

serviceSettings.type

String

Required

Mutable

The service type. Options are HTTP and CONNECTOR.

If the serviceSettings.type property is HTTP, the service supports the following service settings properties:

HTTP ServiceSettings property data model

Property Type? Required? Mutable? Description

type

Object

Required

Immutable

The type object.

url

String

Required

Mutable

The HTTP URL.

verb

String

Required

Immutable

The HTTP method. Options are GET`, POST`, PUT`, DELETE`, and HEAD.

body

String

Optional

Mutable

The HTTP request body.

contentType

String

Optional

Mutable

The HTTP request content type.

headers[]

Array

Optional

Mutable

The HTTP request headers. Each SPECIFIED HTTP header requires key and value properties. The value property input options are ATTRIBUTE or CONSTANT. If the value is an ATTRIBUTE, the input is expressed as a JSON object that specifies an attribute UUID. If the value is a CONSTANT, the input is a string. The optional boolean property, excludeFromCacheKey, must be set to true to exclude headers from cache key generation. If excludeFromCacheKey is omitted or set to false, headers are included.

authentication

Object

Required

Mutable

The authentication object. Authentication options are NONE, BASIC, TOKEN, and CLIENT_CREDENTIALS. For information about authentication type properties, refer to the data model table below.

tlsSettings

Object

Required

Mutable

The TLS object.

tlsSettings.tlsValidationType

String

Required

Mutable

The TLS validation type. Options are DEFAULT and NONE.

HTTP ServiceSettings authentication property data model

BASIC

Property Type? Required? Mutable? Description

name

Object

Required

Mutable

The user object.

name.id

UUID

Required

Mutable

The user name of the authenticator.

password

Object

Required

Mutable

The user object.

password.id

UUID

Required

Mutable

The password of the authenticator.

TOKEN

Property Type? Required? Mutable? Description

token

Object

Required

Mutable

The token object.

token.id

UUID

Required

Mutable

The token used to authenticate.

CLIENT_CREDENTIALS

Property Type? Required? Mutable? Description

tokenEndpoint

String

Required

Mutable

The token endpoint.

clientId

String

Required

Mutable

The client ID string.

clientSecret

Object

Required

Mutable

The client secret object.

clientSecret.id

UUID

Required

Mutable

The client secret string.

scope

String

Required

Mutable

The permissions that determine the resources that the application can access.

CONNECTOR data model properties

Property Type? Required? Mutable? Description

processor

Object

Optional

Mutable

The processor object, if specified.

valueType

Object

Required

Mutable

The value type object.

serviceSettings

Object

Required

Mutable

The service settings object for the CONNECTOR service type.

clientSecret.id

UUID

Required

Mutable

The client secret string.

scope

String

Required

Mutable

The permissions that determine the resources that the application can access.

CONNECTOR ServiceSettings property data model

Property Type? Required? Mutable? Description

type

Object

Required

Immutable

The type object.

channel

Sting

Required

Mutable

The channel value. Options are AUTHORIZE.

code

String

Required

Mutable

The code value. Options are P1_RISK.

capability

String

Required

Mutable

The capability associated with connector code and channel.

schemaVersion

Integer

Required

Mutable

The schema version in the connector template.

inputMappings[]

Array

Required

Mutable

The list of input mappings of matching the connector template.

inputMappings.type

String

Required

Mutable

The input mapping type. Options are ATTRIBUTE and INPUT. Refer to the data model tables below for information about ATTRIBUTE and INPUT properties.

CONNECTOR inputMappings.type property data model

ATTRIBUTE

Property Type? Required? Mutable? Description

type

Object

Required

Mutable

The input mapping type.

value

Object

Required

Mutable

The input mapping value property.

value.id

UUID

Required

Mutable

An attribute ID.

INPUT

Property Type? Required? Mutable? Description

type

Object

Required

Mutable

The input mapping type.

value

string

Optional

Mutable

An input value.

Event types

The audit reporting events applicable to the authorization services service are:

Topic Event

authorize-model

AUTHORIZE_SERVICE.CREATED

authorize-model

AUTHORIZE_SERVICE.UPDATED

authorize-model

AUTHORIZE_SERVICE.DELETED

Response codes

Code Message

200

Successful operation.

201

Successfully created.

204

Successfully removed. No content.

400

The request could not be completed.

401

You do not have access to this resource.

403

You do not have permissions or are not licensed to make this request.

404

The requested resource was not found.