--- title: Create Grant description: The POST {{apiPath}}/v1/environments/{{envID}}/applications/{{appID}}/grants operation creates a new resource access grant for the application specified in the request URL. You must specify the resource property ID to create the resource access grant. You can also identify the scopes from the resource being granted. The scopes property allows a list of scopes to associate with the resource access grant. Worker apps that have the client_credentials grant type do not support OIDC scopes. component: pingone-api page_id: pingone-api:platform:applications/application-resource-grants/create-grant canonical_url: https://developer.pingidentity.com/pingone-api/platform/applications/application-resource-grants/create-grant.html section_ids: prerequisites: Prerequisites headers: Headers body: Body example-request: Example Request example-response: Example Response --- # Create Grant ## ```none POST {{apiPath}}/v1/environments/{{envID}}/applications/{{appID}}/grants ``` The `POST {{apiPath}}/v1/environments/{{envID}}/applications/{{appID}}/grants` operation creates a new resource access grant for the application specified in the request URL. You must specify the `resource` property ID to create the resource access grant. You can also identify the scopes from the resource being granted. The `scopes` property allows a list of scopes to associate with the resource access grant. Worker apps that have the `client_credentials` grant type do not support OIDC scopes. | | | | - | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | An application cannot have multiple grants that refer to the same resource, even if the scopes differ. Additionally, an application cannot have multiple grants that refer to scopes having the same name. | ### Prerequisites * Refer to [Application Resource Grants](../application-resource-grants.html) for important overview information. * Create an application to get an `appID`. Refer to [Application Operations](../applications-1.html). * Create a resource to get a `resourceID`. Refer to [Create Resource](../../resources/resources-1/create-resource.html). * Create an application attribute mapping to get an OIDC `scopeID`. Refer to [Create Application Attribute Mapping](../application-attribute-mapping/create-application-attribute-mapping.html). > **Collapse: Request Model** > > Refer to the [Application Resource Grants](../application-resource-grants.html) for complete descriptions. > > | Property | Type | Required? | > | ------------- | --------- | --------- | > | `resource.id` | String | N/A | > | `scopes.id` | String\[] | Required | ### Headers Authorization      Bearer {{accessToken}} Content-Type      application/json ### Body raw ( application/json ) ```json { "resource": { "id": "{{resourceID}}" }, "scopes": [ { "id": "{{scopeID}}" } ] } ``` ## ### Example Request * cURL * C# * Go * HTTP * Java * jQuery * NodeJS * Python * PHP * Ruby * Swift ```shell curl --location --globoff '{{apiPath}}/v1/environments/{{envID}}/applications/{{appID}}/grants' \ --header 'Content-Type: application/json' \ --header 'Authorization: Bearer {{accessToken}}' \ --data '{ "resource": { "id": "{{resourceID}}" }, "scopes": [ { "id": "{{scopeID}}" } ] }' ``` ```csharp var options = new RestClientOptions("{{apiPath}}/v1/environments/{{envID}}/applications/{{appID}}/grants") { MaxTimeout = -1, }; var client = new RestClient(options); var request = new RestRequest("", Method.Post); request.AddHeader("Content-Type", "application/json"); request.AddHeader("Authorization", "Bearer {{accessToken}}"); var body = @"{" + "\n" + @" ""resource"": {" + "\n" + @" ""id"": ""{{resourceID}}""" + "\n" + @" }," + "\n" + @" ""scopes"": [" + "\n" + @" {" + "\n" + @" ""id"": ""{{scopeID}}""" + "\n" + @" }" + "\n" + @" ]" + "\n" + @"}"; request.AddStringBody(body, DataFormat.Json); RestResponse response = await client.ExecuteAsync(request); Console.WriteLine(response.Content); ``` ```golang package main import ( "fmt" "strings" "net/http" "io" ) func main() { url := "{{apiPath}}/v1/environments/{{envID}}/applications/{{appID}}/grants" method := "POST" payload := strings.NewReader(`{ "resource": { "id": "{{resourceID}}" }, "scopes": [ { "id": "{{scopeID}}" } ] }`) client := &http.Client { } req, err := http.NewRequest(method, url, payload) if err != nil { fmt.Println(err) return } req.Header.Add("Content-Type", "application/json") req.Header.Add("Authorization", "Bearer {{accessToken}}") res, err := client.Do(req) if err != nil { fmt.Println(err) return } defer res.Body.Close() body, err := io.ReadAll(res.Body) if err != nil { fmt.Println(err) return } fmt.Println(string(body)) } ``` ```http POST /v1/environments/{{envID}}/applications/{{appID}}/grants HTTP/1.1 Host: {{apiPath}} Content-Type: application/json Authorization: Bearer {{accessToken}} { "resource": { "id": "{{resourceID}}" }, "scopes": [ { "id": "{{scopeID}}" } ] } ``` ```java OkHttpClient client = new OkHttpClient().newBuilder() .build(); MediaType mediaType = MediaType.parse("application/json"); RequestBody body = RequestBody.create(mediaType, "{\n \"resource\": {\n \"id\": \"{{resourceID}}\"\n },\n \"scopes\": [\n {\n \"id\": \"{{scopeID}}\"\n }\n ]\n}"); Request request = new Request.Builder() .url("{{apiPath}}/v1/environments/{{envID}}/applications/{{appID}}/grants") .method("POST", body) .addHeader("Content-Type", "application/json") .addHeader("Authorization", "Bearer {{accessToken}}") .build(); Response response = client.newCall(request).execute(); ``` ```javascript var settings = { "url": "{{apiPath}}/v1/environments/{{envID}}/applications/{{appID}}/grants", "method": "POST", "timeout": 0, "headers": { "Content-Type": "application/json", "Authorization": "Bearer {{accessToken}}" }, "data": JSON.stringify({ "resource": { "id": "{{resourceID}}" }, "scopes": [ { "id": "{{scopeID}}" } ] }), }; $.ajax(settings).done(function (response) { console.log(response); }); ``` ```javascript var request = require('request'); var options = { 'method': 'POST', 'url': '{{apiPath}}/v1/environments/{{envID}}/applications/{{appID}}/grants', 'headers': { 'Content-Type': 'application/json', 'Authorization': 'Bearer {{accessToken}}' }, body: JSON.stringify({ "resource": { "id": "{{resourceID}}" }, "scopes": [ { "id": "{{scopeID}}" } ] }) }; request(options, function (error, response) { if (error) throw new Error(error); console.log(response.body); }); ``` ```python import requests import json url = "{{apiPath}}/v1/environments/{{envID}}/applications/{{appID}}/grants" payload = json.dumps({ "resource": { "id": "{{resourceID}}" }, "scopes": [ { "id": "{{scopeID}}" } ] }) headers = { 'Content-Type': 'application/json', 'Authorization': 'Bearer {{accessToken}}' } response = requests.request("POST", url, headers=headers, data=payload) print(response.text) ``` ```php setUrl('{{apiPath}}/v1/environments/{{envID}}/applications/{{appID}}/grants'); $request->setMethod(HTTP_Request2::METHOD_POST); $request->setConfig(array( 'follow_redirects' => TRUE )); $request->setHeader(array( 'Content-Type' => 'application/json', 'Authorization' => 'Bearer {{accessToken}}' )); $request->setBody('{\n "resource": {\n "id": "{{resourceID}}"\n },\n "scopes": [\n {\n "id": "{{scopeID}}"\n }\n ]\n}'); try { $response = $request->send(); if ($response->getStatus() == 200) { echo $response->getBody(); } else { echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' . $response->getReasonPhrase(); } } catch(HTTP_Request2_Exception $e) { echo 'Error: ' . $e->getMessage(); } ``` ```ruby require "uri" require "json" require "net/http" url = URI("{{apiPath}}/v1/environments/{{envID}}/applications/{{appID}}/grants") http = Net::HTTP.new(url.host, url.port); request = Net::HTTP::Post.new(url) request["Content-Type"] = "application/json" request["Authorization"] = "Bearer {{accessToken}}" request.body = JSON.dump({ "resource": { "id": "{{resourceID}}" }, "scopes": [ { "id": "{{scopeID}}" } ] }) response = http.request(request) puts response.read_body ``` ```swift let parameters = "{\n \"resource\": {\n \"id\": \"{{resourceID}}\"\n },\n \"scopes\": [\n {\n \"id\": \"{{scopeID}}\"\n }\n ]\n}" let postData = parameters.data(using: .utf8) var request = URLRequest(url: URL(string: "{{apiPath}}/v1/environments/{{envID}}/applications/{{appID}}/grants")!,timeoutInterval: Double.infinity) request.addValue("application/json", forHTTPHeaderField: "Content-Type") request.addValue("Bearer {{accessToken}}", forHTTPHeaderField: "Authorization") request.httpMethod = "POST" request.httpBody = postData let task = URLSession.shared.dataTask(with: request) { data, response, error in guard let data = data else { print(String(describing: error)) return } print(String(data: data, encoding: .utf8)!) } task.resume() ``` ### Example Response 201 Created ```json { "_links": { "self": { "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/cad1c86d-a6c8-4e61-b15f-8ff452698fa8/grants/c95c0f55-524c-4b7e-bbab-07ba2c47aa93" }, "environment": { "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6" }, "application": { "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/cad1c86d-a6c8-4e61-b15f-8ff452698fa8" }, "resource": { "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/resources/b6f08ba7-a50b-44f0-922f-91c03f0390f8" } }, "id": "c95c0f55-524c-4b7e-bbab-07ba2c47aa93", "environment": { "id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6" }, "resource": { "id": "b6f08ba7-a50b-44f0-922f-91c03f0390f8" }, "application": { "id": "cad1c86d-a6c8-4e61-b15f-8ff452698fa8" }, "scopes": [ { "id": "a24ec929-f241-4f21-85ea-0d710910239c" } ], "createdAt": "2020-02-19T20:21:31.756Z", "updatedAt": "2020-02-19T20:21:31.756Z" } ```