--- title: Initiate Device Authentication (PingID Desktop) component: pingone-api page_id: pingone-api:mfa:mfa-authentication/mfa-device-authentications/initiate-device-authentication-desktop canonical_url: https://developer.pingidentity.com/pingone-api/mfa/mfa-authentication/mfa-device-authentications/initiate-device-authentication-desktop.html section_ids: headers: Headers body: Body example-request: Example Request example-response: Example Response --- # Initiate Device Authentication (PingID Desktop) ##   ```none POST {{authPath}}/{{envID}}/deviceAuthentications ``` Authentication with a PingID Desktop device involves a sequence of requests and responses, including interaction with the Desktop API. This example shows the first step in this process, sending a POST request to the `deviceAuthentications` endpoint: `POST {{authPath}}/{{envID}}/deviceAuthentications` The only parameter provided is the user's ID. > **Collapse: Request Model** > > | Property | Type | Required? | > | --------- | ------ | --------- | > | `user.id` | String | Required | > > Refer to the [Device authentications data model](../mfa-device-authentications.html#device-authentications-data-model) for full property descriptions. The response from the PingOne server contains a field called `pingIdDesktopCredentialRequestOptions`, which consists of a signed JWT. After the JWT is received, you must send it to the Desktop API Authenticate endpoint `http://localhost:9410/authenticate`. The body of that request should just be the JWT that you received, sent as plain text. The request must also include the header Content-Type set to `application/jwt` and the header Origin set to the Relying Party ID you specified in the relevant MFA policy, for example, `https://app.pingone.eu` The response from the desktop agent will contain an assertion JWT, which must be used in the final step of authenticating with a PingID Desktop device, [checking the assertion](check-assertion-desktop.html). ### Headers Authorization      Bearer {{accessToken}} Content-Type      application/json ### Body raw ( application/json ) ```json { "user": { "id": "{{userID}}" } } ``` ## ### Example Request * cURL * C# * Go * HTTP * Java * jQuery * NodeJS * Python * PHP * Ruby * Swift ```shell curl --location --globoff '{{authPath}}/{{envID}}/deviceAuthentications' \ --header 'Content-Type: application/json' \ --header 'Authorization: Bearer {{accessToken}}' \ --data '{ "user": { "id": "{{userID}}" } }' ``` ```csharp var options = new RestClientOptions("{{authPath}}/{{envID}}/deviceAuthentications") { MaxTimeout = -1, }; var client = new RestClient(options); var request = new RestRequest("", Method.Post); request.AddHeader("Content-Type", "application/json"); request.AddHeader("Authorization", "Bearer {{accessToken}}"); var body = @"{" + "\n" + @" ""user"": {" + "\n" + @" ""id"": ""{{userID}}""" + "\n" + @" }" + "\n" + @"}"; request.AddStringBody(body, DataFormat.Json); RestResponse response = await client.ExecuteAsync(request); Console.WriteLine(response.Content); ``` ```golang package main import ( "fmt" "strings" "net/http" "io" ) func main() { url := "{{authPath}}/{{envID}}/deviceAuthentications" method := "POST" payload := strings.NewReader(`{ "user": { "id": "{{userID}}" } }`) client := &http.Client { } req, err := http.NewRequest(method, url, payload) if err != nil { fmt.Println(err) return } req.Header.Add("Content-Type", "application/json") req.Header.Add("Authorization", "Bearer {{accessToken}}") res, err := client.Do(req) if err != nil { fmt.Println(err) return } defer res.Body.Close() body, err := io.ReadAll(res.Body) if err != nil { fmt.Println(err) return } fmt.Println(string(body)) } ``` ```http POST /{{envID}}/deviceAuthentications HTTP/1.1 Host: {{authPath}} Content-Type: application/json Authorization: Bearer {{accessToken}} { "user": { "id": "{{userID}}" } } ``` ```java OkHttpClient client = new OkHttpClient().newBuilder() .build(); MediaType mediaType = MediaType.parse("application/json"); RequestBody body = RequestBody.create(mediaType, "{\n \"user\": {\n \"id\": \"{{userID}}\"\n }\n}"); Request request = new Request.Builder() .url("{{authPath}}/{{envID}}/deviceAuthentications") .method("POST", body) .addHeader("Content-Type", "application/json") .addHeader("Authorization", "Bearer {{accessToken}}") .build(); Response response = client.newCall(request).execute(); ``` ```javascript var settings = { "url": "{{authPath}}/{{envID}}/deviceAuthentications", "method": "POST", "timeout": 0, "headers": { "Content-Type": "application/json", "Authorization": "Bearer {{accessToken}}" }, "data": JSON.stringify({ "user": { "id": "{{userID}}" } }), }; $.ajax(settings).done(function (response) { console.log(response); }); ``` ```javascript var request = require('request'); var options = { 'method': 'POST', 'url': '{{authPath}}/{{envID}}/deviceAuthentications', 'headers': { 'Content-Type': 'application/json', 'Authorization': 'Bearer {{accessToken}}' }, body: JSON.stringify({ "user": { "id": "{{userID}}" } }) }; request(options, function (error, response) { if (error) throw new Error(error); console.log(response.body); }); ``` ```python import requests import json url = "{{authPath}}/{{envID}}/deviceAuthentications" payload = json.dumps({ "user": { "id": "{{userID}}" } }) headers = { 'Content-Type': 'application/json', 'Authorization': 'Bearer {{accessToken}}' } response = requests.request("POST", url, headers=headers, data=payload) print(response.text) ``` ```php setUrl('{{authPath}}/{{envID}}/deviceAuthentications'); $request->setMethod(HTTP_Request2::METHOD_POST); $request->setConfig(array( 'follow_redirects' => TRUE )); $request->setHeader(array( 'Content-Type' => 'application/json', 'Authorization' => 'Bearer {{accessToken}}' )); $request->setBody('{\n "user": {\n "id": "{{userID}}"\n }\n}'); try { $response = $request->send(); if ($response->getStatus() == 200) { echo $response->getBody(); } else { echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' . $response->getReasonPhrase(); } } catch(HTTP_Request2_Exception $e) { echo 'Error: ' . $e->getMessage(); } ``` ```ruby require "uri" require "json" require "net/http" url = URI("{{authPath}}/{{envID}}/deviceAuthentications") http = Net::HTTP.new(url.host, url.port); request = Net::HTTP::Post.new(url) request["Content-Type"] = "application/json" request["Authorization"] = "Bearer {{accessToken}}" request.body = JSON.dump({ "user": { "id": "{{userID}}" } }) response = http.request(request) puts response.read_body ``` ```swift let parameters = "{\n \"user\": {\n \"id\": \"{{userID}}\"\n }\n}" let postData = parameters.data(using: .utf8) var request = URLRequest(url: URL(string: "{{authPath}}/{{envID}}/deviceAuthentications")!,timeoutInterval: Double.infinity) request.addValue("application/json", forHTTPHeaderField: "Content-Type") request.addValue("Bearer {{accessToken}}", forHTTPHeaderField: "Authorization") request.httpMethod = "POST" request.httpBody = postData let task = URLSession.shared.dataTask(with: request) { data, response, error in guard let data = data else { print(String(describing: error)) return } print(String(data: data, encoding: .utf8)!) } task.resume() ``` ### Example Response 201 Created ```json { "_links": { "self": { "href": "https://auth.pingone.eu/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/deviceAuthentications/0f1f29a9-a16d-4d7c-a653-d85a66d53440" }, "device.select": { "href": "https://auth.pingone.eu/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/deviceAuthentications/0f1f29a9-a16d-4d7c-a653-d85a66d53440" }, "assertion.check": { "href": "https://auth.pingone.eu/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/deviceAuthentications/0f1f29a9-a16d-4d7c-a653-d85a66d53440" } }, "_embedded": { "devices": [ { "id": "001f74e8-b024-1df0-001f-74e8b0241df0", "type": "PINGID_DESKTOP_GEN2", "status": "ACTIVE", "usableStatus": { "status": "ENABLED" }, "nickname": "PingId Desktop new 2", "os": { "version": "15.7.3", "type": "MAC" }, "model": {}, "application": { "id": "941d6390-ec3a-4bf4-858a-949c47ccd36e", "nativeName": "PingID Desktop", "version": "1.0.0", "pushSandbox": false }, "rp": { "id": "pingone.eu", "name": "pingone.eu" }, "credentialId": "68d0d592-33ea-43da-a113-44996999a593", "unitId": "4d764d06-6aa5-4c15-ac8c-4df655cbf867" }, { "id": "03ed6f11-c4fc-71d8-03ed-6f11c4fc71d8", "type": "EMAIL", "status": "ACTIVE", "usableStatus": { "status": "ENABLED" }, "nickname": "Email 1", "email": "sh****@pingidentity.com" }, { "id": "0783541c-a172-8d40-0783-541ca1728d40", "type": "PINGID_DESKTOP_GEN2", "status": "ACTIVE", "usableStatus": { "status": "ENABLED" }, "nickname": "Desktop Mac 1", "os": { "version": "15.7.3", "type": "MAC" }, "model": {}, "application": { "id": "941d6390-ec3a-4bf4-858a-949c47ccd36e", "nativeName": "PingID Desktop", "version": "1.0.0", "pushSandbox": false }, "rp": { "id": "pingone.eu", "name": "pingone.eu" }, "credentialId": "eb003515-06bb-4fe0-b1a1-09d98550e55f", "unitId": "4d764d06-6aa5-4c15-ac8c-4df655cbf867" } ], "blockedDevices": [] }, "id": "0f1f29a9-a16d-4d7c-a653-d85a66d53440", "environment": { "id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6" }, "status": "ASSERTION_REQUIRED", "policy": { "id": "f27e5149-92e2-011a-08da-d93f80db818b" }, "selectedDevice": { "id": "001f74e8-b024-1df0-001f-74e8b0241df0" }, "user": { "id": "d4543f69-e508-4cc6-bd16-b61baa4b3caf" }, "pingIdDesktopCredentialRequestOptions": "{{credentialRequestOptionsValue}}", "bypassAllowed": false, "createdAt": "2026-02-17T13:40:50.774Z", "updatedAt": "2026-02-17T13:40:51.186Z", "userBypassEnabled": false } ```