--- title: Create Password Policy description: You can create a password policy for the specified environment. The POST {{apiPath}}/v1/environments/{{envID}}/passwordPolicies operation creates a password policy. The request body specifies values for the properties associated with the password policy. component: pingone-api page_id: pingone-api:platform:password-policies/create-password-policy canonical_url: https://developer.pingidentity.com/pingone-api/platform/password-policies/create-password-policy.html section_ids: prerequisites: Prerequisites headers: Headers body: Body example-request: Example Request example-response: Example Response --- # Create Password Policy ## ```none POST {{apiPath}}/v1/environments/{{envID}}/passwordPolicies ``` You can create a password policy for the specified environment. The `POST {{apiPath}}/v1/environments/{{envID}}/passwordPolicies` operation creates a password policy. The request body specifies values for the properties associated with the password policy. ### Prerequisites * Refer to [Password Policies](../password-policies.html) for important overview information. > **Collapse: Request Model** > > Refer to the [Password policies data model](../password-policies.html#password-policies-data-model) for full property descriptions. > > | Property | Type | Required? | > | ------------------------- | --------- | --------- | > | `default` | Boolean | Required | > | `description` | String | Optional | > | `excludesCommonlyUsed` | Boolean | Required | > | `excludesProfileData` | Boolean | Required | > | `history.count` | Integer | Optional | > | `history.retentionDays` | Integer | Optional | > | `length.max` | Integer | Optional | > | `length.min` | Integer | Optional | > | `lockout.durationSeconds` | Integer | Optional | > | `lockout.failureCount` | Integer | Optional | > | `maxAgeDays` | Integer | Optional | > | `maxRepeatedCharacters` | Integer | Optional | > | `minAgeDays` | Integer | Optional | > | `minCharacters` | String\[] | Optional | > | `minComplexity` | Integer | Optional | > | `minUniqueCharacters` | Integer | Optional | > | `name` | String | Required | > | `notSimilarToCurrent` | Boolean | Required | The following password requirements property values cannot be modified at this time, but they can be excluded from the request to turn the requirement off. | Password requirement | Fixed value | Can be excluded | | ---------------------------------------------- | ----------- | --------------- | | `length.max` | 255 | Yes | | `length.min` | 8 | Yes | | `maxRepeatedCharacters` | 2 | Yes | | `minCharacters.abcdefghijklmnopqrstuvwxyz` | 1 | Yes | | `minCharacters.ABCDEFGHIJKLMNOPQRSTUVWXYZ` | 1 | Yes | | `minCharacters.0123456789` | 1 | Yes | | `minCharacters.~!@#$%^&*()-_=+[]{}\\|;:,.<>/?` | 1 | Yes | | `minComplexity` | 7 | Yes | | `minUniqueCharacters` | 5 | Yes | The following password requirements property values can be modified, and they can be excluded from the request to turn the requirement off. | Password requirement | Default value | Can be excluded | | -------------------- | ------------- | --------------- | | `maxAgeDays` | 182 | Yes | | `minAgeDays` | 1 | Yes | The minimum value for `maxAgeDays` is `minAgeDays` + 21 (the expiration warning interval). The following password policy rules can be changed to any positive integer, and these properties can be excluded from the request to turn the requirement off. If `history` is included, both values, `count` and `retentionDays`, must be defined. Likewise, if `lockout` is included, both values, `failureCount` and `durationSeconds`, must be defined. | Password policy rule | Default value | Can be excluded | | ------------------------- | ------------- | --------------- | | `history.count` | 6 | Yes | | `history.retentionDays` | 365 | Yes | | `lockout.durationSeconds` | 900 | Yes | | `lockout.failureCount` | 5 | Yes | Password attributes with boolean values such as `default`, `excludesProfileData`, `notSimilarToCurrent`, and `excludesCommonlyUsed` are required. The rule can be turned on or off by changing the value. ### Headers Authorization      Bearer {{accessToken}} Content-Type      application/json ### Body raw ( application/json ) ```json { "name": "PassphraseCustom1", "description": "A policy that encourages the use of passphrases", "excludesProfileData": true, "notSimilarToCurrent": true, "excludesCommonlyUsed": true, "minComplexity": 7, "maxAgeDays": 182, "minAgeDays": 1, "history": { "count": 8, "retentionDays": 365 }, "lockout": { "failureCount": 3, "durationSeconds": 900 }, "default": false } ``` ## ### Example Request * cURL * C# * Go * HTTP * Java * jQuery * NodeJS * Python * PHP * Ruby * Swift ```shell curl --location --globoff '{{apiPath}}/v1/environments/{{envID}}/passwordPolicies' \ --header 'Content-Type: application/json' \ --header 'Authorization: Bearer {{accessToken}}' \ --data '{ "name": "PassphraseCustom1", "description": "A policy that encourages the use of passphrases", "excludesProfileData": true, "notSimilarToCurrent": true, "excludesCommonlyUsed": true, "minComplexity": 7, "maxAgeDays": 182, "minAgeDays": 1, "history": { "count": 8, "retentionDays": 365 }, "lockout": { "failureCount": 3, "durationSeconds": 900 }, "default": false }' ``` ```csharp var options = new RestClientOptions("{{apiPath}}/v1/environments/{{envID}}/passwordPolicies") { MaxTimeout = -1, }; var client = new RestClient(options); var request = new RestRequest("", Method.Post); request.AddHeader("Content-Type", "application/json"); request.AddHeader("Authorization", "Bearer {{accessToken}}"); var body = @"{" + "\n" + @" ""name"": ""PassphraseCustom1""," + "\n" + @" ""description"": ""A policy that encourages the use of passphrases""," + "\n" + @" ""excludesProfileData"": true," + "\n" + @" ""notSimilarToCurrent"": true," + "\n" + @" ""excludesCommonlyUsed"": true," + "\n" + @" ""minComplexity"": 7," + "\n" + @" ""maxAgeDays"": 182," + "\n" + @" ""minAgeDays"": 1," + "\n" + @" ""history"": {" + "\n" + @" ""count"": 8," + "\n" + @" ""retentionDays"": 365" + "\n" + @" }," + "\n" + @" ""lockout"": {" + "\n" + @" ""failureCount"": 3," + "\n" + @" ""durationSeconds"": 900" + "\n" + @" }," + "\n" + @" ""default"": false" + "\n" + @"}"; request.AddStringBody(body, DataFormat.Json); RestResponse response = await client.ExecuteAsync(request); Console.WriteLine(response.Content); ``` ```golang package main import ( "fmt" "strings" "net/http" "io" ) func main() { url := "{{apiPath}}/v1/environments/{{envID}}/passwordPolicies" method := "POST" payload := strings.NewReader(`{ "name": "PassphraseCustom1", "description": "A policy that encourages the use of passphrases", "excludesProfileData": true, "notSimilarToCurrent": true, "excludesCommonlyUsed": true, "minComplexity": 7, "maxAgeDays": 182, "minAgeDays": 1, "history": { "count": 8, "retentionDays": 365 }, "lockout": { "failureCount": 3, "durationSeconds": 900 }, "default": false }`) client := &http.Client { } req, err := http.NewRequest(method, url, payload) if err != nil { fmt.Println(err) return } req.Header.Add("Content-Type", "application/json") req.Header.Add("Authorization", "Bearer {{accessToken}}") res, err := client.Do(req) if err != nil { fmt.Println(err) return } defer res.Body.Close() body, err := io.ReadAll(res.Body) if err != nil { fmt.Println(err) return } fmt.Println(string(body)) } ``` ```http POST /v1/environments/{{envID}}/passwordPolicies HTTP/1.1 Host: {{apiPath}} Content-Type: application/json Authorization: Bearer {{accessToken}} { "name": "PassphraseCustom1", "description": "A policy that encourages the use of passphrases", "excludesProfileData": true, "notSimilarToCurrent": true, "excludesCommonlyUsed": true, "minComplexity": 7, "maxAgeDays": 182, "minAgeDays": 1, "history": { "count": 8, "retentionDays": 365 }, "lockout": { "failureCount": 3, "durationSeconds": 900 }, "default": false } ``` ```java OkHttpClient client = new OkHttpClient().newBuilder() .build(); MediaType mediaType = MediaType.parse("application/json"); RequestBody body = RequestBody.create(mediaType, "{\n \"name\": \"PassphraseCustom1\",\n \"description\": \"A policy that encourages the use of passphrases\",\n \"excludesProfileData\": true,\n \"notSimilarToCurrent\": true,\n \"excludesCommonlyUsed\": true,\n \"minComplexity\": 7,\n \"maxAgeDays\": 182,\n \"minAgeDays\": 1,\n \"history\": {\n \"count\": 8,\n \"retentionDays\": 365\n },\n \"lockout\": {\n \"failureCount\": 3,\n \"durationSeconds\": 900\n },\n \"default\": false\n}"); Request request = new Request.Builder() .url("{{apiPath}}/v1/environments/{{envID}}/passwordPolicies") .method("POST", body) .addHeader("Content-Type", "application/json") .addHeader("Authorization", "Bearer {{accessToken}}") .build(); Response response = client.newCall(request).execute(); ``` ```javascript var settings = { "url": "{{apiPath}}/v1/environments/{{envID}}/passwordPolicies", "method": "POST", "timeout": 0, "headers": { "Content-Type": "application/json", "Authorization": "Bearer {{accessToken}}" }, "data": JSON.stringify({ "name": "PassphraseCustom1", "description": "A policy that encourages the use of passphrases", "excludesProfileData": true, "notSimilarToCurrent": true, "excludesCommonlyUsed": true, "minComplexity": 7, "maxAgeDays": 182, "minAgeDays": 1, "history": { "count": 8, "retentionDays": 365 }, "lockout": { "failureCount": 3, "durationSeconds": 900 }, "default": false }), }; $.ajax(settings).done(function (response) { console.log(response); }); ``` ```javascript var request = require('request'); var options = { 'method': 'POST', 'url': '{{apiPath}}/v1/environments/{{envID}}/passwordPolicies', 'headers': { 'Content-Type': 'application/json', 'Authorization': 'Bearer {{accessToken}}' }, body: JSON.stringify({ "name": "PassphraseCustom1", "description": "A policy that encourages the use of passphrases", "excludesProfileData": true, "notSimilarToCurrent": true, "excludesCommonlyUsed": true, "minComplexity": 7, "maxAgeDays": 182, "minAgeDays": 1, "history": { "count": 8, "retentionDays": 365 }, "lockout": { "failureCount": 3, "durationSeconds": 900 }, "default": false }) }; request(options, function (error, response) { if (error) throw new Error(error); console.log(response.body); }); ``` ```python import requests import json url = "{{apiPath}}/v1/environments/{{envID}}/passwordPolicies" payload = json.dumps({ "name": "PassphraseCustom1", "description": "A policy that encourages the use of passphrases", "excludesProfileData": True, "notSimilarToCurrent": True, "excludesCommonlyUsed": True, "minComplexity": 7, "maxAgeDays": 182, "minAgeDays": 1, "history": { "count": 8, "retentionDays": 365 }, "lockout": { "failureCount": 3, "durationSeconds": 900 }, "default": False }) headers = { 'Content-Type': 'application/json', 'Authorization': 'Bearer {{accessToken}}' } response = requests.request("POST", url, headers=headers, data=payload) print(response.text) ``` ```php setUrl('{{apiPath}}/v1/environments/{{envID}}/passwordPolicies'); $request->setMethod(HTTP_Request2::METHOD_POST); $request->setConfig(array( 'follow_redirects' => TRUE )); $request->setHeader(array( 'Content-Type' => 'application/json', 'Authorization' => 'Bearer {{accessToken}}' )); $request->setBody('{\n "name": "PassphraseCustom1",\n "description": "A policy that encourages the use of passphrases",\n "excludesProfileData": true,\n "notSimilarToCurrent": true,\n "excludesCommonlyUsed": true,\n "minComplexity": 7,\n "maxAgeDays": 182,\n "minAgeDays": 1,\n "history": {\n "count": 8,\n "retentionDays": 365\n },\n "lockout": {\n "failureCount": 3,\n "durationSeconds": 900\n },\n "default": false\n}'); try { $response = $request->send(); if ($response->getStatus() == 200) { echo $response->getBody(); } else { echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' . $response->getReasonPhrase(); } } catch(HTTP_Request2_Exception $e) { echo 'Error: ' . $e->getMessage(); } ``` ```ruby require "uri" require "json" require "net/http" url = URI("{{apiPath}}/v1/environments/{{envID}}/passwordPolicies") http = Net::HTTP.new(url.host, url.port); request = Net::HTTP::Post.new(url) request["Content-Type"] = "application/json" request["Authorization"] = "Bearer {{accessToken}}" request.body = JSON.dump({ "name": "PassphraseCustom1", "description": "A policy that encourages the use of passphrases", "excludesProfileData": true, "notSimilarToCurrent": true, "excludesCommonlyUsed": true, "minComplexity": 7, "maxAgeDays": 182, "minAgeDays": 1, "history": { "count": 8, "retentionDays": 365 }, "lockout": { "failureCount": 3, "durationSeconds": 900 }, "default": false }) response = http.request(request) puts response.read_body ``` ```swift let parameters = "{\n \"name\": \"PassphraseCustom1\",\n \"description\": \"A policy that encourages the use of passphrases\",\n \"excludesProfileData\": true,\n \"notSimilarToCurrent\": true,\n \"excludesCommonlyUsed\": true,\n \"minComplexity\": 7,\n \"maxAgeDays\": 182,\n \"minAgeDays\": 1,\n \"history\": {\n \"count\": 8,\n \"retentionDays\": 365\n },\n \"lockout\": {\n \"failureCount\": 3,\n \"durationSeconds\": 900\n },\n \"default\": false\n}" let postData = parameters.data(using: .utf8) var request = URLRequest(url: URL(string: "{{apiPath}}/v1/environments/{{envID}}/passwordPolicies")!,timeoutInterval: Double.infinity) request.addValue("application/json", forHTTPHeaderField: "Content-Type") request.addValue("Bearer {{accessToken}}", forHTTPHeaderField: "Authorization") request.httpMethod = "POST" request.httpBody = postData let task = URLSession.shared.dataTask(with: request) { data, response, error in guard let data = data else { print(String(describing: error)) return } print(String(data: data, encoding: .utf8)!) } task.resume() ``` ### Example Response 201 Created ```json { "_links": { "self": { "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/passwordPolicies/0604f534-a757-4cc7-acc0-045b115d10b7" }, "environment": { "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6" } }, "id": "0604f534-a757-4cc7-acc0-045b115d10b7", "environment": { "id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6" }, "name": "PassphraseCustom1", "description": "A policy that encourages the use of passphrases", "excludesProfileData": true, "notSimilarToCurrent": true, "excludesCommonlyUsed": true, "minComplexity": 7, "maxAgeDays": 182, "minAgeDays": 1, "history": { "count": 8, "retentionDays": 365 }, "lockout": { "failureCount": 3, "durationSeconds": 900 }, "default": false } ```