Create Inbound Traffic Policy

POST {{apiPath}}/environments/{{envID}}/inboundTrafficPolicies

The POST /environments/{{envID}}/inboundTrafficPolicies endpoint creates a new inbound traffic policy configuration in the specified environment. The request body includes the set of inbound traffic policy rules that configure access to the PingOne endpoint called by the matching request. You can define up to 10 inbound traffic policy configurations on the environment.

Prerequisites

Refer to Inbound Traffic Policies for for full property descriptions for the verify, client IP, header, and traffic rules.
Refer to Inbound Traffic Policies API Limits for maximum number of allowed policies and rules per environment.

Request Model

Property Type Required?

Property	Type	Required?
`clientIpRule`	Object	Required
`enabled`	Boolean	Required
`environment`	Object	N/A
`environment.id`	String	N/A
`headerRules`	Object[]	Required
`id`	String	N/A
`name`	String	Required
`priority`	Integer	Required
`trafficRule`	Object	Required
`verifyRules`	Object[]	Required

clientIpRule

Object

Required

enabled

Boolean

Required

environment

Object

N/A

environment.id

String

N/A

headerRules

Object[]

Required

id

String

N/A

name

String

Required

priority

Integer

Required

trafficRule

Object

Required

verifyRules

Object[]

Required

Refer to the Inbound traffic policies data model for full property descriptions.

Headers

Authorization Bearer {{accessToken}}

Content-Type application/json

Body

raw ( application/json )

{
  "name":"Shared Secret",
  "trafficRule":{
    "type":"ALLOW"
  },
  "verifyRules":[
    {
      "type":"SECRET",
      "sha256Secrets"[
        "9e33f87fbe1a805...686573cf"
        ]
    }
  ],
  "clientIpRule":{
    "type":"HEADER",
    "name":"secret"
  },
  "headerRules":[],
  "priority":3,
  "enabled":true
}

Example Request

curl --location --globoff '{{apiPath}}/environments/{{envID}}/inboundTrafficPolicies' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer {{accessToken}}' \
--data '{
  "name":"Shared Secret",
  "trafficRule":{
    "type":"ALLOW"
  },
  "verifyRules":[
    {
      "type":"SECRET",
      "sha256Secrets"[
        "9e33f87fbe1a805...686573cf"
        ]
    }
  ],
  "clientIpRule":{
    "type":"HEADER",
    "name":"secret"
  },
  "headerRules":[],
  "priority":3,
  "enabled":true
}'

var options = new RestClientOptions("{{apiPath}}/environments/{{envID}}/inboundTrafficPolicies")
{
  MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("", Method.Post);
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Authorization", "Bearer {{accessToken}}");
var body = @"{" + "\n" +
@"  ""name"":""Shared Secret""," + "\n" +
@"  ""trafficRule"":{" + "\n" +
@"    ""type"":""ALLOW""" + "\n" +
@"  }," + "\n" +
@"  ""verifyRules"":[" + "\n" +
@"    {" + "\n" +
@"      ""type"":""SECRET""," + "\n" +
@"      ""sha256Secrets""[" + "\n" +
@"        ""9e33f87fbe1a805...686573cf""" + "\n" +
@"        ]" + "\n" +
@"    }" + "\n" +
@"  ]," + "\n" +
@"  ""clientIpRule"":{" + "\n" +
@"    ""type"":""HEADER""," + "\n" +
@"    ""name"":""secret""" + "\n" +
@"  }," + "\n" +
@"  ""headerRules"":[]," + "\n" +
@"  ""priority"":3," + "\n" +
@"  ""enabled"":true" + "\n" +
@"}" + "\n" +
@"";
request.AddStringBody(body, DataFormat.Json);
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);

package main

import (
  "fmt"
  "strings"
  "net/http"
  "io"
)

func main() {

  url := "{{apiPath}}/environments/{{envID}}/inboundTrafficPolicies"
  method := "POST"

  payload := strings.NewReader(`{
  "name":"Shared Secret",
  "trafficRule":{
    "type":"ALLOW"
  },
  "verifyRules":[
    {
      "type":"SECRET",
      "sha256Secrets"[
        "9e33f87fbe1a805...686573cf"
        ]
    }
  ],
  "clientIpRule":{
    "type":"HEADER",
    "name":"secret"
  },
  "headerRules":[],
  "priority":3,
  "enabled":true
}`)

  client := &http.Client {
  }
  req, err := http.NewRequest(method, url, payload)

  if err != nil {
    fmt.Println(err)
    return
  }
  req.Header.Add("Content-Type", "application/json")
  req.Header.Add("Authorization", "Bearer {{accessToken}}")

  res, err := client.Do(req)
  if err != nil {
    fmt.Println(err)
    return
  }
  defer res.Body.Close()

  body, err := io.ReadAll(res.Body)
  if err != nil {
    fmt.Println(err)
    return
  }
  fmt.Println(string(body))
}

POST /environments/{{envID}}/inboundTrafficPolicies HTTP/1.1
Host: {{apiPath}}
Content-Type: application/json
Authorization: Bearer {{accessToken}}

{
  "name":"Shared Secret",
  "trafficRule":{
    "type":"ALLOW"
  },
  "verifyRules":[
    {
      "type":"SECRET",
      "sha256Secrets"[
        "9e33f87fbe1a805...686573cf"
        ]
    }
  ],
  "clientIpRule":{
    "type":"HEADER",
    "name":"secret"
  },
  "headerRules":[],
  "priority":3,
  "enabled":true
}

OkHttpClient client = new OkHttpClient().newBuilder()
  .build();
MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, "{\n  \"name\":\"Shared Secret\",\n  \"trafficRule\":{\n    \"type\":\"ALLOW\"\n  },\n  \"verifyRules\":[\n    {\n      \"type\":\"SECRET\",\n      \"sha256Secrets\"[\n        \"9e33f87fbe1a805...686573cf\"\n        ]\n    }\n  ],\n  \"clientIpRule\":{\n    \"type\":\"HEADER\",\n    \"name\":\"secret\"\n  },\n  \"headerRules\":[],\n  \"priority\":3,\n  \"enabled\":true\n}\n");
Request request = new Request.Builder()
  .url("{{apiPath}}/environments/{{envID}}/inboundTrafficPolicies")
  .method("POST", body)
  .addHeader("Content-Type", "application/json")
  .addHeader("Authorization", "Bearer {{accessToken}}")
  .build();
Response response = client.newCall(request).execute();

var settings = {
  "url": "{{apiPath}}/environments/{{envID}}/inboundTrafficPolicies",
  "method": "POST",
  "timeout": 0,
  "headers": {
    "Content-Type": "application/json",
    "Authorization": "Bearer {{accessToken}}"
  },
  "data": "{\n  \"name\":\"Shared Secret\",\n  \"trafficRule\":{\n    \"type\":\"ALLOW\"\n  },\n  \"verifyRules\":[\n    {\n      \"type\":\"SECRET\",\n      \"sha256Secrets\"[\n        \"9e33f87fbe1a805...686573cf\"\n        ]\n    }\n  ],\n  \"clientIpRule\":{\n    \"type\":\"HEADER\",\n    \"name\":\"secret\"\n  },\n  \"headerRules\":[],\n  \"priority\":3,\n  \"enabled\":true\n}",
};

$.ajax(settings).done(function (response) {
  console.log(response);
});

var request = require('request');
var options = {
  'method': 'POST',
  'url': '{{apiPath}}/environments/{{envID}}/inboundTrafficPolicies',
  'headers': {
    'Content-Type': 'application/json',
    'Authorization': 'Bearer {{accessToken}}'
  },
  body: '{\n  "name":"Shared Secret",\n  "trafficRule":{\n    "type":"ALLOW"\n  },\n  "verifyRules":[\n    {\n      "type":"SECRET",\n      "sha256Secrets"[\n        "9e33f87fbe1a805...686573cf"\n        ]\n    }\n  ],\n  "clientIpRule":{\n    "type":"HEADER",\n    "name":"secret"\n  },\n  "headerRules":[],\n  "priority":3,\n  "enabled":true\n}\n'

};
request(options, function (error, response) {
  if (error) throw new Error(error);
  console.log(response.body);
});

import requests
import json

url = "{{apiPath}}/environments/{{envID}}/inboundTrafficPolicies"

payload = "{\n  \"name\":\"Shared Secret\",\n  \"trafficRule\":{\n    \"type\":\"ALLOW\"\n  },\n  \"verifyRules\":[\n    {\n      \"type\":\"SECRET\",\n      \"sha256Secrets\"[\n        \"9e33f87fbe1a805...686573cf\"\n        ]\n    }\n  ],\n  \"clientIpRule\":{\n    \"type\":\"HEADER\",\n    \"name\":\"secret\"\n  },\n  \"headerRules\":[],\n  \"priority\":3,\n  \"enabled\":true\n}"
headers = {
  'Content-Type': 'application/json',
  'Authorization': 'Bearer {{accessToken}}'
}

response = requests.request("POST", url, headers=headers, data=payload)

print(response.text)

<?php
require_once 'HTTP/Request2.php';
$request = new HTTP_Request2();
$request->setUrl('{{apiPath}}/environments/{{envID}}/inboundTrafficPolicies');
$request->setMethod(HTTP_Request2::METHOD_POST);
$request->setConfig(array(
  'follow_redirects' => TRUE
));
$request->setHeader(array(
  'Content-Type' => 'application/json',
  'Authorization' => 'Bearer {{accessToken}}'
));
$request->setBody('{\n  "name":"Shared Secret",\n  "trafficRule":{\n    "type":"ALLOW"\n  },\n  "verifyRules":[\n    {\n      "type":"SECRET",\n      "sha256Secrets"[\n        "9e33f87fbe1a805...686573cf"\n        ]\n    }\n  ],\n  "clientIpRule":{\n    "type":"HEADER",\n    "name":"secret"\n  },\n  "headerRules":[],\n  "priority":3,\n  "enabled":true\n}');
try {
  $response = $request->send();
  if ($response->getStatus() == 200) {
    echo $response->getBody();
  }
  else {
    echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
    $response->getReasonPhrase();
  }
}
catch(HTTP_Request2_Exception $e) {
  echo 'Error: ' . $e->getMessage();
}

require "uri"
require "json"
require "net/http"

url = URI("{{apiPath}}/environments/{{envID}}/inboundTrafficPolicies")

http = Net::HTTP.new(url.host, url.port);
request = Net::HTTP::Post.new(url)
request["Content-Type"] = "application/json"
request["Authorization"] = "Bearer {{accessToken}}"
request.body = "{\n  \"name\":\"Shared Secret\",\n  \"trafficRule\":{\n    \"type\":\"ALLOW\"\n  },\n  \"verifyRules\":[\n    {\n      \"type\":\"SECRET\",\n      \"sha256Secrets\"[\n        \"9e33f87fbe1a805...686573cf\"\n        ]\n    }\n  ],\n  \"clientIpRule\":{\n    \"type\":\"HEADER\",\n    \"name\":\"secret\"\n  },\n  \"headerRules\":[],\n  \"priority\":3,\n  \"enabled\":true\n}"

response = http.request(request)
puts response.read_body

let parameters = "{\n  \"name\":\"Shared Secret\",\n  \"trafficRule\":{\n    \"type\":\"ALLOW\"\n  },\n  \"verifyRules\":[\n    {\n      \"type\":\"SECRET\",\n      \"sha256Secrets\"[\n        \"9e33f87fbe1a805...686573cf\"\n        ]\n    }\n  ],\n  \"clientIpRule\":{\n    \"type\":\"HEADER\",\n    \"name\":\"secret\"\n  },\n  \"headerRules\":[],\n  \"priority\":3,\n  \"enabled\":true\n}"
let postData = parameters.data(using: .utf8)

var request = URLRequest(url: URL(string: "{{apiPath}}/environments/{{envID}}/inboundTrafficPolicies")!,timeoutInterval: Double.infinity)
request.addValue("application/json", forHTTPHeaderField: "Content-Type")
request.addValue("Bearer {{accessToken}}", forHTTPHeaderField: "Authorization")

request.httpMethod = "POST"
request.httpBody = postData

let task = URLSession.shared.dataTask(with: request) { data, response, error in
  guard let data = data else {
    print(String(describing: error))
    return
  }
  print(String(data: data, encoding: .utf8)!)
}

task.resume()

Example Response

201 Created

{
  "id" : "37398c2b-a54d-4b1e-9a01-950c5cdd44cf",
  "environment" : {
    "id" : "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
  },
  "name" : "Shared Secret",
  "enabled" : true,
  "priority" : 3,
  "verifyRules" : [ {
    "type" : "SECRET",
    "sha256Secrets" : [ "9e33f87fbe1a805f2e1f1d85b208bed4aa6b0de23117377310162ffa686573cf" ]
  } ],
  "clientIpRule" : {
    "type" : "HEADER",
    "name" : "secret"
  },
  "trafficRule" : {
    "type" : "ALLOW"
  },
  "createdAt" : "2025-11-18T20:26:59.915Z",
  "updatedAt" : "2025-11-18T20:26:59.915Z",
  "_links" : {
    "self" : {
      "href" : "https://api.test-one-pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/inboundTrafficPolicies/37398c2b-a54d-4b1e-9a01-950c5cdd44cf"
    }
  }
}

PingOne Platform APIs

Create Inbound Traffic Policy

Prerequisites

Headers

Body

Example Request

Example Response