Check Assertion (PingID Desktop)
POST {{authPath}}/{{envID}}/deviceAuthentications/{{deviceAuthID}}Authentication with a PingID Desktop device involves a sequence of requests and responses, including interaction with the Desktop API.
This example shows the final step in this process, sending a POST request to the deviceAuthentications endpoint to check the assertion:
POST {{authPath}}/{{envID}}/deviceAuthentications/{{deviceAuthID}}
deviceAuthID in the URL represents the ID that was included in the response from the PingOne server in the request to initiate the device authentication.
The body includes the assertion field whose value shoud be the JWT that you received in response to the request sent to the PingID Desktop API, described in the description of the request to initiate the device authentication.
The value of the origin field should be a subdomain of the domain that was specified as the Relying Party ID in the MFA policy or the domain that was specified with rp.id in the initial call to the PingOne server. The format used should be a complete URL, for example, https://app.pingone.eu.
The Content-Type header must be set to
application/vnd.pingidentity.assertion.check+json.
Request Model
| Property | Type | Required? |
|---|---|---|
|
String |
Required |
|
String |
Required |
Refer to the Device authentications data model for full property descriptions.
Example Request
-
cURL
-
C#
-
Go
-
HTTP
-
Java
-
jQuery
-
NodeJS
-
Python
-
PHP
-
Ruby
-
Swift
curl --location --globoff '{{authPath}}/{{envID}}/deviceAuthentications/{{deviceAuthID}}' \
--header 'Content-Type: application/vnd.pingidentity.assertion.check+json' \
--header 'Authorization: Bearer {{accessToken}}' \
--data '{
"origin":"https://app.pingone.eu",
"assertion": "{{assertionValue}}"
}'var options = new RestClientOptions("{{authPath}}/{{envID}}/deviceAuthentications/{{deviceAuthID}}")
{
MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("", Method.Post);
request.AddHeader("Content-Type", "application/vnd.pingidentity.assertion.check+json");
request.AddHeader("Authorization", "Bearer {{accessToken}}");
var body = @"{" + "\n" +
@" ""origin"":""https://app.pingone.eu""," + "\n" +
@" ""assertion"": ""{{assertionValue}}""" + "\n" +
@"}";
request.AddStringBody(body, DataFormat.Json);
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "{{authPath}}/{{envID}}/deviceAuthentications/{{deviceAuthID}}"
method := "POST"
payload := strings.NewReader(`{
"origin":"https://app.pingone.eu",
"assertion": "{{assertionValue}}"
}`)
client := &http.Client {
}
req, err := http.NewRequest(method, url, payload)
if err != nil {
fmt.Println(err)
return
}
req.Header.Add("Content-Type", "application/vnd.pingidentity.assertion.check+json")
req.Header.Add("Authorization", "Bearer {{accessToken}}")
res, err := client.Do(req)
if err != nil {
fmt.Println(err)
return
}
defer res.Body.Close()
body, err := io.ReadAll(res.Body)
if err != nil {
fmt.Println(err)
return
}
fmt.Println(string(body))
}POST /{{envID}}/deviceAuthentications/{{deviceAuthID}} HTTP/1.1
Host: {{authPath}}
Content-Type: application/vnd.pingidentity.assertion.check+json
Authorization: Bearer {{accessToken}}
{
"origin":"https://app.pingone.eu",
"assertion": "{{assertionValue}}"
}OkHttpClient client = new OkHttpClient().newBuilder()
.build();
MediaType mediaType = MediaType.parse("application/vnd.pingidentity.assertion.check+json");
RequestBody body = RequestBody.create(mediaType, "{\n \"origin\":\"https://app.pingone.eu\",\n \"assertion\": \"{{assertionValue}}\"\n}");
Request request = new Request.Builder()
.url("{{authPath}}/{{envID}}/deviceAuthentications/{{deviceAuthID}}")
.method("POST", body)
.addHeader("Content-Type", "application/vnd.pingidentity.assertion.check+json")
.addHeader("Authorization", "Bearer {{accessToken}}")
.build();
Response response = client.newCall(request).execute();var settings = {
"url": "{{authPath}}/{{envID}}/deviceAuthentications/{{deviceAuthID}}",
"method": "POST",
"timeout": 0,
"headers": {
"Content-Type": "application/vnd.pingidentity.assertion.check+json",
"Authorization": "Bearer {{accessToken}}"
},
"data": JSON.stringify({
"origin": "https://app.pingone.eu",
"assertion": "{{assertionValue}}"
}),
};
$.ajax(settings).done(function (response) {
console.log(response);
});var request = require('request');
var options = {
'method': 'POST',
'url': '{{authPath}}/{{envID}}/deviceAuthentications/{{deviceAuthID}}',
'headers': {
'Content-Type': 'application/vnd.pingidentity.assertion.check+json',
'Authorization': 'Bearer {{accessToken}}'
},
body: JSON.stringify({
"origin": "https://app.pingone.eu",
"assertion": "{{assertionValue}}"
})
};
request(options, function (error, response) {
if (error) throw new Error(error);
console.log(response.body);
});import requests
import json
url = "{{authPath}}/{{envID}}/deviceAuthentications/{{deviceAuthID}}"
payload = json.dumps({
"origin": "https://app.pingone.eu",
"assertion": "{{assertionValue}}"
})
headers = {
'Content-Type': 'application/vnd.pingidentity.assertion.check+json',
'Authorization': 'Bearer {{accessToken}}'
}
response = requests.request("POST", url, headers=headers, data=payload)
print(response.text)<?php
require_once 'HTTP/Request2.php';
$request = new HTTP_Request2();
$request->setUrl('{{authPath}}/{{envID}}/deviceAuthentications/{{deviceAuthID}}');
$request->setMethod(HTTP_Request2::METHOD_POST);
$request->setConfig(array(
'follow_redirects' => TRUE
));
$request->setHeader(array(
'Content-Type' => 'application/vnd.pingidentity.assertion.check+json',
'Authorization' => 'Bearer {{accessToken}}'
));
$request->setBody('{\n "origin":"https://app.pingone.eu",\n "assertion": "{{assertionValue}}"\n}');
try {
$response = $request->send();
if ($response->getStatus() == 200) {
echo $response->getBody();
}
else {
echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
$response->getReasonPhrase();
}
}
catch(HTTP_Request2_Exception $e) {
echo 'Error: ' . $e->getMessage();
}require "uri"
require "json"
require "net/http"
url = URI("{{authPath}}/{{envID}}/deviceAuthentications/{{deviceAuthID}}")
http = Net::HTTP.new(url.host, url.port);
request = Net::HTTP::Post.new(url)
request["Content-Type"] = "application/vnd.pingidentity.assertion.check+json"
request["Authorization"] = "Bearer {{accessToken}}"
request.body = JSON.dump({
"origin": "https://app.pingone.eu",
"assertion": "{{assertionValue}}"
})
response = http.request(request)
puts response.read_bodylet parameters = "{\n \"origin\":\"https://app.pingone.eu\",\n \"assertion\": \"{{assertionValue}}\"\n}"
let postData = parameters.data(using: .utf8)
var request = URLRequest(url: URL(string: "{{authPath}}/{{envID}}/deviceAuthentications/{{deviceAuthID}}")!,timeoutInterval: Double.infinity)
request.addValue("application/vnd.pingidentity.assertion.check+json", forHTTPHeaderField: "Content-Type")
request.addValue("Bearer {{accessToken}}", forHTTPHeaderField: "Authorization")
request.httpMethod = "POST"
request.httpBody = postData
let task = URLSession.shared.dataTask(with: request) { data, response, error in
guard let data = data else {
print(String(describing: error))
return
}
print(String(data: data, encoding: .utf8)!)
}
task.resume()Example Response
200 OK
{
"_links": {
"self": {
"href": "https://auth.pingone.eu/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/deviceAuthentications/0fa68b44-1e4d-430d-8c79-9e90553e228b"
}
},
"_embedded": {
"devices": [
{
"id": "001f74e8-b024-1df0-001f-74e8b0241df0",
"type": "PINGID_DESKTOP_GEN2",
"status": "ACTIVE",
"usableStatus": {
"status": "ENABLED"
},
"nickname": "PingId Desktop new 2",
"os": {
"version": "15.7.3",
"type": "MAC"
},
"model": {},
"application": {
"id": "941d6390-ec3a-4bf4-858a-949c47ccd36e",
"nativeName": "PingID Desktop",
"version": "1.0.0",
"pushSandbox": false
},
"rp": {
"id": "pingone.eu",
"name": "pingone.eu"
},
"credentialId": "68d0d592-33ea-43da-a113-44996999a593",
"unitId": "4d764d06-6aa5-4c15-ac8c-4df655cbf867"
},
{
"id": "03ed6f11-c4fc-71d8-03ed-6f11c4fc71d8",
"type": "EMAIL",
"status": "ACTIVE",
"usableStatus": {
"status": "ENABLED"
},
"nickname": "Email 1",
"email": "sh****@pingidentity.com"
},
{
"id": "0783541c-a172-8d40-0783-541ca1728d40",
"type": "PINGID_DESKTOP_GEN2",
"status": "ACTIVE",
"usableStatus": {
"status": "ENABLED"
},
"nickname": "Desktop Mac 1",
"os": {
"version": "15.7.3",
"type": "MAC"
},
"model": {},
"application": {
"id": "941d6390-ec3a-4bf4-858a-949c47ccd36e",
"nativeName": "PingID Desktop",
"version": "1.0.0",
"pushSandbox": false
},
"rp": {
"id": "pingone.eu",
"name": "pingone.eu"
},
"credentialId": "eb003515-06bb-4fe0-b1a1-09d98550e55f",
"unitId": "4d764d06-6aa5-4c15-ac8c-4df655cbf867"
}
],
"blockedDevices": []
},
"id": "0fa68b44-1e4d-430d-8c79-9e90553e228b",
"environment": {
"id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
},
"status": "COMPLETED",
"policy": {
"id": "f27e5149-92e2-011a-08da-d93f80db818b"
},
"selectedDevice": {
"id": "0783541c-a172-8d40-0783-541ca1728d40"
},
"user": {
"id": "d4543f69-e508-4cc6-bd16-b61baa4b3caf"
},
"pingIdDesktopCredentialRequestOptions": "{{credentialRequestOptionsValue}}",
"bypassAllowed": false,
"authenticators": [
"desktop",
"mfa",
"user"
],
"createdAt": "2026-02-17T14:44:09.650Z",
"updatedAt": "2026-02-17T14:45:36.473Z",
"userBypassEnabled": false
}