--- title: Applications description: Application resources define the connection between PingOne and the actual application (also known as a client connection). PingOne supports several application types. When you make a request to define a new application, you must specify the type property that specifies one of the following application types: component: pingone-api page_id: pingone-api:foundations:management-apis-overview/application-management-apis canonical_url: https://developer.pingidentity.com/pingone-api/foundations/management-apis-overview/application-management-apis.html section_ids: managing-applications: Managing applications --- # Applications Application resources define the connection between PingOne and the actual application (also known as a client connection). PingOne supports several application types. When you make a request to define a new application, you must specify the `type` property that specifies one of the following application types: * **Web application** A browser-based application with a server-side component, such as ASP, CGI, JSP/Java, Node.js, or Ruby on Rails applications. * **Native application** An application that is installed and run directly on the local operating system, like Java, Objective-C, Swift, or React applications. Native applications are typically intended for native devices. * **Single-page application** A browser-based application that runs on the front-end with no server-side component, such as Sencha Touch, AngularJS, and React applications. A single-page application runs on the client side after it loads, so it cannot keep a client secret. * **Non-interactive** A web application that does not require user interaction through the web browser, like a command line interface, a service, or a daemon. * **Worker** An administrator application that can interact with platform APIs. Access to platform APIs is determined by the user's or application's role assignments. * **Platform applications** PingOne creates platform applications (PingOne Admin Console, PingOne Application Portal, PingOne Self-Service - MyAccount, and PingFederate-SSO) when the environment is created. The PingFederate-SSO platform application is created only if the PingOne environment includes PingFederate, and unlike the other platform applications, PingFederate-SSO application information is not returned through a GET request. | | | | - | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | For any application type (except Worker/Non-interactive), you can specify either `NONE`, `CLIENT_SECRET_BASIC`, or `CLIENT_SECRET_POST` as the `tokenEndpointAuthMethod` attribute value. Non-interactive applications use the `CLIENT_CREDENTIALS` grant type, which does not support a `tokenEndpointAuthMethod` value of `NONE`. | ## Managing applications The base endpoint, `/environment/{{envID}}/applications`, provides endpoint operations to create, read, update, and delete OIDC and SAML application connections. There are `POST` request examples to show the required properties to create each type of application connection. For more information, refer to [Application Operations](../../platform/applications/applications-1.html) in the *PingOne Platform APIs*. The secret endpoint, `/environments/{{envID}}/applications/{{appID}}/secret`, provides endpoint operations to read and update the application's secret, if the requesting actor has a superset of the application's role assignments. For more information, refer to [Application Secret](../../platform/applications/application-secret.html) in the *PingOne Platform APIs*. Applications support the following additional configuration properties: * **Application resource grants** The application resource grants endpoint, `/environments/{{envID}}/applications/{{appID}}/grants`, provides endpoint operations to create, read, update, and delete the resource grant associated with the application connection. For more information, refer to [Application Resource Grants](../../platform/applications/application-resource-grants.html) in the *PingOne Platform APIs*. * **Application sign-on policy assignments** The application sign-on policy assignments endpoint, `/environments/{{envID}}/applications/{{appID}}/signOnPolicyAssignments`, provides endpoint operations to create, read, update, and delete the sign-on policies associated with the application connection. For more information, refer to [Application Sign-On Policy Assignments](../../platform/applications/application-sign-on-policy-assignments.html) in the *PingOne Platform APIs*. * **Application role assignments** The application role assignments endpoint, `/environments/{{envID}}/applications/{{appID}}/roleAssignments`, provides endpoint operations to create, read, update, and delete the role assignments associated with the application connection. For more information, refer to [Application Role Assignments](../../platform/applications/application-role-assignments.html) in the *PingOne Platform APIs*. * **Application attribute mapping** The application attribute mapping endpoint, `/environments/{{envID}}/applications/{{appID}}/roleAssignments`, lets you customize the content of an ID token or a SAML assertion by adding custom attributes and their values. For more information, refer to [Application Attribute Mapping](../../platform/applications/application-attribute-mapping.html) in the *PingOne Platform APIs*. * **Application MFA push credentials** Push credentials are required for sending push notifications to a native application. The endpoint, `/environments/{{envID}}/applications/{{appID}}/pushCredentials`, provides endpoint operations to create, read, update, and delete the push credentials associated with the application connection. This section provides examples for both `APNS` and `FCM` push credential types. For more information, refer to [Application MFA Push Credentials](../../platform/applications/application-mfa-push-credentials.html) in the *PingOne Platform APIs*. > **Collapse: Related topics** > > * [Authorization and authentication by application type](../authentication-concepts/authorization-and-authentication-by-application-type.html)