--- title: Create Resource Attribute description: The POST {{apiPath}}/v1/environments/{{envID}}/resources/{{resourceID}}/attributes operation adds a new custom resource attribute for the specified environment and resource. component: pingone-api page_id: pingone-api:platform:resources/resource-attributes/create-resource-attribute canonical_url: https://developer.pingidentity.com/pingone-api/platform/resources/resource-attributes/create-resource-attribute.html section_ids: advanced-attribute-mappings: Advanced attribute mappings token-fulfillment: Token fulfillment prerequisites: Prerequisites headers: Headers body: Body example-request: Example Request example-response: Example Response --- # Create Resource Attribute ## ```none POST {{apiPath}}/v1/environments/{{envID}}/resources/{{resourceID}}/attributes ``` The `POST {{apiPath}}/v1/environments/{{envID}}/resources/{{resourceID}}/attributes` operation adds a new custom resource attribute for the specified environment and resource. The request body must specify values for the attribute `name` and `value` properties. The `name` value must be unique within the specified environment resource and can't use any of the reserved `name` values listed in the [Resource attributes data model](../resource-attributes.html#resource-attributes-data-model). The request can also specify the optional `idToken` and `userInfo` properties to designate whether the created attribute is present as a claim in the ID token, or whether the attribute is returned by the `/userinfo` endpoint. Note that these properties cannot both be set to `false`. In the Authorization request header field, the `accessToken` value is your full base64url-encoded JSON web token generated by the authentication service. ### Advanced attribute mappings You can optionally use PingOne's expression language for [advanced resource attribute mapping](../resource-attributes.html#advanced-resource-attribute-mapping). With advanced attribute capabilities, you can write an expression that concatenates two or more user attributes in the `value` property: ```bash curl --location --request POST '{{apiPath}}/v1/environments/{{envID}}/resources/{{resourceID}}/attributes' \ --header 'Content-Type: application/json' \ --header 'Authorization: Bearer {{accessToken}}' \ --data-raw '{ "name": "fullName", "value": "${user.name.given + ', ' + user.name.family}" }' ``` | | | | - | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | For more information about PingOne's expression language, refer to [PingOne's expression language](https://docs.pingidentity.com/pingone/pingone_expression_language/p1_expression_language.html). | ### Token fulfillment Claims from a source authentication JWT can be mapped to PingOne tokens using the following expression variables as the `value` in the attribute mapping: * `#root.context.requestData.clientAssertion.{{property}}` * `#root.context.requestData.clientAssertion` * `#root.context.requestData.clientAssertionHeader.{{property}}` * `#root.context.requestData.clientAssertionHeader` * `#root.context.requestData` * `#root.context.appConfig.tokenEndpointAuthMethod` To use these expressions and understand the information that gets mapped from the source JWT to the PingOne token, refer to [Use an authentication JWT for token fulfillment](../../../auth/introduction.html#use-an-authentication-jwt-for-token-fulfillment). | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | | For OIDC applications, if a mapping includes `#root:context:requestData`, when PingOne creates an ID token for the application, if the application is configured to use the Private Key JWT authentication scheme, PingOne will include the information from the authentication JWT in the ID token when the application provides it at PingOne's token endpoint for authentication. | ### Prerequisites [Create a resource](../resources-1/create-resource.html) to get a `resourceID` for the endpoint. > **Collapse: Request Model** > > | Property | Type | Required? | > | ---------- | ------- | --------- | > | `name` | String | Required | > | `required` | Boolean | Optional | > | `value` | String | Required | > > Refer to the [Resource attributes data model](../resource-attributes.html#resource-attributes-data-model) for full property descriptions. ### Headers Authorization      Bearer {{accessToken}} Content-Type      application/json ### Body raw ( application/json ) ```json { "name": "firstName", "value": "${user.name.given}" } ``` ## ### Example Request * cURL * C# * Go * HTTP * Java * jQuery * NodeJS * Python * PHP * Ruby * Swift ```shell curl --location --globoff '{{apiPath}}/v1/environments/{{envID}}/resources/{{resourceID}}/attributes' \ --header 'Content-Type: application/json' \ --header 'Authorization: Bearer {{accessToken}}' \ --data '{ "name": "firstName", "value": "${user.name.given}" }' ``` ```csharp var options = new RestClientOptions("{{apiPath}}/v1/environments/{{envID}}/resources/{{resourceID}}/attributes") { MaxTimeout = -1, }; var client = new RestClient(options); var request = new RestRequest("", Method.Post); request.AddHeader("Content-Type", "application/json"); request.AddHeader("Authorization", "Bearer {{accessToken}}"); var body = @"{" + "\n" + @" ""name"": ""firstName""," + "\n" + @" ""value"": ""${user.name.given}""" + "\n" + @"}"; request.AddStringBody(body, DataFormat.Json); RestResponse response = await client.ExecuteAsync(request); Console.WriteLine(response.Content); ``` ```golang package main import ( "fmt" "strings" "net/http" "io" ) func main() { url := "{{apiPath}}/v1/environments/{{envID}}/resources/{{resourceID}}/attributes" method := "POST" payload := strings.NewReader(`{ "name": "firstName", "value": "${user.name.given}" }`) client := &http.Client { } req, err := http.NewRequest(method, url, payload) if err != nil { fmt.Println(err) return } req.Header.Add("Content-Type", "application/json") req.Header.Add("Authorization", "Bearer {{accessToken}}") res, err := client.Do(req) if err != nil { fmt.Println(err) return } defer res.Body.Close() body, err := io.ReadAll(res.Body) if err != nil { fmt.Println(err) return } fmt.Println(string(body)) } ``` ```http POST /v1/environments/{{envID}}/resources/{{resourceID}}/attributes HTTP/1.1 Host: {{apiPath}} Content-Type: application/json Authorization: Bearer {{accessToken}} { "name": "firstName", "value": "${user.name.given}" } ``` ```java OkHttpClient client = new OkHttpClient().newBuilder() .build(); MediaType mediaType = MediaType.parse("application/json"); RequestBody body = RequestBody.create(mediaType, "{\n \"name\": \"firstName\",\n \"value\": \"${user.name.given}\"\n}"); Request request = new Request.Builder() .url("{{apiPath}}/v1/environments/{{envID}}/resources/{{resourceID}}/attributes") .method("POST", body) .addHeader("Content-Type", "application/json") .addHeader("Authorization", "Bearer {{accessToken}}") .build(); Response response = client.newCall(request).execute(); ``` ```javascript var settings = { "url": "{{apiPath}}/v1/environments/{{envID}}/resources/{{resourceID}}/attributes", "method": "POST", "timeout": 0, "headers": { "Content-Type": "application/json", "Authorization": "Bearer {{accessToken}}" }, "data": JSON.stringify({ "name": "firstName", "value": "${user.name.given}" }), }; $.ajax(settings).done(function (response) { console.log(response); }); ``` ```javascript var request = require('request'); var options = { 'method': 'POST', 'url': '{{apiPath}}/v1/environments/{{envID}}/resources/{{resourceID}}/attributes', 'headers': { 'Content-Type': 'application/json', 'Authorization': 'Bearer {{accessToken}}' }, body: JSON.stringify({ "name": "firstName", "value": "${user.name.given}" }) }; request(options, function (error, response) { if (error) throw new Error(error); console.log(response.body); }); ``` ```python import requests import json url = "{{apiPath}}/v1/environments/{{envID}}/resources/{{resourceID}}/attributes" payload = json.dumps({ "name": "firstName", "value": "${user.name.given}" }) headers = { 'Content-Type': 'application/json', 'Authorization': 'Bearer {{accessToken}}' } response = requests.request("POST", url, headers=headers, data=payload) print(response.text) ``` ```php setUrl('{{apiPath}}/v1/environments/{{envID}}/resources/{{resourceID}}/attributes'); $request->setMethod(HTTP_Request2::METHOD_POST); $request->setConfig(array( 'follow_redirects' => TRUE )); $request->setHeader(array( 'Content-Type' => 'application/json', 'Authorization' => 'Bearer {{accessToken}}' )); $request->setBody('{\n "name": "firstName",\n "value": "${user.name.given}"\n}'); try { $response = $request->send(); if ($response->getStatus() == 200) { echo $response->getBody(); } else { echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' . $response->getReasonPhrase(); } } catch(HTTP_Request2_Exception $e) { echo 'Error: ' . $e->getMessage(); } ``` ```ruby require "uri" require "json" require "net/http" url = URI("{{apiPath}}/v1/environments/{{envID}}/resources/{{resourceID}}/attributes") http = Net::HTTP.new(url.host, url.port); request = Net::HTTP::Post.new(url) request["Content-Type"] = "application/json" request["Authorization"] = "Bearer {{accessToken}}" request.body = JSON.dump({ "name": "firstName", "value": "\${user.name.given}" }) response = http.request(request) puts response.read_body ``` ```swift let parameters = "{\n \"name\": \"firstName\",\n \"value\": \"${user.name.given}\"\n}" let postData = parameters.data(using: .utf8) var request = URLRequest(url: URL(string: "{{apiPath}}/v1/environments/{{envID}}/resources/{{resourceID}}/attributes")!,timeoutInterval: Double.infinity) request.addValue("application/json", forHTTPHeaderField: "Content-Type") request.addValue("Bearer {{accessToken}}", forHTTPHeaderField: "Authorization") request.httpMethod = "POST" request.httpBody = postData let task = URLSession.shared.dataTask(with: request) { data, response, error in guard let data = data else { print(String(describing: error)) return } print(String(data: data, encoding: .utf8)!) } task.resume() ``` ### Example Response 201 Created ```json { "_links": { "self": { "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/resources/faac7db8-67ce-44aa-8ae0-5ae672f5b8bf/attributes/d13991db-145a-4f4c-802e-3f6526cb246c" }, "environment": { "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6" }, "resource": { "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/resources/faac7db8-67ce-44aa-8ae0-5ae672f5b8bf" } }, "id": "d13991db-145a-4f4c-802e-3f6526cb246c", "environment": { "id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6" }, "name": "firstName", "value": "${user.name.given}", "type": "CUSTOM", "resource": { "id": "faac7db8-67ce-44aa-8ae0-5ae672f5b8bf" } } ```