--- title: Update FIDO Policy description: Use PUT {{apiPath}}/v1/environments/{{envID}}/fido2Policies/{{fidoPolicyID}} to update the details of an existing FIDO policy. component: pingone-api page_id: pingone-api:mfa:fido-policies/update_fido_policy canonical_url: https://developer.pingidentity.com/pingone-api/mfa/fido-policies/update_fido_policy.html section_ids: prerequisites: Prerequisites headers: Headers body: Body example-request: Example Request example-response: Example Response --- # Update FIDO Policy ## ```none PUT {{apiPath}}/v1/environments/{{envID}}/fido2Policies/{{fidoPolicyID}} ``` Use `PUT {{apiPath}}/v1/environments/{{envID}}/fido2Policies/{{fidoPolicyID}}` to update the details of an existing FIDO policy. The policy ID can be taken from the `id` field for the policy in the list of policies returned when you retrieve all of the FIDO policies for an environment. The ID of each policy is also displayed on the FIDO Policies page in the PingOne UI. ### Prerequisites * Refer to [FIDO Policies](#fido-policies) for important overview information. > **Collapse: Request Model** > > | Property | Type | Required? | > | ----------------------------- | ------- | --------- | > | `allowedAuthenticators` | Array | Optional | > | `attestationRequirements` | String | Required | > | `default` | Boolean | Optional | > | `description` | String | Optional | > | `enforceDuringAuthentication` | Boolean | Optional | > | `name` | String | Required | > | `publicKeyCredentialHints` | Array | Optional | > | `residentKeyRequirement` | String | Required | > > Refer to the [FIDO Policies](#fido-policies) data model for full property descriptions. ### Headers Authorization      Bearer {{accessToken}} Content-Type      application/json ### Body raw ( application/json ) ```json { "name": "FIDO Policy - specific authenticators - updated list of authenticators", "description": "FIDO Policy that specifies two authenticators that can be used", "deviceDisplayName": "Fido2 device B", "discoverableCredentials": "REQUIRED", "authenticatorAttachment": "BOTH", "userVerification": { "enforceDuringAuthentication": true, "option": "REQUIRED" }, "backupEligibility": { "enforceDuringAuthentication": true, "allow": true }, "userDisplayNameAttributes": { "attributes": [ { "name": "username" }, { "name": "email" } ] }, "attestationRequirements": "DIRECT", "mdsAuthenticatorsRequirements": { "option": "SPECIFIC", "allowedAuthenticators": [ { "id": "{{allowedAuthenticatorID}}" }, { "id": "{{allowedAuthenticatorID_2}}" } ], "enforceDuringAuthentication": true }, "publicKeyCredentialHints" : [ "SECURITY_KEY", "CLIENT_DEVICE","HYBRID" ], "relyingPartyId": "relyingpartydomain.example.com", "default": false } ``` ## ### Example Request * cURL * C# * Go * HTTP * Java * jQuery * NodeJS * Python * PHP * Ruby * Swift ```shell curl --location --globoff --request PUT '{{apiPath}}/v1/environments/{{envID}}/fido2Policies/{{fidoPolicyID}}' \ --header 'Content-Type: application/json' \ --header 'Authorization: Bearer {{accessToken}}' \ --data '{ "name": "FIDO Policy - specific authenticators - updated list of authenticators", "description": "FIDO Policy that specifies two authenticators that can be used", "deviceDisplayName": "Fido2 device B", "discoverableCredentials": "REQUIRED", "authenticatorAttachment": "BOTH", "userVerification": { "enforceDuringAuthentication": true, "option": "REQUIRED" }, "backupEligibility": { "enforceDuringAuthentication": true, "allow": true }, "userDisplayNameAttributes": { "attributes": [ { "name": "username" }, { "name": "email" } ] }, "attestationRequirements": "DIRECT", "mdsAuthenticatorsRequirements": { "option": "SPECIFIC", "allowedAuthenticators": [ { "id": "{{allowedAuthenticatorID}}" }, { "id": "{{allowedAuthenticatorID_2}}" } ], "enforceDuringAuthentication": true }, "publicKeyCredentialHints" : [ "SECURITY_KEY", "CLIENT_DEVICE","HYBRID" ], "relyingPartyId": "relyingpartydomain.example.com", "default": false }' ``` ```csharp var options = new RestClientOptions("{{apiPath}}/v1/environments/{{envID}}/fido2Policies/{{fidoPolicyID}}") { MaxTimeout = -1, }; var client = new RestClient(options); var request = new RestRequest("", Method.Put); request.AddHeader("Content-Type", "application/json"); request.AddHeader("Authorization", "Bearer {{accessToken}}"); var body = @"{" + "\n" + @" ""name"": ""FIDO Policy - specific authenticators - updated list of authenticators""," + "\n" + @" ""description"": ""FIDO Policy that specifies two authenticators that can be used""," + "\n" + @" ""deviceDisplayName"": ""Fido2 device B""," + "\n" + @" ""discoverableCredentials"": ""REQUIRED""," + "\n" + @" ""authenticatorAttachment"": ""BOTH""," + "\n" + @" ""userVerification"": {" + "\n" + @" ""enforceDuringAuthentication"": true," + "\n" + @" ""option"": ""REQUIRED""" + "\n" + @" }," + "\n" + @" ""backupEligibility"": {" + "\n" + @" ""enforceDuringAuthentication"": true," + "\n" + @" ""allow"": true" + "\n" + @" }," + "\n" + @" ""userDisplayNameAttributes"": {" + "\n" + @" ""attributes"": [" + "\n" + @" {" + "\n" + @" ""name"": ""username""" + "\n" + @" }," + "\n" + @" {" + "\n" + @" ""name"": ""email""" + "\n" + @" }" + "\n" + @" ]" + "\n" + @" }," + "\n" + @" ""attestationRequirements"": ""DIRECT""," + "\n" + @" ""mdsAuthenticatorsRequirements"": {" + "\n" + @" ""option"": ""SPECIFIC""," + "\n" + @" ""allowedAuthenticators"": [" + "\n" + @" {" + "\n" + @" ""id"": ""{{allowedAuthenticatorID}}""" + "\n" + @" }," + "\n" + @" {" + "\n" + @" ""id"": ""{{allowedAuthenticatorID_2}}""" + "\n" + @" }" + "\n" + @" ]," + "\n" + @" ""enforceDuringAuthentication"": true" + "\n" + @" }," + "\n" + @" ""publicKeyCredentialHints"" : [" + "\n" + @" ""SECURITY_KEY"", ""CLIENT_DEVICE"",""HYBRID""" + "\n" + @" ]," + "\n" + @" ""relyingPartyId"": ""relyingpartydomain.example.com""," + "\n" + @" ""default"": false" + "\n" + @"}"; request.AddStringBody(body, DataFormat.Json); RestResponse response = await client.ExecuteAsync(request); Console.WriteLine(response.Content); ``` ```golang package main import ( "fmt" "strings" "net/http" "io" ) func main() { url := "{{apiPath}}/v1/environments/{{envID}}/fido2Policies/{{fidoPolicyID}}" method := "PUT" payload := strings.NewReader(`{ "name": "FIDO Policy - specific authenticators - updated list of authenticators", "description": "FIDO Policy that specifies two authenticators that can be used", "deviceDisplayName": "Fido2 device B", "discoverableCredentials": "REQUIRED", "authenticatorAttachment": "BOTH", "userVerification": { "enforceDuringAuthentication": true, "option": "REQUIRED" }, "backupEligibility": { "enforceDuringAuthentication": true, "allow": true }, "userDisplayNameAttributes": { "attributes": [ { "name": "username" }, { "name": "email" } ] }, "attestationRequirements": "DIRECT", "mdsAuthenticatorsRequirements": { "option": "SPECIFIC", "allowedAuthenticators": [ { "id": "{{allowedAuthenticatorID}}" }, { "id": "{{allowedAuthenticatorID_2}}" } ], "enforceDuringAuthentication": true }, "publicKeyCredentialHints" : [ "SECURITY_KEY", "CLIENT_DEVICE","HYBRID" ], "relyingPartyId": "relyingpartydomain.example.com", "default": false }`) client := &http.Client { } req, err := http.NewRequest(method, url, payload) if err != nil { fmt.Println(err) return } req.Header.Add("Content-Type", "application/json") req.Header.Add("Authorization", "Bearer {{accessToken}}") res, err := client.Do(req) if err != nil { fmt.Println(err) return } defer res.Body.Close() body, err := io.ReadAll(res.Body) if err != nil { fmt.Println(err) return } fmt.Println(string(body)) } ``` ```http PUT /v1/environments/{{envID}}/fido2Policies/{{fidoPolicyID}} HTTP/1.1 Host: {{apiPath}} Content-Type: application/json Authorization: Bearer {{accessToken}} { "name": "FIDO Policy - specific authenticators - updated list of authenticators", "description": "FIDO Policy that specifies two authenticators that can be used", "deviceDisplayName": "Fido2 device B", "discoverableCredentials": "REQUIRED", "authenticatorAttachment": "BOTH", "userVerification": { "enforceDuringAuthentication": true, "option": "REQUIRED" }, "backupEligibility": { "enforceDuringAuthentication": true, "allow": true }, "userDisplayNameAttributes": { "attributes": [ { "name": "username" }, { "name": "email" } ] }, "attestationRequirements": "DIRECT", "mdsAuthenticatorsRequirements": { "option": "SPECIFIC", "allowedAuthenticators": [ { "id": "{{allowedAuthenticatorID}}" }, { "id": "{{allowedAuthenticatorID_2}}" } ], "enforceDuringAuthentication": true }, "publicKeyCredentialHints" : [ "SECURITY_KEY", "CLIENT_DEVICE","HYBRID" ], "relyingPartyId": "relyingpartydomain.example.com", "default": false } ``` ```java OkHttpClient client = new OkHttpClient().newBuilder() .build(); MediaType mediaType = MediaType.parse("application/json"); RequestBody body = RequestBody.create(mediaType, "{\n \"name\": \"FIDO Policy - specific authenticators - updated list of authenticators\",\n \"description\": \"FIDO Policy that specifies two authenticators that can be used\",\n \"deviceDisplayName\": \"Fido2 device B\",\n \"discoverableCredentials\": \"REQUIRED\",\n \"authenticatorAttachment\": \"BOTH\",\n \"userVerification\": {\n \"enforceDuringAuthentication\": true,\n \"option\": \"REQUIRED\"\n },\n \"backupEligibility\": {\n \"enforceDuringAuthentication\": true,\n \"allow\": true\n },\n \"userDisplayNameAttributes\": {\n \"attributes\": [\n {\n \"name\": \"username\"\n },\n {\n \"name\": \"email\"\n }\n ]\n },\n \"attestationRequirements\": \"DIRECT\",\n \"mdsAuthenticatorsRequirements\": {\n \"option\": \"SPECIFIC\",\n \"allowedAuthenticators\": [\n {\n \"id\": \"{{allowedAuthenticatorID}}\"\n },\n {\n \"id\": \"{{allowedAuthenticatorID_2}}\"\n }\n ],\n \"enforceDuringAuthentication\": true\n },\n \"publicKeyCredentialHints\" : [\n \"SECURITY_KEY\", \"CLIENT_DEVICE\",\"HYBRID\"\n ],\n \"relyingPartyId\": \"relyingpartydomain.example.com\",\n \"default\": false\n}"); Request request = new Request.Builder() .url("{{apiPath}}/v1/environments/{{envID}}/fido2Policies/{{fidoPolicyID}}") .method("PUT", body) .addHeader("Content-Type", "application/json") .addHeader("Authorization", "Bearer {{accessToken}}") .build(); Response response = client.newCall(request).execute(); ``` ```javascript var settings = { "url": "{{apiPath}}/v1/environments/{{envID}}/fido2Policies/{{fidoPolicyID}}", "method": "PUT", "timeout": 0, "headers": { "Content-Type": "application/json", "Authorization": "Bearer {{accessToken}}" }, "data": JSON.stringify({ "name": "FIDO Policy - specific authenticators - updated list of authenticators", "description": "FIDO Policy that specifies two authenticators that can be used", "deviceDisplayName": "Fido2 device B", "discoverableCredentials": "REQUIRED", "authenticatorAttachment": "BOTH", "userVerification": { "enforceDuringAuthentication": true, "option": "REQUIRED" }, "backupEligibility": { "enforceDuringAuthentication": true, "allow": true }, "userDisplayNameAttributes": { "attributes": [ { "name": "username" }, { "name": "email" } ] }, "attestationRequirements": "DIRECT", "mdsAuthenticatorsRequirements": { "option": "SPECIFIC", "allowedAuthenticators": [ { "id": "{{allowedAuthenticatorID}}" }, { "id": "{{allowedAuthenticatorID_2}}" } ], "enforceDuringAuthentication": true }, "publicKeyCredentialHints": [ "SECURITY_KEY", "CLIENT_DEVICE", "HYBRID" ], "relyingPartyId": "relyingpartydomain.example.com", "default": false }), }; $.ajax(settings).done(function (response) { console.log(response); }); ``` ```javascript var request = require('request'); var options = { 'method': 'PUT', 'url': '{{apiPath}}/v1/environments/{{envID}}/fido2Policies/{{fidoPolicyID}}', 'headers': { 'Content-Type': 'application/json', 'Authorization': 'Bearer {{accessToken}}' }, body: JSON.stringify({ "name": "FIDO Policy - specific authenticators - updated list of authenticators", "description": "FIDO Policy that specifies two authenticators that can be used", "deviceDisplayName": "Fido2 device B", "discoverableCredentials": "REQUIRED", "authenticatorAttachment": "BOTH", "userVerification": { "enforceDuringAuthentication": true, "option": "REQUIRED" }, "backupEligibility": { "enforceDuringAuthentication": true, "allow": true }, "userDisplayNameAttributes": { "attributes": [ { "name": "username" }, { "name": "email" } ] }, "attestationRequirements": "DIRECT", "mdsAuthenticatorsRequirements": { "option": "SPECIFIC", "allowedAuthenticators": [ { "id": "{{allowedAuthenticatorID}}" }, { "id": "{{allowedAuthenticatorID_2}}" } ], "enforceDuringAuthentication": true }, "publicKeyCredentialHints": [ "SECURITY_KEY", "CLIENT_DEVICE", "HYBRID" ], "relyingPartyId": "relyingpartydomain.example.com", "default": false }) }; request(options, function (error, response) { if (error) throw new Error(error); console.log(response.body); }); ``` ```python import requests import json url = "{{apiPath}}/v1/environments/{{envID}}/fido2Policies/{{fidoPolicyID}}" payload = json.dumps({ "name": "FIDO Policy - specific authenticators - updated list of authenticators", "description": "FIDO Policy that specifies two authenticators that can be used", "deviceDisplayName": "Fido2 device B", "discoverableCredentials": "REQUIRED", "authenticatorAttachment": "BOTH", "userVerification": { "enforceDuringAuthentication": True, "option": "REQUIRED" }, "backupEligibility": { "enforceDuringAuthentication": True, "allow": True }, "userDisplayNameAttributes": { "attributes": [ { "name": "username" }, { "name": "email" } ] }, "attestationRequirements": "DIRECT", "mdsAuthenticatorsRequirements": { "option": "SPECIFIC", "allowedAuthenticators": [ { "id": "{{allowedAuthenticatorID}}" }, { "id": "{{allowedAuthenticatorID_2}}" } ], "enforceDuringAuthentication": True }, "publicKeyCredentialHints": [ "SECURITY_KEY", "CLIENT_DEVICE", "HYBRID" ], "relyingPartyId": "relyingpartydomain.example.com", "default": False }) headers = { 'Content-Type': 'application/json', 'Authorization': 'Bearer {{accessToken}}' } response = requests.request("PUT", url, headers=headers, data=payload) print(response.text) ``` ```php setUrl('{{apiPath}}/v1/environments/{{envID}}/fido2Policies/{{fidoPolicyID}}'); $request->setMethod(HTTP_Request2::METHOD_PUT); $request->setConfig(array( 'follow_redirects' => TRUE )); $request->setHeader(array( 'Content-Type' => 'application/json', 'Authorization' => 'Bearer {{accessToken}}' )); $request->setBody('{\n "name": "FIDO Policy - specific authenticators - updated list of authenticators",\n "description": "FIDO Policy that specifies two authenticators that can be used",\n "deviceDisplayName": "Fido2 device B",\n "discoverableCredentials": "REQUIRED",\n "authenticatorAttachment": "BOTH",\n "userVerification": {\n "enforceDuringAuthentication": true,\n "option": "REQUIRED"\n },\n "backupEligibility": {\n "enforceDuringAuthentication": true,\n "allow": true\n },\n "userDisplayNameAttributes": {\n "attributes": [\n {\n "name": "username"\n },\n {\n "name": "email"\n }\n ]\n },\n "attestationRequirements": "DIRECT",\n "mdsAuthenticatorsRequirements": {\n "option": "SPECIFIC",\n "allowedAuthenticators": [\n {\n "id": "{{allowedAuthenticatorID}}"\n },\n {\n "id": "{{allowedAuthenticatorID_2}}"\n }\n ],\n "enforceDuringAuthentication": true\n },\n "publicKeyCredentialHints" : [\n "SECURITY_KEY", "CLIENT_DEVICE","HYBRID"\n ],\n "relyingPartyId": "relyingpartydomain.example.com",\n "default": false\n}'); try { $response = $request->send(); if ($response->getStatus() == 200) { echo $response->getBody(); } else { echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' . $response->getReasonPhrase(); } } catch(HTTP_Request2_Exception $e) { echo 'Error: ' . $e->getMessage(); } ``` ```ruby require "uri" require "json" require "net/http" url = URI("{{apiPath}}/v1/environments/{{envID}}/fido2Policies/{{fidoPolicyID}}") http = Net::HTTP.new(url.host, url.port); request = Net::HTTP::Put.new(url) request["Content-Type"] = "application/json" request["Authorization"] = "Bearer {{accessToken}}" request.body = JSON.dump({ "name": "FIDO Policy - specific authenticators - updated list of authenticators", "description": "FIDO Policy that specifies two authenticators that can be used", "deviceDisplayName": "Fido2 device B", "discoverableCredentials": "REQUIRED", "authenticatorAttachment": "BOTH", "userVerification": { "enforceDuringAuthentication": true, "option": "REQUIRED" }, "backupEligibility": { "enforceDuringAuthentication": true, "allow": true }, "userDisplayNameAttributes": { "attributes": [ { "name": "username" }, { "name": "email" } ] }, "attestationRequirements": "DIRECT", "mdsAuthenticatorsRequirements": { "option": "SPECIFIC", "allowedAuthenticators": [ { "id": "{{allowedAuthenticatorID}}" }, { "id": "{{allowedAuthenticatorID_2}}" } ], "enforceDuringAuthentication": true }, "publicKeyCredentialHints": [ "SECURITY_KEY", "CLIENT_DEVICE", "HYBRID" ], "relyingPartyId": "relyingpartydomain.example.com", "default": false }) response = http.request(request) puts response.read_body ``` ```swift let parameters = "{\n \"name\": \"FIDO Policy - specific authenticators - updated list of authenticators\",\n \"description\": \"FIDO Policy that specifies two authenticators that can be used\",\n \"deviceDisplayName\": \"Fido2 device B\",\n \"discoverableCredentials\": \"REQUIRED\",\n \"authenticatorAttachment\": \"BOTH\",\n \"userVerification\": {\n \"enforceDuringAuthentication\": true,\n \"option\": \"REQUIRED\"\n },\n \"backupEligibility\": {\n \"enforceDuringAuthentication\": true,\n \"allow\": true\n },\n \"userDisplayNameAttributes\": {\n \"attributes\": [\n {\n \"name\": \"username\"\n },\n {\n \"name\": \"email\"\n }\n ]\n },\n \"attestationRequirements\": \"DIRECT\",\n \"mdsAuthenticatorsRequirements\": {\n \"option\": \"SPECIFIC\",\n \"allowedAuthenticators\": [\n {\n \"id\": \"{{allowedAuthenticatorID}}\"\n },\n {\n \"id\": \"{{allowedAuthenticatorID_2}}\"\n }\n ],\n \"enforceDuringAuthentication\": true\n },\n \"publicKeyCredentialHints\" : [\n \"SECURITY_KEY\", \"CLIENT_DEVICE\",\"HYBRID\"\n ],\n \"relyingPartyId\": \"relyingpartydomain.example.com\",\n \"default\": false\n}" let postData = parameters.data(using: .utf8) var request = URLRequest(url: URL(string: "{{apiPath}}/v1/environments/{{envID}}/fido2Policies/{{fidoPolicyID}}")!,timeoutInterval: Double.infinity) request.addValue("application/json", forHTTPHeaderField: "Content-Type") request.addValue("Bearer {{accessToken}}", forHTTPHeaderField: "Authorization") request.httpMethod = "PUT" request.httpBody = postData let task = URLSession.shared.dataTask(with: request) { data, response, error in guard let data = data else { print(String(describing: error)) return } print(String(data: data, encoding: .utf8)!) } task.resume() ``` ### Example Response 200 OK ```json { "_links": { "self": { "href": "https://api.pingone.eu/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/fido2Policies/6f39f738-9fbb-4a43-94d7-41d84f5e5f46" }, "environment": { "href": "https://api.pingone.eu/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6" } }, "id": "6f39f738-9fbb-4a43-94d7-41d84f5e5f46", "environment": { "id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6" }, "updatedAt": "2024-12-09T12:26:07.947Z", "createdAt": "2024-12-09T12:23:07.475Z", "name": "FIDO Policy - specific authenticators - updated list of authenticators", "description": "FIDO Policy that specifies two authenticators that can be used", "deviceDisplayName": "Fido2 device B", "discoverableCredentials": "REQUIRED", "authenticatorAttachment": "BOTH", "userVerification": { "enforceDuringAuthentication": true, "option": "REQUIRED" }, "userPresenceTimeout": { "duration": 2, "timeUnit": "MINUTES" }, "backupEligibility": { "enforceDuringAuthentication": true, "allow": true }, "userDisplayNameAttributes": { "attributes": [ { "name": "username" }, { "name": "email" } ] }, "attestationRequirements": "DIRECT", "mdsAuthenticatorsRequirements": { "enforceDuringAuthentication": true, "option": "SPECIFIC", "allowedAuthenticators": [ { "id": "{{allowedAuthenticatorID}}" }, { "id": "da1fa263-8b25-42b6-a820-c0036f21ba7f" } ] }, "relyingPartyId": "relyingpartydomain.example.com", "publicKeyCredentialHints": [ "SECURITY_KEY", "CLIENT_DEVICE", "HYBRID" ], "aggregateDevices": false, "default": false } ```