--- title: Create Credential Issuance Rule description: Use the POST {{apiPath}}/v1/environments/{{envID}}/credentialTypes/{{credentialTypeID}}/issuanceRules operation to create a credential issuance rule for the specified credential type in the specified environment. component: pingone-api page_id: pingone-api:credentials:credential-issuance-rules/create-credential-issuance-rule canonical_url: https://developer.pingidentity.com/pingone-api/credentials/credential-issuance-rules/create-credential-issuance-rule.html section_ids: prerequisites: Prerequisites headers: Headers body: Body example-request: Example Request example-response: Example Response --- # Create Credential Issuance Rule ## ```none POST {{apiPath}}/v1/environments/{{envID}}/credentialTypes/{{credentialTypeID}}/issuanceRules ``` Use the `POST {{apiPath}}/v1/environments/{{envID}}/credentialTypes/{{credentialTypeID}}/issuanceRules` operation to create a credential issuance rule for the specified credential type in the specified environment. | | | | - | ------------------------------------------------------------------------------------------------------------------------ | | | You cannot create an issuance rule for a credential type if that credential type has `management.mode` set to `MANAGED`. | ### Prerequisites [Create a credential type (automated)](../credential-types/create-credential-type-automated.html) or [Create a credential type (managed)](../credential-types/create-credential-type-managed.html) to get a `credentialTypeId` for the endpoint. Refer also to [Credential Types](../credential-types.html). > **Collapse: Request Model** > > Refer to [Credential Issuance Rules data model](../credential-issuance-rules.html#credential-issuance-rules-data-model) for full property descriptions. > > | Property | Type | Required? | > | --------------------------------- | --------- | ----------------- | > | `automation` | Object | Required | > | `automation.issue` | String | Required | > | `automation.revoke` | String | Required | > | `automation.update` | String | Required | > | `digitalWalletApplication.id` | String | Optional | > | `filter` | Object | Optional | > | `filter.groupIds` | String\[] | Required/Optional | > | `filter.populationIds` | String\[] | Required/Optional | > | `filter.scim` | String | Required/Optional | > | `notification` | Object | Optional | > | `notification.template` | Object | Optional | > | `notification.template.locale` | String | Required | > | `notification.template.variant` | String | Required | > | `notification.template.variables` | Object\[] | Required/Optional | > | `status` | String | Required | | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | If `filter.groupIds` or `filter.populationIds` is used, a user can belong to any group or population in the array and the issuance rule applies to that user. | When an action in `automation` is set to `PERIODIC` and the period arrives, the credential service uses a notification template appropriate to the action, `credential_issued`, `credential_updated`, or `credential_revoked`, to send notice of the action taken to the user via email or SMS text. The `notification.template` object can define a variant and locale for the notifications, if needed, and applies to actions initiated periodically and actions initiated by an [Apply Credential Issuance Rule Staged Changes](apply-credential-issuance-rule.html) request. | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | The `notification.template` object applies a variant and locale to all three credential notification templates: `credential_issued`, `credential_updated`, and `credential_revoked`. When adding a variant or locale to any of the three notification templates, consider adding the same variant or locale to the other notification templates. If a matching variant is not defined, the default notification template is used. If a locale is not defined the notification template uses the user's preferred language or, if the user has no preferred language, the default language of the environment. | ### Headers Authorization      Bearer {{accessToken}} Content-Type      application/json ### Body raw ( application/json ) ```json { "status": "ACTIVE", "digitalWalletApplication": { "id": "{{digitalWalletApplicationID}}" }, "filter": { "populationIds": [ "{{popID}}" ] }, "automation": { "issue": "PERIODIC", "update": "ON_DEMAND", "revoke": "ON_DEMAND" } } ``` ## ### Example Request * cURL * C# * Go * HTTP * Java * jQuery * NodeJS * Python * PHP * Ruby * Swift ```shell curl --location --globoff '{{apiPath}}/v1/environments/{{envID}}/credentialTypes/{{credentialTypeID}}/issuanceRules' \ --header 'Content-Type: application/json' \ --header 'Authorization: Bearer {{accessToken}}' \ --data '{ "status": "ACTIVE", "digitalWalletApplication": { "id": "{{digitalWalletApplicationID}}" }, "filter": { "populationIds": [ "{{popID}}" ] }, "automation": { "issue": "PERIODIC", "update": "ON_DEMAND", "revoke": "ON_DEMAND" } }' ``` ```csharp var options = new RestClientOptions("{{apiPath}}/v1/environments/{{envID}}/credentialTypes/{{credentialTypeID}}/issuanceRules") { MaxTimeout = -1, }; var client = new RestClient(options); var request = new RestRequest("", Method.Post); request.AddHeader("Content-Type", "application/json"); request.AddHeader("Authorization", "Bearer {{accessToken}}"); var body = @"{" + "\n" + @" ""status"": ""ACTIVE""," + "\n" + @" ""digitalWalletApplication"": {" + "\n" + @" ""id"": ""{{digitalWalletApplicationID}}""" + "\n" + @" }," + "\n" + @" ""filter"": {" + "\n" + @" ""populationIds"": [" + "\n" + @" ""{{popID}}""" + "\n" + @" ]" + "\n" + @" }," + "\n" + @" ""automation"": {" + "\n" + @" ""issue"": ""PERIODIC""," + "\n" + @" ""update"": ""ON_DEMAND""," + "\n" + @" ""revoke"": ""ON_DEMAND""" + "\n" + @" }" + "\n" + @"}"; request.AddStringBody(body, DataFormat.Json); RestResponse response = await client.ExecuteAsync(request); Console.WriteLine(response.Content); ``` ```golang package main import ( "fmt" "strings" "net/http" "io" ) func main() { url := "{{apiPath}}/v1/environments/{{envID}}/credentialTypes/{{credentialTypeID}}/issuanceRules" method := "POST" payload := strings.NewReader(`{ "status": "ACTIVE", "digitalWalletApplication": { "id": "{{digitalWalletApplicationID}}" }, "filter": { "populationIds": [ "{{popID}}" ] }, "automation": { "issue": "PERIODIC", "update": "ON_DEMAND", "revoke": "ON_DEMAND" } }`) client := &http.Client { } req, err := http.NewRequest(method, url, payload) if err != nil { fmt.Println(err) return } req.Header.Add("Content-Type", "application/json") req.Header.Add("Authorization", "Bearer {{accessToken}}") res, err := client.Do(req) if err != nil { fmt.Println(err) return } defer res.Body.Close() body, err := io.ReadAll(res.Body) if err != nil { fmt.Println(err) return } fmt.Println(string(body)) } ``` ```http POST /v1/environments/{{envID}}/credentialTypes/{{credentialTypeID}}/issuanceRules HTTP/1.1 Host: {{apiPath}} Content-Type: application/json Authorization: Bearer {{accessToken}} { "status": "ACTIVE", "digitalWalletApplication": { "id": "{{digitalWalletApplicationID}}" }, "filter": { "populationIds": [ "{{popID}}" ] }, "automation": { "issue": "PERIODIC", "update": "ON_DEMAND", "revoke": "ON_DEMAND" } } ``` ```java OkHttpClient client = new OkHttpClient().newBuilder() .build(); MediaType mediaType = MediaType.parse("application/json"); RequestBody body = RequestBody.create(mediaType, "{\n \"status\": \"ACTIVE\",\n \"digitalWalletApplication\": {\n \"id\": \"{{digitalWalletApplicationID}}\"\n },\n \"filter\": {\n \"populationIds\": [\n \"{{popID}}\"\n ]\n },\n \"automation\": {\n \"issue\": \"PERIODIC\",\n \"update\": \"ON_DEMAND\",\n \"revoke\": \"ON_DEMAND\"\n }\n}"); Request request = new Request.Builder() .url("{{apiPath}}/v1/environments/{{envID}}/credentialTypes/{{credentialTypeID}}/issuanceRules") .method("POST", body) .addHeader("Content-Type", "application/json") .addHeader("Authorization", "Bearer {{accessToken}}") .build(); Response response = client.newCall(request).execute(); ``` ```javascript var settings = { "url": "{{apiPath}}/v1/environments/{{envID}}/credentialTypes/{{credentialTypeID}}/issuanceRules", "method": "POST", "timeout": 0, "headers": { "Content-Type": "application/json", "Authorization": "Bearer {{accessToken}}" }, "data": JSON.stringify({ "status": "ACTIVE", "digitalWalletApplication": { "id": "{{digitalWalletApplicationID}}" }, "filter": { "populationIds": [ "{{popID}}" ] }, "automation": { "issue": "PERIODIC", "update": "ON_DEMAND", "revoke": "ON_DEMAND" } }), }; $.ajax(settings).done(function (response) { console.log(response); }); ``` ```javascript var request = require('request'); var options = { 'method': 'POST', 'url': '{{apiPath}}/v1/environments/{{envID}}/credentialTypes/{{credentialTypeID}}/issuanceRules', 'headers': { 'Content-Type': 'application/json', 'Authorization': 'Bearer {{accessToken}}' }, body: JSON.stringify({ "status": "ACTIVE", "digitalWalletApplication": { "id": "{{digitalWalletApplicationID}}" }, "filter": { "populationIds": [ "{{popID}}" ] }, "automation": { "issue": "PERIODIC", "update": "ON_DEMAND", "revoke": "ON_DEMAND" } }) }; request(options, function (error, response) { if (error) throw new Error(error); console.log(response.body); }); ``` ```python import requests import json url = "{{apiPath}}/v1/environments/{{envID}}/credentialTypes/{{credentialTypeID}}/issuanceRules" payload = json.dumps({ "status": "ACTIVE", "digitalWalletApplication": { "id": "{{digitalWalletApplicationID}}" }, "filter": { "populationIds": [ "{{popID}}" ] }, "automation": { "issue": "PERIODIC", "update": "ON_DEMAND", "revoke": "ON_DEMAND" } }) headers = { 'Content-Type': 'application/json', 'Authorization': 'Bearer {{accessToken}}' } response = requests.request("POST", url, headers=headers, data=payload) print(response.text) ``` ```php setUrl('{{apiPath}}/v1/environments/{{envID}}/credentialTypes/{{credentialTypeID}}/issuanceRules'); $request->setMethod(HTTP_Request2::METHOD_POST); $request->setConfig(array( 'follow_redirects' => TRUE )); $request->setHeader(array( 'Content-Type' => 'application/json', 'Authorization' => 'Bearer {{accessToken}}' )); $request->setBody('{\n "status": "ACTIVE",\n "digitalWalletApplication": {\n "id": "{{digitalWalletApplicationID}}"\n },\n "filter": {\n "populationIds": [\n "{{popID}}"\n ]\n },\n "automation": {\n "issue": "PERIODIC",\n "update": "ON_DEMAND",\n "revoke": "ON_DEMAND"\n }\n}'); try { $response = $request->send(); if ($response->getStatus() == 200) { echo $response->getBody(); } else { echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' . $response->getReasonPhrase(); } } catch(HTTP_Request2_Exception $e) { echo 'Error: ' . $e->getMessage(); } ``` ```ruby require "uri" require "json" require "net/http" url = URI("{{apiPath}}/v1/environments/{{envID}}/credentialTypes/{{credentialTypeID}}/issuanceRules") http = Net::HTTP.new(url.host, url.port); request = Net::HTTP::Post.new(url) request["Content-Type"] = "application/json" request["Authorization"] = "Bearer {{accessToken}}" request.body = JSON.dump({ "status": "ACTIVE", "digitalWalletApplication": { "id": "{{digitalWalletApplicationID}}" }, "filter": { "populationIds": [ "{{popID}}" ] }, "automation": { "issue": "PERIODIC", "update": "ON_DEMAND", "revoke": "ON_DEMAND" } }) response = http.request(request) puts response.read_body ``` ```swift let parameters = "{\n \"status\": \"ACTIVE\",\n \"digitalWalletApplication\": {\n \"id\": \"{{digitalWalletApplicationID}}\"\n },\n \"filter\": {\n \"populationIds\": [\n \"{{popID}}\"\n ]\n },\n \"automation\": {\n \"issue\": \"PERIODIC\",\n \"update\": \"ON_DEMAND\",\n \"revoke\": \"ON_DEMAND\"\n }\n}" let postData = parameters.data(using: .utf8) var request = URLRequest(url: URL(string: "{{apiPath}}/v1/environments/{{envID}}/credentialTypes/{{credentialTypeID}}/issuanceRules")!,timeoutInterval: Double.infinity) request.addValue("application/json", forHTTPHeaderField: "Content-Type") request.addValue("Bearer {{accessToken}}", forHTTPHeaderField: "Authorization") request.httpMethod = "POST" request.httpBody = postData let task = URLSession.shared.dataTask(with: request) { data, response, error in guard let data = data else { print(String(describing: error)) return } print(String(data: data, encoding: .utf8)!) } task.resume() ``` ### Example Response 201 Created ```json { "_links": { "self": { "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/credentialTypes/8a3a6157-5fb9-40b7-96c0-909331858248/issuanceRules/7888a5ed-ae7b-482c-973d-afd27973099c" } }, "id": "7888a5ed-ae7b-482c-973d-afd27973099c", "createdAt": "2023-03-01T20:29:51.912Z", "updatedAt": "2023-03-01T20:29:51.912Z", "environment": { "id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6" }, "credentialType": { "id": "8a3a6157-5fb9-40b7-96c0-909331858248" }, "status": "ACTIVE", "digitalWalletApplication": { "id": "6815c8a6-bc0b-4105-8f37-50f6c35583d7" }, "filter": { "populationIds": [ "e85091a0-ddca-422e-935e-d1faf139df3d" ] }, "automation": { "issue": "PERIODIC", "update": "ON_DEMAND", "revoke": "ON_DEMAND" } } ```