Resource Operations

The /resources endpoint provides operations to create, read, update, and delete resource entities. The examples that follow show common actions to find and manage resources entities.

You need the Environment Admin or the Client Application Developer roles to perform operations on resources entities.

Resources data model

Property Type Required? Mutable? Description

Property	Type	Required?	Mutable?	Description
`accessTokenValiditySeconds`	Integer	Required	Mutable	The number of seconds that the access token is valid. If a value is not specified, the default is 3600. The minimum value is 300 seconds (5 minutes); the maximum value is 2592000 seconds (30 days).
`applicationPermissionsSettings`	Object	Optional	Mutable	An object that specifies whether to add application permissions to access tokens generated by PingOne.
`applicationPermissionsSettings.claimEnabled`	Boolean	Optional	Mutable	A setting to enable application permission claims in the access token. If this property is omitted, the value is set to `false`.
`audience`	String	Required	Mutable	A URL without a fragment or "@ObjectName" and must not contain "pingone" or "pingidentity" (for example, https://api.myresource.com). If a URL is not specified, the resource name is used. The value that you set here is returned in the audience claim in the token. For more information, refer to Token Introspection (Resource ID and Secret).
`createdAt`	Date	N/A	Read only	The time the resource was created.
`description`	String	Optional	Mutable	Description of the resource.
`environment.id`	String	Required	Immutable	The environment resource’s unique identifier associated with the resource.
`id`	String	Required	Immutable	The resource’s unique identifier.
`name`	String	Required	Immutable	The resource name, which must be provided and must be unique within an environment.
`introspectEndpointAuthMethod`	String	Required	Mutable	The authentication methods supported by the token endpoint. Options are `NONE`, `CLIENT_SECRET_BASIC`, `CLIENT_SECRET_POST`, `CLIENT_SECRET_JWT`, and `PRIVATE_KEY_JWT`. Applicable only to custom resources.
`type`	String	Required	Mutable	The type of resource. Options are `OPENID_CONNECT`, `PING_ONE_API,` and `CUSTOM`. Only the `CUSTOM` resource type can be created. `OPENID_CONNECT` specifies the built-in platform resource for OpenID Connect. `PING_ONE_API` specifies the built-in platform resource for PingOne.
`updatedAt`	Date	N/A	Read only	The time the resource was last updated.

accessTokenValiditySeconds

Integer

Required

Mutable

The number of seconds that the access token is valid. If a value is not specified, the default is 3600. The minimum value is 300 seconds (5 minutes); the maximum value is 2592000 seconds (30 days).

applicationPermissionsSettings

Object

Optional

Mutable

An object that specifies whether to add application permissions to access tokens generated by PingOne.

applicationPermissionsSettings.claimEnabled

Boolean

Optional

Mutable

A setting to enable application permission claims in the access token. If this property is omitted, the value is set to false.

audience

String

Required

Mutable

A URL without a fragment or "@ObjectName" and must not contain "pingone" or "pingidentity" (for example, https://api.myresource.com). If a URL is not specified, the resource name is used. The value that you set here is returned in the audience claim in the token. For more information, refer to Token Introspection (Resource ID and Secret).

createdAt

Date

N/A

Read only

The time the resource was created.

description

String

Optional

Mutable

Description of the resource.

environment.id

String

Required

Immutable

The environment resource’s unique identifier associated with the resource.

id

String

Required

Immutable

The resource’s unique identifier.

name

String

Required

Immutable

The resource name, which must be provided and must be unique within an environment.

introspectEndpointAuthMethod

String

Required

Mutable

The authentication methods supported by the token endpoint. Options are NONE, CLIENT_SECRET_BASIC, CLIENT_SECRET_POST, CLIENT_SECRET_JWT, and PRIVATE_KEY_JWT. Applicable only to custom resources.

type

String

Required

Mutable

The type of resource. Options are OPENID_CONNECT, PING_ONE_API, and CUSTOM. Only the CUSTOM resource type can be created. OPENID_CONNECT specifies the built-in platform resource for OpenID Connect. PING_ONE_API specifies the built-in platform resource for PingOne.

updatedAt

Date

N/A

Read only

The time the resource was last updated.

Resources core attribute data model

Property Type Required? Mutable? Description

Property	Type	Required?	Mutable?	Description
`sub`	String	Required	Mutable	The core claim for the new resource. The default value is `${user.id}`.

sub

String

Required

Mutable

The core claim for the new resource. The default value is ${user.id}.

Resources events generated

Refer to Audit Reporting Events for the events generated.

Response codes

Code	Message
200	Successful operation.
201	Successfully created.
204	Successfully removed. No content.
400	The request could not be completed.
401	You do not have access to this resource.
404	The requested resource was not found.

PingOne Platform APIs

Resource Operations

Resources data model

Resources core attribute data model

Resources events generated

Response codes