Step 2: Create a Web application
POST {{apiPath}}/environments/{{envID}}/applicationsUse the POST {{apiPath}}/environments/{{envID}}/applications operation to create a new PingOne OpenID Connect (OIDC) Web app. This app configuration represents (to PingOne) your custom application for user sign-on.
In this request:
-
{{apiPath}}is the geographic regional domain for the PingOne API endpoints for your PingOne environment. The PingOne top-level domain ishttps://api.pingone.com/v1for the U.S. Refer to PingOne API domains for the top-level domains for other regions. -
{{envID}}is the ID of the environment you created when you created your test environment. Refer to Create a Test Environment.
In the request body:
-
enabledis a Boolean (true/false) value indicating the current state of the application. You want to enable the Web application for use. -
nameis a String containing the name of the application. -
typeis a String containing the application type. In this workflow, thetypeisWEB_APP. -
protocolis a String containing the protocol used by the application. In this workflow, theprotocolisOPENID_CONNECT. -
grantTypesis a String array containing the grant type or types for the authorization request. In this workflow, thegrantTypesvalue needs to use theauthorization_codegrant type. -
redirectUrisis a String array containing the callback URIs to use for the authentication response. -
responseTypesis a String array containing the code or token type or types returned by the authorization request. In this workflow, theresponseTypesvalue needs to beCODEto return an authorization code. This corresponds to thegrantTypesvalue set. -
tokenEndpointAuthMethodis a String containing the client authentication method supported by the token endpoint. In this workflow, thetokenEndpointAuthMethodvalue needs to beCLIENT_SECRET_BASIC.
When successful, the response returns a Status: 201 created message and shows the new application’s configuration data.
The configuration data includes the application’s id property. This is needed to get the application’s secret value in the next step.
Troubleshooting
-
Verify that
{{envID}}is the ID for the new test environment you created. -
Verify that you’ve assigned either the Environment Admin or Client Application Developer role to your Worker app. Refer to Assign roles to the Worker app.
-
Verify that you’re using Bearer authorization for this request (and all
{{apiPath}}requests), and you have a valid access token. For Postman users, check that the Authorization tab in Postman is set to Bearer Token, and the access token variable is assigned (shown in blue, not red). -
Verify that you’ve set the variables used in the request body correctly.
-
If you get a 401 Unauthorized message, this is likely due to the access token expiring (a 1 hour expiry time). Refer to the step to get an access token, and call this request again.
-
Verify that
{{apiPath}}is correct for your geographic region.
Body
raw ( application/json )
{
"enabled": true,
"name": "SolutionApp_{{$timestamp}}",
"description": "This is an OIDC Web application.",
"type": "WEB_APP",
"protocol": "OPENID_CONNECT",
"grantTypes": [
"AUTHORIZATION_CODE"
],
"redirectUris": [
"http://localhost:3000/callback"
],
"responseTypes": [
"CODE"
],
"tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC"
}Example Request
-
cURL
-
C#
-
Go
-
HTTP
-
Java
-
jQuery
-
NodeJS
-
Python
-
PHP
-
Ruby
-
Swift
curl --location --globoff '{{apiPath}}/environments/{{envID}}/applications' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer {{accessToken}}' \
--data '{
"enabled": true,
"name": "SolutionApp_{{$timestamp}}",
"description": "This is an OIDC Web application.",
"type": "WEB_APP",
"protocol": "OPENID_CONNECT",
"grantTypes": [
"AUTHORIZATION_CODE"
],
"redirectUris": [
"http://localhost:3000/callback"
],
"responseTypes": [
"CODE"
],
"tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC"
}'var options = new RestClientOptions("{{apiPath}}/environments/{{envID}}/applications")
{
MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("", Method.Post);
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Authorization", "Bearer {{accessToken}}");
var body = @"{" + "\n" +
@" ""enabled"": true," + "\n" +
@" ""name"": ""SolutionApp_{{$timestamp}}""," + "\n" +
@" ""description"": ""This is an OIDC Web application.""," + "\n" +
@" ""type"": ""WEB_APP""," + "\n" +
@" ""protocol"": ""OPENID_CONNECT""," + "\n" +
@" ""grantTypes"": [" + "\n" +
@" ""AUTHORIZATION_CODE""" + "\n" +
@" ]," + "\n" +
@" ""redirectUris"": [" + "\n" +
@" ""http://localhost:3000/callback""" + "\n" +
@" ]," + "\n" +
@" ""responseTypes"": [" + "\n" +
@" ""CODE""" + "\n" +
@" ]," + "\n" +
@" ""tokenEndpointAuthMethod"": ""CLIENT_SECRET_BASIC""" + "\n" +
@"}";
request.AddStringBody(body, DataFormat.Json);
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "{{apiPath}}/environments/{{envID}}/applications"
method := "POST"
payload := strings.NewReader(`{
"enabled": true,
"name": "SolutionApp_{{$timestamp}}",
"description": "This is an OIDC Web application.",
"type": "WEB_APP",
"protocol": "OPENID_CONNECT",
"grantTypes": [
"AUTHORIZATION_CODE"
],
"redirectUris": [
"http://localhost:3000/callback"
],
"responseTypes": [
"CODE"
],
"tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC"
}`)
client := &http.Client {
}
req, err := http.NewRequest(method, url, payload)
if err != nil {
fmt.Println(err)
return
}
req.Header.Add("Content-Type", "application/json")
req.Header.Add("Authorization", "Bearer {{accessToken}}")
res, err := client.Do(req)
if err != nil {
fmt.Println(err)
return
}
defer res.Body.Close()
body, err := io.ReadAll(res.Body)
if err != nil {
fmt.Println(err)
return
}
fmt.Println(string(body))
}POST /environments/{{envID}}/applications HTTP/1.1
Host: {{apiPath}}
Content-Type: application/json
Authorization: Bearer {{accessToken}}
{
"enabled": true,
"name": "SolutionApp_{{$timestamp}}",
"description": "This is an OIDC Web application.",
"type": "WEB_APP",
"protocol": "OPENID_CONNECT",
"grantTypes": [
"AUTHORIZATION_CODE"
],
"redirectUris": [
"http://localhost:3000/callback"
],
"responseTypes": [
"CODE"
],
"tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC"
}OkHttpClient client = new OkHttpClient().newBuilder()
.build();
MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, "{\n \"enabled\": true,\n \"name\": \"SolutionApp_{{$timestamp}}\",\n \"description\": \"This is an OIDC Web application.\",\n \"type\": \"WEB_APP\",\n \"protocol\": \"OPENID_CONNECT\",\n \"grantTypes\": [\n \"AUTHORIZATION_CODE\"\n ],\n \"redirectUris\": [\n \"http://localhost:3000/callback\"\n ],\n \"responseTypes\": [\n \"CODE\"\n ],\n \"tokenEndpointAuthMethod\": \"CLIENT_SECRET_BASIC\"\n}");
Request request = new Request.Builder()
.url("{{apiPath}}/environments/{{envID}}/applications")
.method("POST", body)
.addHeader("Content-Type", "application/json")
.addHeader("Authorization", "Bearer {{accessToken}}")
.build();
Response response = client.newCall(request).execute();var settings = {
"url": "{{apiPath}}/environments/{{envID}}/applications",
"method": "POST",
"timeout": 0,
"headers": {
"Content-Type": "application/json",
"Authorization": "Bearer {{accessToken}}"
},
"data": JSON.stringify({
"enabled": true,
"name": "SolutionApp_{{$timestamp}}",
"description": "This is an OIDC Web application.",
"type": "WEB_APP",
"protocol": "OPENID_CONNECT",
"grantTypes": [
"AUTHORIZATION_CODE"
],
"redirectUris": [
"http://localhost:3000/callback"
],
"responseTypes": [
"CODE"
],
"tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC"
}),
};
$.ajax(settings).done(function (response) {
console.log(response);
});var request = require('request');
var options = {
'method': 'POST',
'url': '{{apiPath}}/environments/{{envID}}/applications',
'headers': {
'Content-Type': 'application/json',
'Authorization': 'Bearer {{accessToken}}'
},
body: JSON.stringify({
"enabled": true,
"name": "SolutionApp_{{$timestamp}}",
"description": "This is an OIDC Web application.",
"type": "WEB_APP",
"protocol": "OPENID_CONNECT",
"grantTypes": [
"AUTHORIZATION_CODE"
],
"redirectUris": [
"http://localhost:3000/callback"
],
"responseTypes": [
"CODE"
],
"tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC"
})
};
request(options, function (error, response) {
if (error) throw new Error(error);
console.log(response.body);
});import requests
import json
url = "{{apiPath}}/environments/{{envID}}/applications"
payload = json.dumps({
"enabled": True,
"name": "SolutionApp_{{$timestamp}}",
"description": "This is an OIDC Web application.",
"type": "WEB_APP",
"protocol": "OPENID_CONNECT",
"grantTypes": [
"AUTHORIZATION_CODE"
],
"redirectUris": [
"http://localhost:3000/callback"
],
"responseTypes": [
"CODE"
],
"tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC"
})
headers = {
'Content-Type': 'application/json',
'Authorization': 'Bearer {{accessToken}}'
}
response = requests.request("POST", url, headers=headers, data=payload)
print(response.text)<?php
require_once 'HTTP/Request2.php';
$request = new HTTP_Request2();
$request->setUrl('{{apiPath}}/environments/{{envID}}/applications');
$request->setMethod(HTTP_Request2::METHOD_POST);
$request->setConfig(array(
'follow_redirects' => TRUE
));
$request->setHeader(array(
'Content-Type' => 'application/json',
'Authorization' => 'Bearer {{accessToken}}'
));
$request->setBody('{\n "enabled": true,\n "name": "SolutionApp_{{$timestamp}}",\n "description": "This is an OIDC Web application.",\n "type": "WEB_APP",\n "protocol": "OPENID_CONNECT",\n "grantTypes": [\n "AUTHORIZATION_CODE"\n ],\n "redirectUris": [\n "http://localhost:3000/callback"\n ],\n "responseTypes": [\n "CODE"\n ],\n "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC"\n}');
try {
$response = $request->send();
if ($response->getStatus() == 200) {
echo $response->getBody();
}
else {
echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
$response->getReasonPhrase();
}
}
catch(HTTP_Request2_Exception $e) {
echo 'Error: ' . $e->getMessage();
}require "uri"
require "json"
require "net/http"
url = URI("{{apiPath}}/environments/{{envID}}/applications")
http = Net::HTTP.new(url.host, url.port);
request = Net::HTTP::Post.new(url)
request["Content-Type"] = "application/json"
request["Authorization"] = "Bearer {{accessToken}}"
request.body = JSON.dump({
"enabled": true,
"name": "SolutionApp_{{\$timestamp}}",
"description": "This is an OIDC Web application.",
"type": "WEB_APP",
"protocol": "OPENID_CONNECT",
"grantTypes": [
"AUTHORIZATION_CODE"
],
"redirectUris": [
"http://localhost:3000/callback"
],
"responseTypes": [
"CODE"
],
"tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC"
})
response = http.request(request)
puts response.read_bodylet parameters = "{\n \"enabled\": true,\n \"name\": \"SolutionApp_{{$timestamp}}\",\n \"description\": \"This is an OIDC Web application.\",\n \"type\": \"WEB_APP\",\n \"protocol\": \"OPENID_CONNECT\",\n \"grantTypes\": [\n \"AUTHORIZATION_CODE\"\n ],\n \"redirectUris\": [\n \"http://localhost:3000/callback\"\n ],\n \"responseTypes\": [\n \"CODE\"\n ],\n \"tokenEndpointAuthMethod\": \"CLIENT_SECRET_BASIC\"\n}"
let postData = parameters.data(using: .utf8)
var request = URLRequest(url: URL(string: "{{apiPath}}/environments/{{envID}}/applications")!,timeoutInterval: Double.infinity)
request.addValue("application/json", forHTTPHeaderField: "Content-Type")
request.addValue("Bearer {{accessToken}}", forHTTPHeaderField: "Authorization")
request.httpMethod = "POST"
request.httpBody = postData
let task = URLSession.shared.dataTask(with: request) { data, response, error in
guard let data = data else {
print(String(describing: error))
return
}
print(String(data: data, encoding: .utf8)!)
}
task.resume()Example Response
201 Created
{
"_links": {
"self": {
"href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/7bc39672-6770-4d78-b7f5-09728ca64f41"
},
"environment": {
"href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
},
"attributes": {
"href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/7bc39672-6770-4d78-b7f5-09728ca64f41/attributes"
},
"secret": {
"href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/7bc39672-6770-4d78-b7f5-09728ca64f41/secret"
},
"grants": {
"href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/7bc39672-6770-4d78-b7f5-09728ca64f41/grants"
}
},
"environment": {
"id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
},
"id": "7bc39672-6770-4d78-b7f5-09728ca64f41",
"name": "SolutionApp_1743162190",
"description": "This is an OIDC Web application.",
"enabled": true,
"hiddenFromAppPortal": false,
"type": "WEB_APP",
"protocol": "OPENID_CONNECT",
"createdAt": "2025-03-28T11:43:10.462Z",
"updatedAt": "2025-03-28T11:43:10.462Z",
"assignActorRoles": false,
"responseTypes": [
"CODE"
],
"grantTypes": [
"AUTHORIZATION_CODE"
],
"idpSignoff": false,
"additionalRefreshTokenReplayProtectionEnabled": true,
"tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",
"pkceEnforcement": "OPTIONAL",
"parRequirement": "OPTIONAL",
"devicePollingInterval": 5,
"redirectUris": [
"http://localhost:3000/callback"
],
"parTimeout": 60,
"deviceTimeout": 600
}