--- title: "Step 2: Create a Web application" description: Use the POST {{apiPath}}/v1/environments/{{envID}}/applications operation to create a new PingOne OpenID Connect (OIDC) Web app. This app configuration represents (to PingOne) your custom application for user sign-on. component: pingone-api page_id: pingone-api:getting-started:simple-sso-workflow/step-2-create-a-web-application canonical_url: https://developer.pingidentity.com/pingone-api/getting-started/simple-sso-workflow/step-2-create-a-web-application.html section_ids: troubleshooting: Troubleshooting headers: Headers body: Body example-request: Example Request example-response: Example Response --- # Step 2: Create a Web application ## ```none POST {{apiPath}}/v1/environments/{{envID}}/applications ``` Use the `POST {{apiPath}}/v1/environments/{{envID}}/applications` operation to create a new PingOne OpenID Connect (OIDC) Web app. This app configuration represents (to PingOne) your custom application for user sign-on. In this request: * ``{{apiPath}}`is the geographic domain for the PingOne API endpoints for your PingOne environment. The PingOne top-level domain is `https://api.pingone.com/v1`` for the U.S. Refer to [PingOne API domains](../../before-you-begin/introduction.html#pingone-api-domains) for the top-level domains for other regions. * `{{envID}}` is the ID of the environment you created when you created your test environment. Refer to [Create a Test Environment](../create-a-test-environment.html). In the request body: * `enabled` is a Boolean (true/false) value indicating the current state of the application. You want to enable the Web application for use. * `name` is a String containing the name of the application. * `type` is a String containing the application type. In this workflow, the `type` is `WEB_APP`. * `protocol` is a String containing the protocol used by the application. In this workflow, the `protocol` is `OPENID_CONNECT`. * `grantTypes` is a String array containing the grant type or types for the authorization request. In this workflow, the `grantTypes` value needs to use the `authorization_code` grant type. * `redirectUris` is a String array containing the callback URIs to use for the authentication response. * `responseTypes` is a String array containing the code or token type or types returned by the authorization request. In this workflow, the `responseTypes` value needs to be `CODE` to return an authorization code. This corresponds to the `grantTypes` value set. * `tokenEndpointAuthMethod` is a String containing the client authentication method supported by the token endpoint. In this workflow, the `tokenEndpointAuthMethod` value needs to be `CLIENT_SECRET_BASIC`. When successful, the response returns a `Status: 201 created` message and shows the new application's configuration data. The configuration data includes the application's `id` property. This is needed to get the application's `secret` value in the next step. ### Troubleshooting * Verify that `{{envID}}` is the ID for the new test environment you created. * Verify that you've assigned either the Environment Admin or Client Application Developer role to your Worker app. Refer to [Assign roles to the Worker app](../create-an-admin-worker-app/step-3-assign-roles.html). * Verify that you're using Bearer authorization for this request (and all `{{apiPath}}` requests), and you have a valid access token. For Postman users, check that the Authorization tab in Postman is set to Bearer Token, and the access token variable is assigned (shown in blue, not red). * Verify that you've set the variables used in the request body correctly. * If you get a 401 Unauthorized message, this is likely due to the access token expiring (a 1 hour expiry time). Refer to the step to get an access token, and call this request again. * Verify that `{{apiPath}}` is correct for your geographic domain . ### Headers Authorization      Bearer {{accessToken}} Content-Type      application/json ### Body raw ( application/json ) ```json { "enabled": true, "name": "Shared-Web-App", "description": "This is an OIDC Web application for workflow testing.", "type": "WEB_APP", "protocol": "OPENID_CONNECT", "grantTypes": [ "AUTHORIZATION_CODE" ], "redirectUris": [ "http://localhost:3000/callback" ], "responseTypes": [ "CODE" ], "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC" } ``` ## ### Example Request * cURL * C# * Go * HTTP * Java * jQuery * NodeJS * Python * PHP * Ruby * Swift ```shell curl --location --globoff '{{apiPath}}/v1/environments/{{envID}}/applications' \ --header 'Content-Type: application/json' \ --header 'Authorization: Bearer {{accessToken}}' \ --data '{ "enabled": true, "name": "Shared-Web-App", "description": "This is an OIDC Web application for workflow testing.", "type": "WEB_APP", "protocol": "OPENID_CONNECT", "grantTypes": [ "AUTHORIZATION_CODE" ], "redirectUris": [ "http://localhost:3000/callback" ], "responseTypes": [ "CODE" ], "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC" }' ``` ```csharp var options = new RestClientOptions("{{apiPath}}/v1/environments/{{envID}}/applications") { MaxTimeout = -1, }; var client = new RestClient(options); var request = new RestRequest("", Method.Post); request.AddHeader("Content-Type", "application/json"); request.AddHeader("Authorization", "Bearer {{accessToken}}"); var body = @"{" + "\n" + @" ""enabled"": true," + "\n" + @" ""name"": ""Shared-Web-App""," + "\n" + @" ""description"": ""This is an OIDC Web application for workflow testing.""," + "\n" + @" ""type"": ""WEB_APP""," + "\n" + @" ""protocol"": ""OPENID_CONNECT""," + "\n" + @" ""grantTypes"": [" + "\n" + @" ""AUTHORIZATION_CODE""" + "\n" + @" ]," + "\n" + @" ""redirectUris"": [" + "\n" + @" ""http://localhost:3000/callback""" + "\n" + @" ]," + "\n" + @" ""responseTypes"": [" + "\n" + @" ""CODE""" + "\n" + @" ]," + "\n" + @" ""tokenEndpointAuthMethod"": ""CLIENT_SECRET_BASIC""" + "\n" + @"}"; request.AddStringBody(body, DataFormat.Json); RestResponse response = await client.ExecuteAsync(request); Console.WriteLine(response.Content); ``` ```golang package main import ( "fmt" "strings" "net/http" "io" ) func main() { url := "{{apiPath}}/v1/environments/{{envID}}/applications" method := "POST" payload := strings.NewReader(`{ "enabled": true, "name": "Shared-Web-App", "description": "This is an OIDC Web application for workflow testing.", "type": "WEB_APP", "protocol": "OPENID_CONNECT", "grantTypes": [ "AUTHORIZATION_CODE" ], "redirectUris": [ "http://localhost:3000/callback" ], "responseTypes": [ "CODE" ], "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC" }`) client := &http.Client { } req, err := http.NewRequest(method, url, payload) if err != nil { fmt.Println(err) return } req.Header.Add("Content-Type", "application/json") req.Header.Add("Authorization", "Bearer {{accessToken}}") res, err := client.Do(req) if err != nil { fmt.Println(err) return } defer res.Body.Close() body, err := io.ReadAll(res.Body) if err != nil { fmt.Println(err) return } fmt.Println(string(body)) } ``` ```http POST /v1/environments/{{envID}}/applications HTTP/1.1 Host: {{apiPath}} Content-Type: application/json Authorization: Bearer {{accessToken}} { "enabled": true, "name": "Shared-Web-App", "description": "This is an OIDC Web application for workflow testing.", "type": "WEB_APP", "protocol": "OPENID_CONNECT", "grantTypes": [ "AUTHORIZATION_CODE" ], "redirectUris": [ "http://localhost:3000/callback" ], "responseTypes": [ "CODE" ], "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC" } ``` ```java OkHttpClient client = new OkHttpClient().newBuilder() .build(); MediaType mediaType = MediaType.parse("application/json"); RequestBody body = RequestBody.create(mediaType, "{\n \"enabled\": true,\n \"name\": \"Shared-Web-App\",\n \"description\": \"This is an OIDC Web application for workflow testing.\",\n \"type\": \"WEB_APP\",\n \"protocol\": \"OPENID_CONNECT\",\n \"grantTypes\": [\n \"AUTHORIZATION_CODE\"\n ],\n \"redirectUris\": [\n \"http://localhost:3000/callback\"\n ],\n \"responseTypes\": [\n \"CODE\"\n ],\n \"tokenEndpointAuthMethod\": \"CLIENT_SECRET_BASIC\"\n}"); Request request = new Request.Builder() .url("{{apiPath}}/v1/environments/{{envID}}/applications") .method("POST", body) .addHeader("Content-Type", "application/json") .addHeader("Authorization", "Bearer {{accessToken}}") .build(); Response response = client.newCall(request).execute(); ``` ```javascript var settings = { "url": "{{apiPath}}/v1/environments/{{envID}}/applications", "method": "POST", "timeout": 0, "headers": { "Content-Type": "application/json", "Authorization": "Bearer {{accessToken}}" }, "data": JSON.stringify({ "enabled": true, "name": "Shared-Web-App", "description": "This is an OIDC Web application for workflow testing.", "type": "WEB_APP", "protocol": "OPENID_CONNECT", "grantTypes": [ "AUTHORIZATION_CODE" ], "redirectUris": [ "http://localhost:3000/callback" ], "responseTypes": [ "CODE" ], "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC" }), }; $.ajax(settings).done(function (response) { console.log(response); }); ``` ```javascript var request = require('request'); var options = { 'method': 'POST', 'url': '{{apiPath}}/v1/environments/{{envID}}/applications', 'headers': { 'Content-Type': 'application/json', 'Authorization': 'Bearer {{accessToken}}' }, body: JSON.stringify({ "enabled": true, "name": "Shared-Web-App", "description": "This is an OIDC Web application for workflow testing.", "type": "WEB_APP", "protocol": "OPENID_CONNECT", "grantTypes": [ "AUTHORIZATION_CODE" ], "redirectUris": [ "http://localhost:3000/callback" ], "responseTypes": [ "CODE" ], "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC" }) }; request(options, function (error, response) { if (error) throw new Error(error); console.log(response.body); }); ``` ```python import requests import json url = "{{apiPath}}/v1/environments/{{envID}}/applications" payload = json.dumps({ "enabled": True, "name": "Shared-Web-App", "description": "This is an OIDC Web application for workflow testing.", "type": "WEB_APP", "protocol": "OPENID_CONNECT", "grantTypes": [ "AUTHORIZATION_CODE" ], "redirectUris": [ "http://localhost:3000/callback" ], "responseTypes": [ "CODE" ], "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC" }) headers = { 'Content-Type': 'application/json', 'Authorization': 'Bearer {{accessToken}}' } response = requests.request("POST", url, headers=headers, data=payload) print(response.text) ``` ```php setUrl('{{apiPath}}/v1/environments/{{envID}}/applications'); $request->setMethod(HTTP_Request2::METHOD_POST); $request->setConfig(array( 'follow_redirects' => TRUE )); $request->setHeader(array( 'Content-Type' => 'application/json', 'Authorization' => 'Bearer {{accessToken}}' )); $request->setBody('{\n "enabled": true,\n "name": "Shared-Web-App",\n "description": "This is an OIDC Web application for workflow testing.",\n "type": "WEB_APP",\n "protocol": "OPENID_CONNECT",\n "grantTypes": [\n "AUTHORIZATION_CODE"\n ],\n "redirectUris": [\n "http://localhost:3000/callback"\n ],\n "responseTypes": [\n "CODE"\n ],\n "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC"\n}'); try { $response = $request->send(); if ($response->getStatus() == 200) { echo $response->getBody(); } else { echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' . $response->getReasonPhrase(); } } catch(HTTP_Request2_Exception $e) { echo 'Error: ' . $e->getMessage(); } ``` ```ruby require "uri" require "json" require "net/http" url = URI("{{apiPath}}/v1/environments/{{envID}}/applications") http = Net::HTTP.new(url.host, url.port); request = Net::HTTP::Post.new(url) request["Content-Type"] = "application/json" request["Authorization"] = "Bearer {{accessToken}}" request.body = JSON.dump({ "enabled": true, "name": "Shared-Web-App", "description": "This is an OIDC Web application for workflow testing.", "type": "WEB_APP", "protocol": "OPENID_CONNECT", "grantTypes": [ "AUTHORIZATION_CODE" ], "redirectUris": [ "http://localhost:3000/callback" ], "responseTypes": [ "CODE" ], "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC" }) response = http.request(request) puts response.read_body ``` ```swift let parameters = "{\n \"enabled\": true,\n \"name\": \"Shared-Web-App\",\n \"description\": \"This is an OIDC Web application for workflow testing.\",\n \"type\": \"WEB_APP\",\n \"protocol\": \"OPENID_CONNECT\",\n \"grantTypes\": [\n \"AUTHORIZATION_CODE\"\n ],\n \"redirectUris\": [\n \"http://localhost:3000/callback\"\n ],\n \"responseTypes\": [\n \"CODE\"\n ],\n \"tokenEndpointAuthMethod\": \"CLIENT_SECRET_BASIC\"\n}" let postData = parameters.data(using: .utf8) var request = URLRequest(url: URL(string: "{{apiPath}}/v1/environments/{{envID}}/applications")!,timeoutInterval: Double.infinity) request.addValue("application/json", forHTTPHeaderField: "Content-Type") request.addValue("Bearer {{accessToken}}", forHTTPHeaderField: "Authorization") request.httpMethod = "POST" request.httpBody = postData let task = URLSession.shared.dataTask(with: request) { data, response, error in guard let data = data else { print(String(describing: error)) return } print(String(data: data, encoding: .utf8)!) } task.resume() ``` ### Example Response 201 Created ```json { "_links": { "self": { "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/7bc39672-6770-4d78-b7f5-09728ca64f41" }, "environment": { "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6" }, "attributes": { "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/7bc39672-6770-4d78-b7f5-09728ca64f41/attributes" }, "secret": { "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/7bc39672-6770-4d78-b7f5-09728ca64f41/secret" }, "grants": { "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/7bc39672-6770-4d78-b7f5-09728ca64f41/grants" } }, "environment": { "id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6" }, "id": "7bc39672-6770-4d78-b7f5-09728ca64f41", "name": "Shared-Web-App", "description": "This is an OIDC Web application for workflow testing.", "enabled": true, "hiddenFromAppPortal": false, "type": "WEB_APP", "protocol": "OPENID_CONNECT", "createdAt": "2025-03-28T11:43:10.462Z", "updatedAt": "2025-03-28T11:43:10.462Z", "assignActorRoles": false, "responseTypes": [ "CODE" ], "grantTypes": [ "AUTHORIZATION_CODE" ], "idpSignoff": false, "additionalRefreshTokenReplayProtectionEnabled": true, "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC", "pkceEnforcement": "OPTIONAL", "parRequirement": "OPTIONAL", "devicePollingInterval": 5, "redirectUris": [ "http://localhost:3000/callback" ], "parTimeout": 60, "deviceTimeout": 600 } ```