PingOne Platform APIs

Create Password Policy

 

POST {{apiPath}}/environments/{{envID}}/passwordPolicies

You can create a password policy for the specified environment. The POST {{apiPath}}/environments/{{envID}}/passwordPolicies operation creates a password policy. The request body specifies values for the properties associated with the password policy.

Prerequisites

Request Model

Refer to the Password policies data model for full property descriptions.

Property Type Required?

default

Boolean

Required

description

String

Optional

excludesCommonlyUsed

Boolean

Required

excludesProfileData

Boolean

Required

history.count

Integer

Optional

history.retentionDays

Integer

Optional

length.max

Integer

Optional

length.min

Integer

Optional

lockout.durationSeconds

Integer

Optional

lockout.failureCount

Integer

Optional

maxAgeDays

Integer

Optional

maxRepeatedCharacters

Integer

Optional

minAgeDays

Integer

Optional

minCharacters

String[]

Optional

minComplexity

Integer

Optional

minUniqueCharacters

Integer

Optional

name

String

Required

notSimilarToCurrent

Boolean

Required

The following password requirements property values cannot be modified at this time, but they can be excluded from the request to turn the requirement off.

Password requirement Fixed value Can be excluded

length.max

255

Yes

length.min

8

Yes

maxRepeatedCharacters

2

Yes

minCharacters.abcdefghijklmnopqrstuvwxyz

1

Yes

minCharacters.ABCDEFGHIJKLMNOPQRSTUVWXYZ

1

Yes

minCharacters.0123456789

1

Yes

minCharacters.~!@#$%^&*()-_=+[]{}\|;:,.<>/?

1

Yes

minComplexity

7

Yes

minUniqueCharacters

5

Yes

The following password requirements property values can be modified, and they can be excluded from the request to turn the requirement off.

Password requirement Default value Can be excluded

maxAgeDays

182

Yes

minAgeDays

1

Yes

The minimum value for maxAgeDays is minAgeDays + 21 (the expiration warning interval).

The following password policy rules can be changed to any positive integer, and these properties can be excluded from the request to turn the requirement off. If history is included, both values, count and retentionDays, must be defined. Likewise, if lockout is included, both values, failureCount and durationSeconds, must be defined.

Password policy rule Default value Can be excluded

history.count

6

Yes

history.retentionDays

365

Yes

lockout.durationSeconds

900

Yes

lockout.failureCount

5

Yes

Password attributes with boolean values such as default, excludesProfileData, notSimilarToCurrent, and excludesCommonlyUsed are required. The rule can be turned on or off by changing the value.

Headers

Authorization      Bearer {{accessToken}}

Content-Type      application/json

Body

raw ( application/json )

{
    "name": "PassphraseCustom1",
    "description": "A policy that encourages the use of passphrases",
    "excludesProfileData": true,
    "notSimilarToCurrent": true,
    "excludesCommonlyUsed": true,
    "minComplexity": 7,
    "maxAgeDays": 182,
    "minAgeDays": 1,
    "history": {
        "count": 8,
        "retentionDays": 365
    },
    "lockout": {
        "failureCount": 3,
        "durationSeconds": 900
    },
    "default": false
}

Example Request

  • cURL

  • C#

  • Go

  • HTTP

  • Java

  • jQuery

  • NodeJS

  • Python

  • PHP

  • Ruby

  • Swift

curl --location --globoff '{{apiPath}}/environments/{{envID}}/passwordPolicies' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer {{accessToken}}' \
--data '{
    "name": "PassphraseCustom1",
    "description": "A policy that encourages the use of passphrases",
    "excludesProfileData": true,
    "notSimilarToCurrent": true,
    "excludesCommonlyUsed": true,
    "minComplexity": 7,
    "maxAgeDays": 182,
    "minAgeDays": 1,
    "history": {
        "count": 8,
        "retentionDays": 365
    },
    "lockout": {
        "failureCount": 3,
        "durationSeconds": 900
    },
    "default": false
}'
var options = new RestClientOptions("{{apiPath}}/environments/{{envID}}/passwordPolicies")
{
  MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("", Method.Post);
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Authorization", "Bearer {{accessToken}}");
var body = @"{" + "\n" +
@"    ""name"": ""PassphraseCustom1""," + "\n" +
@"    ""description"": ""A policy that encourages the use of passphrases""," + "\n" +
@"    ""excludesProfileData"": true," + "\n" +
@"    ""notSimilarToCurrent"": true," + "\n" +
@"    ""excludesCommonlyUsed"": true," + "\n" +
@"    ""minComplexity"": 7," + "\n" +
@"    ""maxAgeDays"": 182," + "\n" +
@"    ""minAgeDays"": 1," + "\n" +
@"    ""history"": {" + "\n" +
@"        ""count"": 8," + "\n" +
@"        ""retentionDays"": 365" + "\n" +
@"    }," + "\n" +
@"    ""lockout"": {" + "\n" +
@"        ""failureCount"": 3," + "\n" +
@"        ""durationSeconds"": 900" + "\n" +
@"    }," + "\n" +
@"    ""default"": false" + "\n" +
@"}";
request.AddStringBody(body, DataFormat.Json);
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);
package main

import (
  "fmt"
  "strings"
  "net/http"
  "io"
)

func main() {

  url := "{{apiPath}}/environments/{{envID}}/passwordPolicies"
  method := "POST"

  payload := strings.NewReader(`{
    "name": "PassphraseCustom1",
    "description": "A policy that encourages the use of passphrases",
    "excludesProfileData": true,
    "notSimilarToCurrent": true,
    "excludesCommonlyUsed": true,
    "minComplexity": 7,
    "maxAgeDays": 182,
    "minAgeDays": 1,
    "history": {
        "count": 8,
        "retentionDays": 365
    },
    "lockout": {
        "failureCount": 3,
        "durationSeconds": 900
    },
    "default": false
}`)

  client := &http.Client {
  }
  req, err := http.NewRequest(method, url, payload)

  if err != nil {
    fmt.Println(err)
    return
  }
  req.Header.Add("Content-Type", "application/json")
  req.Header.Add("Authorization", "Bearer {{accessToken}}")

  res, err := client.Do(req)
  if err != nil {
    fmt.Println(err)
    return
  }
  defer res.Body.Close()

  body, err := io.ReadAll(res.Body)
  if err != nil {
    fmt.Println(err)
    return
  }
  fmt.Println(string(body))
}
POST /environments/{{envID}}/passwordPolicies HTTP/1.1
Host: {{apiPath}}
Content-Type: application/json
Authorization: Bearer {{accessToken}}

{
    "name": "PassphraseCustom1",
    "description": "A policy that encourages the use of passphrases",
    "excludesProfileData": true,
    "notSimilarToCurrent": true,
    "excludesCommonlyUsed": true,
    "minComplexity": 7,
    "maxAgeDays": 182,
    "minAgeDays": 1,
    "history": {
        "count": 8,
        "retentionDays": 365
    },
    "lockout": {
        "failureCount": 3,
        "durationSeconds": 900
    },
    "default": false
}
OkHttpClient client = new OkHttpClient().newBuilder()
  .build();
MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, "{\n    \"name\": \"PassphraseCustom1\",\n    \"description\": \"A policy that encourages the use of passphrases\",\n    \"excludesProfileData\": true,\n    \"notSimilarToCurrent\": true,\n    \"excludesCommonlyUsed\": true,\n    \"minComplexity\": 7,\n    \"maxAgeDays\": 182,\n    \"minAgeDays\": 1,\n    \"history\": {\n        \"count\": 8,\n        \"retentionDays\": 365\n    },\n    \"lockout\": {\n        \"failureCount\": 3,\n        \"durationSeconds\": 900\n    },\n    \"default\": false\n}");
Request request = new Request.Builder()
  .url("{{apiPath}}/environments/{{envID}}/passwordPolicies")
  .method("POST", body)
  .addHeader("Content-Type", "application/json")
  .addHeader("Authorization", "Bearer {{accessToken}}")
  .build();
Response response = client.newCall(request).execute();
var settings = {
  "url": "{{apiPath}}/environments/{{envID}}/passwordPolicies",
  "method": "POST",
  "timeout": 0,
  "headers": {
    "Content-Type": "application/json",
    "Authorization": "Bearer {{accessToken}}"
  },
  "data": JSON.stringify({
    "name": "PassphraseCustom1",
    "description": "A policy that encourages the use of passphrases",
    "excludesProfileData": true,
    "notSimilarToCurrent": true,
    "excludesCommonlyUsed": true,
    "minComplexity": 7,
    "maxAgeDays": 182,
    "minAgeDays": 1,
    "history": {
      "count": 8,
      "retentionDays": 365
    },
    "lockout": {
      "failureCount": 3,
      "durationSeconds": 900
    },
    "default": false
  }),
};

$.ajax(settings).done(function (response) {
  console.log(response);
});
var request = require('request');
var options = {
  'method': 'POST',
  'url': '{{apiPath}}/environments/{{envID}}/passwordPolicies',
  'headers': {
    'Content-Type': 'application/json',
    'Authorization': 'Bearer {{accessToken}}'
  },
  body: JSON.stringify({
    "name": "PassphraseCustom1",
    "description": "A policy that encourages the use of passphrases",
    "excludesProfileData": true,
    "notSimilarToCurrent": true,
    "excludesCommonlyUsed": true,
    "minComplexity": 7,
    "maxAgeDays": 182,
    "minAgeDays": 1,
    "history": {
      "count": 8,
      "retentionDays": 365
    },
    "lockout": {
      "failureCount": 3,
      "durationSeconds": 900
    },
    "default": false
  })

};
request(options, function (error, response) {
  if (error) throw new Error(error);
  console.log(response.body);
});
import requests
import json

url = "{{apiPath}}/environments/{{envID}}/passwordPolicies"

payload = json.dumps({
  "name": "PassphraseCustom1",
  "description": "A policy that encourages the use of passphrases",
  "excludesProfileData": True,
  "notSimilarToCurrent": True,
  "excludesCommonlyUsed": True,
  "minComplexity": 7,
  "maxAgeDays": 182,
  "minAgeDays": 1,
  "history": {
    "count": 8,
    "retentionDays": 365
  },
  "lockout": {
    "failureCount": 3,
    "durationSeconds": 900
  },
  "default": False
})
headers = {
  'Content-Type': 'application/json',
  'Authorization': 'Bearer {{accessToken}}'
}

response = requests.request("POST", url, headers=headers, data=payload)

print(response.text)
<?php
require_once 'HTTP/Request2.php';
$request = new HTTP_Request2();
$request->setUrl('{{apiPath}}/environments/{{envID}}/passwordPolicies');
$request->setMethod(HTTP_Request2::METHOD_POST);
$request->setConfig(array(
  'follow_redirects' => TRUE
));
$request->setHeader(array(
  'Content-Type' => 'application/json',
  'Authorization' => 'Bearer {{accessToken}}'
));
$request->setBody('{\n    "name": "PassphraseCustom1",\n    "description": "A policy that encourages the use of passphrases",\n    "excludesProfileData": true,\n    "notSimilarToCurrent": true,\n    "excludesCommonlyUsed": true,\n    "minComplexity": 7,\n    "maxAgeDays": 182,\n    "minAgeDays": 1,\n    "history": {\n        "count": 8,\n        "retentionDays": 365\n    },\n    "lockout": {\n        "failureCount": 3,\n        "durationSeconds": 900\n    },\n    "default": false\n}');
try {
  $response = $request->send();
  if ($response->getStatus() == 200) {
    echo $response->getBody();
  }
  else {
    echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
    $response->getReasonPhrase();
  }
}
catch(HTTP_Request2_Exception $e) {
  echo 'Error: ' . $e->getMessage();
}
require "uri"
require "json"
require "net/http"

url = URI("{{apiPath}}/environments/{{envID}}/passwordPolicies")

http = Net::HTTP.new(url.host, url.port);
request = Net::HTTP::Post.new(url)
request["Content-Type"] = "application/json"
request["Authorization"] = "Bearer {{accessToken}}"
request.body = JSON.dump({
  "name": "PassphraseCustom1",
  "description": "A policy that encourages the use of passphrases",
  "excludesProfileData": true,
  "notSimilarToCurrent": true,
  "excludesCommonlyUsed": true,
  "minComplexity": 7,
  "maxAgeDays": 182,
  "minAgeDays": 1,
  "history": {
    "count": 8,
    "retentionDays": 365
  },
  "lockout": {
    "failureCount": 3,
    "durationSeconds": 900
  },
  "default": false
})

response = http.request(request)
puts response.read_body
let parameters = "{\n    \"name\": \"PassphraseCustom1\",\n    \"description\": \"A policy that encourages the use of passphrases\",\n    \"excludesProfileData\": true,\n    \"notSimilarToCurrent\": true,\n    \"excludesCommonlyUsed\": true,\n    \"minComplexity\": 7,\n    \"maxAgeDays\": 182,\n    \"minAgeDays\": 1,\n    \"history\": {\n        \"count\": 8,\n        \"retentionDays\": 365\n    },\n    \"lockout\": {\n        \"failureCount\": 3,\n        \"durationSeconds\": 900\n    },\n    \"default\": false\n}"
let postData = parameters.data(using: .utf8)

var request = URLRequest(url: URL(string: "{{apiPath}}/environments/{{envID}}/passwordPolicies")!,timeoutInterval: Double.infinity)
request.addValue("application/json", forHTTPHeaderField: "Content-Type")
request.addValue("Bearer {{accessToken}}", forHTTPHeaderField: "Authorization")

request.httpMethod = "POST"
request.httpBody = postData

let task = URLSession.shared.dataTask(with: request) { data, response, error in
  guard let data = data else {
    print(String(describing: error))
    return
  }
  print(String(data: data, encoding: .utf8)!)
}

task.resume()

Example Response

201 Created

{
    "_links": {
        "self": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/passwordPolicies/0604f534-a757-4cc7-acc0-045b115d10b7"
        },
        "environment": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
        }
    },
    "id": "0604f534-a757-4cc7-acc0-045b115d10b7",
    "environment": {
        "id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
    },
    "name": "PassphraseCustom1",
    "description": "A policy that encourages the use of passphrases",
    "excludesProfileData": true,
    "notSimilarToCurrent": true,
    "excludesCommonlyUsed": true,
    "minComplexity": 7,
    "maxAgeDays": 182,
    "minAgeDays": 1,
    "history": {
        "count": 8,
        "retentionDays": 365
    },
    "lockout": {
        "failureCount": 3,
        "durationSeconds": 900
    },
    "default": false
}