Create Grant
POST {{apiPath}}/environments/{{envID}}/applications/{{appID}}/grantsThe POST {{apiPath}}/environments/{{envID}}/applications/{{appID}}/grants operation creates a new resource access grant for the application specified in the request URL. You must specify the resource property ID to create the resource access grant. You can also identify the scopes from the resource being granted. The scopes property allows a list of scopes to associate with the resource access grant. Worker apps that have the client_credentials grant type do not support OIDC scopes.
|
An application cannot have multiple grants that refer to the same resource, even if the scopes differ. Additionally, an application cannot have multiple grants that refer to scopes having the same name. |
Prerequisites
-
Refer to Application Resource Grants for important overview information.
-
Create an application to get an
appID. Refer to Application Operations. -
Create a resource to get a
resourceID. Refer to Create Resource. -
Create an application attribute mapping to get an OIDC
scopeID. Refer to Create Application Attribute Mapping.
Request Model
Refer to the Application Resource Grants for complete descriptions.
| Property | Type | Required? |
|---|---|---|
|
String |
N/A |
|
String[] |
Required |
Example Request
-
cURL
-
C#
-
Go
-
HTTP
-
Java
-
jQuery
-
NodeJS
-
Python
-
PHP
-
Ruby
-
Swift
curl --location --globoff '{{apiPath}}/environments/{{envID}}/applications/{{appID}}/grants' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer {{accessToken}}' \
--data '{
"resource": {
"id": "{{resourceID}}"
},
"scopes": [
{
"id": "{{scopeID}}"
}
]
}'var options = new RestClientOptions("{{apiPath}}/environments/{{envID}}/applications/{{appID}}/grants")
{
MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("", Method.Post);
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Authorization", "Bearer {{accessToken}}");
var body = @"{" + "\n" +
@" ""resource"": {" + "\n" +
@" ""id"": ""{{resourceID}}""" + "\n" +
@" }," + "\n" +
@" ""scopes"": [" + "\n" +
@" {" + "\n" +
@" ""id"": ""{{scopeID}}""" + "\n" +
@" }" + "\n" +
@" ]" + "\n" +
@"}";
request.AddStringBody(body, DataFormat.Json);
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "{{apiPath}}/environments/{{envID}}/applications/{{appID}}/grants"
method := "POST"
payload := strings.NewReader(`{
"resource": {
"id": "{{resourceID}}"
},
"scopes": [
{
"id": "{{scopeID}}"
}
]
}`)
client := &http.Client {
}
req, err := http.NewRequest(method, url, payload)
if err != nil {
fmt.Println(err)
return
}
req.Header.Add("Content-Type", "application/json")
req.Header.Add("Authorization", "Bearer {{accessToken}}")
res, err := client.Do(req)
if err != nil {
fmt.Println(err)
return
}
defer res.Body.Close()
body, err := io.ReadAll(res.Body)
if err != nil {
fmt.Println(err)
return
}
fmt.Println(string(body))
}POST /environments/{{envID}}/applications/{{appID}}/grants HTTP/1.1
Host: {{apiPath}}
Content-Type: application/json
Authorization: Bearer {{accessToken}}
{
"resource": {
"id": "{{resourceID}}"
},
"scopes": [
{
"id": "{{scopeID}}"
}
]
}OkHttpClient client = new OkHttpClient().newBuilder()
.build();
MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, "{\n \"resource\": {\n \"id\": \"{{resourceID}}\"\n },\n \"scopes\": [\n {\n \"id\": \"{{scopeID}}\"\n }\n ]\n}");
Request request = new Request.Builder()
.url("{{apiPath}}/environments/{{envID}}/applications/{{appID}}/grants")
.method("POST", body)
.addHeader("Content-Type", "application/json")
.addHeader("Authorization", "Bearer {{accessToken}}")
.build();
Response response = client.newCall(request).execute();var settings = {
"url": "{{apiPath}}/environments/{{envID}}/applications/{{appID}}/grants",
"method": "POST",
"timeout": 0,
"headers": {
"Content-Type": "application/json",
"Authorization": "Bearer {{accessToken}}"
},
"data": JSON.stringify({
"resource": {
"id": "{{resourceID}}"
},
"scopes": [
{
"id": "{{scopeID}}"
}
]
}),
};
$.ajax(settings).done(function (response) {
console.log(response);
});var request = require('request');
var options = {
'method': 'POST',
'url': '{{apiPath}}/environments/{{envID}}/applications/{{appID}}/grants',
'headers': {
'Content-Type': 'application/json',
'Authorization': 'Bearer {{accessToken}}'
},
body: JSON.stringify({
"resource": {
"id": "{{resourceID}}"
},
"scopes": [
{
"id": "{{scopeID}}"
}
]
})
};
request(options, function (error, response) {
if (error) throw new Error(error);
console.log(response.body);
});import requests
import json
url = "{{apiPath}}/environments/{{envID}}/applications/{{appID}}/grants"
payload = json.dumps({
"resource": {
"id": "{{resourceID}}"
},
"scopes": [
{
"id": "{{scopeID}}"
}
]
})
headers = {
'Content-Type': 'application/json',
'Authorization': 'Bearer {{accessToken}}'
}
response = requests.request("POST", url, headers=headers, data=payload)
print(response.text)<?php
require_once 'HTTP/Request2.php';
$request = new HTTP_Request2();
$request->setUrl('{{apiPath}}/environments/{{envID}}/applications/{{appID}}/grants');
$request->setMethod(HTTP_Request2::METHOD_POST);
$request->setConfig(array(
'follow_redirects' => TRUE
));
$request->setHeader(array(
'Content-Type' => 'application/json',
'Authorization' => 'Bearer {{accessToken}}'
));
$request->setBody('{\n "resource": {\n "id": "{{resourceID}}"\n },\n "scopes": [\n {\n "id": "{{scopeID}}"\n }\n ]\n}');
try {
$response = $request->send();
if ($response->getStatus() == 200) {
echo $response->getBody();
}
else {
echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
$response->getReasonPhrase();
}
}
catch(HTTP_Request2_Exception $e) {
echo 'Error: ' . $e->getMessage();
}require "uri"
require "json"
require "net/http"
url = URI("{{apiPath}}/environments/{{envID}}/applications/{{appID}}/grants")
http = Net::HTTP.new(url.host, url.port);
request = Net::HTTP::Post.new(url)
request["Content-Type"] = "application/json"
request["Authorization"] = "Bearer {{accessToken}}"
request.body = JSON.dump({
"resource": {
"id": "{{resourceID}}"
},
"scopes": [
{
"id": "{{scopeID}}"
}
]
})
response = http.request(request)
puts response.read_bodylet parameters = "{\n \"resource\": {\n \"id\": \"{{resourceID}}\"\n },\n \"scopes\": [\n {\n \"id\": \"{{scopeID}}\"\n }\n ]\n}"
let postData = parameters.data(using: .utf8)
var request = URLRequest(url: URL(string: "{{apiPath}}/environments/{{envID}}/applications/{{appID}}/grants")!,timeoutInterval: Double.infinity)
request.addValue("application/json", forHTTPHeaderField: "Content-Type")
request.addValue("Bearer {{accessToken}}", forHTTPHeaderField: "Authorization")
request.httpMethod = "POST"
request.httpBody = postData
let task = URLSession.shared.dataTask(with: request) { data, response, error in
guard let data = data else {
print(String(describing: error))
return
}
print(String(data: data, encoding: .utf8)!)
}
task.resume()Example Response
201 Created
{
"_links": {
"self": {
"href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/cad1c86d-a6c8-4e61-b15f-8ff452698fa8/grants/c95c0f55-524c-4b7e-bbab-07ba2c47aa93"
},
"environment": {
"href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
},
"application": {
"href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/cad1c86d-a6c8-4e61-b15f-8ff452698fa8"
},
"resource": {
"href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/resources/b6f08ba7-a50b-44f0-922f-91c03f0390f8"
}
},
"id": "c95c0f55-524c-4b7e-bbab-07ba2c47aa93",
"environment": {
"id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
},
"resource": {
"id": "b6f08ba7-a50b-44f0-922f-91c03f0390f8"
},
"application": {
"id": "cad1c86d-a6c8-4e61-b15f-8ff452698fa8"
},
"scopes": [
{
"id": "a24ec929-f241-4f21-85ea-0d710910239c"
}
],
"createdAt": "2020-02-19T20:21:31.756Z",
"updatedAt": "2020-02-19T20:21:31.756Z"
}