PingOne Platform APIs

Step 1: Create a worker application

 

POST {{apiPath}}/environments/{{envID}}/applications

You can use the POST {{apiPath}}/environments/{{envID}}/applications endpoint to create the new worker application. For an interactive worker application, the following properties must be set:

  • The application’s type property is set to WORKER.

  • The application’s protocol property is set to OPENID_CONNECT.

  • The application’s grantTypes property array is set to CLIENT_CREDENTIALS, and AUTHORIZATION_CODE.

  • The application’s responseTypes property array is set to CODE.

  • The application’s tokenEndpointAuthMethod property is set to CLIENT_SECRET_BASIC, which specifies that the clientID/clientSecret is used to authentication the token request.

The grantTypes property also supports the IMPLICIT type for interactive worker applications. If the IMPLICIT grant type is specified, the responseTypes property must include either the TOKEN or ID_TOKEN or both values.

The response data returns information about the new application, including its id property, which identifies the UUID for this application resource. The application’s ID is needed in Step 3 to get the role assignments, Step 12 to make the authorization request, and in Step 16 for the token request.

Headers

Authorization      Bearer {{accessToken}}

Content-Type      application/json

Body

raw ( application/json )

{
    "enabled": true,
    "name": "InteractiveWorkerApp_{{$timestamp}}",
    "description": "Test Description - Interactive Worker App",
    "type": "WORKER",
    "protocol": "OPENID_CONNECT",
    "homePageUrl": "https://example.com/homePage",
    "loginPageUrl": "https://example.com/loginPage",
    "grantTypes": [
        "CLIENT_CREDENTIALS",
        "AUTHORIZATION_CODE"
    ],
    "postLogoutRedirectUris": [
        "https://example.com/logout"
    ],
    "redirectUris": [
        "https://example.com"
    ],
    "responseTypes": [
        "CODE"
    ],
    "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",
    "pkceEnforcement": "OPTIONAL",
    "refreshTokenDuration": 86400,
    "refreshTokenRollingDuration": 86400
}

Example Request

  • cURL

  • C#

  • Go

  • HTTP

  • Java

  • jQuery

  • NodeJS

  • Python

  • PHP

  • Ruby

  • Swift

curl --location --globoff '{{apiPath}}/environments/{{envID}}/applications' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer {{accessToken}}' \
--data '{
    "enabled": true,
    "name": "InteractiveWorkerApp_{{$timestamp}}",
    "description": "Test Description - Interactive Worker App",
    "type": "WORKER",
    "protocol": "OPENID_CONNECT",
    "homePageUrl": "https://example.com/homePage",
    "loginPageUrl": "https://example.com/loginPage",
    "grantTypes": [
        "CLIENT_CREDENTIALS",
        "AUTHORIZATION_CODE"
    ],
    "postLogoutRedirectUris": [
        "https://example.com/logout"
    ],
    "redirectUris": [
        "https://example.com"
    ],
    "responseTypes": [
        "CODE"
    ],
    "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",
    "pkceEnforcement": "OPTIONAL",
    "refreshTokenDuration": 86400,
    "refreshTokenRollingDuration": 86400
}'
var options = new RestClientOptions("{{apiPath}}/environments/{{envID}}/applications")
{
  MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("", Method.Post);
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Authorization", "Bearer {{accessToken}}");
var body = @"{" + "\n" +
@"    ""enabled"": true," + "\n" +
@"    ""name"": ""InteractiveWorkerApp_{{$timestamp}}""," + "\n" +
@"    ""description"": ""Test Description - Interactive Worker App""," + "\n" +
@"    ""type"": ""WORKER""," + "\n" +
@"    ""protocol"": ""OPENID_CONNECT""," + "\n" +
@"    ""homePageUrl"": ""https://example.com/homePage""," + "\n" +
@"    ""loginPageUrl"": ""https://example.com/loginPage""," + "\n" +
@"    ""grantTypes"": [" + "\n" +
@"        ""CLIENT_CREDENTIALS""," + "\n" +
@"        ""AUTHORIZATION_CODE""" + "\n" +
@"    ]," + "\n" +
@"    ""postLogoutRedirectUris"": [" + "\n" +
@"        ""https://example.com/logout""" + "\n" +
@"    ]," + "\n" +
@"    ""redirectUris"": [" + "\n" +
@"        ""https://example.com""" + "\n" +
@"    ]," + "\n" +
@"    ""responseTypes"": [" + "\n" +
@"        ""CODE""" + "\n" +
@"    ]," + "\n" +
@"    ""tokenEndpointAuthMethod"": ""CLIENT_SECRET_BASIC""," + "\n" +
@"    ""pkceEnforcement"": ""OPTIONAL""," + "\n" +
@"    ""refreshTokenDuration"": 86400," + "\n" +
@"    ""refreshTokenRollingDuration"": 86400" + "\n" +
@"}";
request.AddStringBody(body, DataFormat.Json);
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);
package main

import (
  "fmt"
  "strings"
  "net/http"
  "io"
)

func main() {

  url := "{{apiPath}}/environments/{{envID}}/applications"
  method := "POST"

  payload := strings.NewReader(`{
    "enabled": true,
    "name": "InteractiveWorkerApp_{{$timestamp}}",
    "description": "Test Description - Interactive Worker App",
    "type": "WORKER",
    "protocol": "OPENID_CONNECT",
    "homePageUrl": "https://example.com/homePage",
    "loginPageUrl": "https://example.com/loginPage",
    "grantTypes": [
        "CLIENT_CREDENTIALS",
        "AUTHORIZATION_CODE"
    ],
    "postLogoutRedirectUris": [
        "https://example.com/logout"
    ],
    "redirectUris": [
        "https://example.com"
    ],
    "responseTypes": [
        "CODE"
    ],
    "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",
    "pkceEnforcement": "OPTIONAL",
    "refreshTokenDuration": 86400,
    "refreshTokenRollingDuration": 86400
}`)

  client := &http.Client {
  }
  req, err := http.NewRequest(method, url, payload)

  if err != nil {
    fmt.Println(err)
    return
  }
  req.Header.Add("Content-Type", "application/json")
  req.Header.Add("Authorization", "Bearer {{accessToken}}")

  res, err := client.Do(req)
  if err != nil {
    fmt.Println(err)
    return
  }
  defer res.Body.Close()

  body, err := io.ReadAll(res.Body)
  if err != nil {
    fmt.Println(err)
    return
  }
  fmt.Println(string(body))
}
POST /environments/{{envID}}/applications HTTP/1.1
Host: {{apiPath}}
Content-Type: application/json
Authorization: Bearer {{accessToken}}

{
    "enabled": true,
    "name": "InteractiveWorkerApp_{{$timestamp}}",
    "description": "Test Description - Interactive Worker App",
    "type": "WORKER",
    "protocol": "OPENID_CONNECT",
    "homePageUrl": "https://example.com/homePage",
    "loginPageUrl": "https://example.com/loginPage",
    "grantTypes": [
        "CLIENT_CREDENTIALS",
        "AUTHORIZATION_CODE"
    ],
    "postLogoutRedirectUris": [
        "https://example.com/logout"
    ],
    "redirectUris": [
        "https://example.com"
    ],
    "responseTypes": [
        "CODE"
    ],
    "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",
    "pkceEnforcement": "OPTIONAL",
    "refreshTokenDuration": 86400,
    "refreshTokenRollingDuration": 86400
}
OkHttpClient client = new OkHttpClient().newBuilder()
  .build();
MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, "{\n    \"enabled\": true,\n    \"name\": \"InteractiveWorkerApp_{{$timestamp}}\",\n    \"description\": \"Test Description - Interactive Worker App\",\n    \"type\": \"WORKER\",\n    \"protocol\": \"OPENID_CONNECT\",\n    \"homePageUrl\": \"https://example.com/homePage\",\n    \"loginPageUrl\": \"https://example.com/loginPage\",\n    \"grantTypes\": [\n        \"CLIENT_CREDENTIALS\",\n        \"AUTHORIZATION_CODE\"\n    ],\n    \"postLogoutRedirectUris\": [\n        \"https://example.com/logout\"\n    ],\n    \"redirectUris\": [\n        \"https://example.com\"\n    ],\n    \"responseTypes\": [\n        \"CODE\"\n    ],\n    \"tokenEndpointAuthMethod\": \"CLIENT_SECRET_BASIC\",\n    \"pkceEnforcement\": \"OPTIONAL\",\n    \"refreshTokenDuration\": 86400,\n    \"refreshTokenRollingDuration\": 86400\n}");
Request request = new Request.Builder()
  .url("{{apiPath}}/environments/{{envID}}/applications")
  .method("POST", body)
  .addHeader("Content-Type", "application/json")
  .addHeader("Authorization", "Bearer {{accessToken}}")
  .build();
Response response = client.newCall(request).execute();
var settings = {
  "url": "{{apiPath}}/environments/{{envID}}/applications",
  "method": "POST",
  "timeout": 0,
  "headers": {
    "Content-Type": "application/json",
    "Authorization": "Bearer {{accessToken}}"
  },
  "data": JSON.stringify({
    "enabled": true,
    "name": "InteractiveWorkerApp_{{$timestamp}}",
    "description": "Test Description - Interactive Worker App",
    "type": "WORKER",
    "protocol": "OPENID_CONNECT",
    "homePageUrl": "https://example.com/homePage",
    "loginPageUrl": "https://example.com/loginPage",
    "grantTypes": [
      "CLIENT_CREDENTIALS",
      "AUTHORIZATION_CODE"
    ],
    "postLogoutRedirectUris": [
      "https://example.com/logout"
    ],
    "redirectUris": [
      "https://example.com"
    ],
    "responseTypes": [
      "CODE"
    ],
    "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",
    "pkceEnforcement": "OPTIONAL",
    "refreshTokenDuration": 86400,
    "refreshTokenRollingDuration": 86400
  }),
};

$.ajax(settings).done(function (response) {
  console.log(response);
});
var request = require('request');
var options = {
  'method': 'POST',
  'url': '{{apiPath}}/environments/{{envID}}/applications',
  'headers': {
    'Content-Type': 'application/json',
    'Authorization': 'Bearer {{accessToken}}'
  },
  body: JSON.stringify({
    "enabled": true,
    "name": "InteractiveWorkerApp_{{$timestamp}}",
    "description": "Test Description - Interactive Worker App",
    "type": "WORKER",
    "protocol": "OPENID_CONNECT",
    "homePageUrl": "https://example.com/homePage",
    "loginPageUrl": "https://example.com/loginPage",
    "grantTypes": [
      "CLIENT_CREDENTIALS",
      "AUTHORIZATION_CODE"
    ],
    "postLogoutRedirectUris": [
      "https://example.com/logout"
    ],
    "redirectUris": [
      "https://example.com"
    ],
    "responseTypes": [
      "CODE"
    ],
    "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",
    "pkceEnforcement": "OPTIONAL",
    "refreshTokenDuration": 86400,
    "refreshTokenRollingDuration": 86400
  })

};
request(options, function (error, response) {
  if (error) throw new Error(error);
  console.log(response.body);
});
import requests
import json

url = "{{apiPath}}/environments/{{envID}}/applications"

payload = json.dumps({
  "enabled": True,
  "name": "InteractiveWorkerApp_{{$timestamp}}",
  "description": "Test Description - Interactive Worker App",
  "type": "WORKER",
  "protocol": "OPENID_CONNECT",
  "homePageUrl": "https://example.com/homePage",
  "loginPageUrl": "https://example.com/loginPage",
  "grantTypes": [
    "CLIENT_CREDENTIALS",
    "AUTHORIZATION_CODE"
  ],
  "postLogoutRedirectUris": [
    "https://example.com/logout"
  ],
  "redirectUris": [
    "https://example.com"
  ],
  "responseTypes": [
    "CODE"
  ],
  "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",
  "pkceEnforcement": "OPTIONAL",
  "refreshTokenDuration": 86400,
  "refreshTokenRollingDuration": 86400
})
headers = {
  'Content-Type': 'application/json',
  'Authorization': 'Bearer {{accessToken}}'
}

response = requests.request("POST", url, headers=headers, data=payload)

print(response.text)
<?php
require_once 'HTTP/Request2.php';
$request = new HTTP_Request2();
$request->setUrl('{{apiPath}}/environments/{{envID}}/applications');
$request->setMethod(HTTP_Request2::METHOD_POST);
$request->setConfig(array(
  'follow_redirects' => TRUE
));
$request->setHeader(array(
  'Content-Type' => 'application/json',
  'Authorization' => 'Bearer {{accessToken}}'
));
$request->setBody('{\n    "enabled": true,\n    "name": "InteractiveWorkerApp_{{$timestamp}}",\n    "description": "Test Description - Interactive Worker App",\n    "type": "WORKER",\n    "protocol": "OPENID_CONNECT",\n    "homePageUrl": "https://example.com/homePage",\n    "loginPageUrl": "https://example.com/loginPage",\n    "grantTypes": [\n        "CLIENT_CREDENTIALS",\n        "AUTHORIZATION_CODE"\n    ],\n    "postLogoutRedirectUris": [\n        "https://example.com/logout"\n    ],\n    "redirectUris": [\n        "https://example.com"\n    ],\n    "responseTypes": [\n        "CODE"\n    ],\n    "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",\n    "pkceEnforcement": "OPTIONAL",\n    "refreshTokenDuration": 86400,\n    "refreshTokenRollingDuration": 86400\n}');
try {
  $response = $request->send();
  if ($response->getStatus() == 200) {
    echo $response->getBody();
  }
  else {
    echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
    $response->getReasonPhrase();
  }
}
catch(HTTP_Request2_Exception $e) {
  echo 'Error: ' . $e->getMessage();
}
require "uri"
require "json"
require "net/http"

url = URI("{{apiPath}}/environments/{{envID}}/applications")

http = Net::HTTP.new(url.host, url.port);
request = Net::HTTP::Post.new(url)
request["Content-Type"] = "application/json"
request["Authorization"] = "Bearer {{accessToken}}"
request.body = JSON.dump({
  "enabled": true,
  "name": "InteractiveWorkerApp_{{\$timestamp}}",
  "description": "Test Description - Interactive Worker App",
  "type": "WORKER",
  "protocol": "OPENID_CONNECT",
  "homePageUrl": "https://example.com/homePage",
  "loginPageUrl": "https://example.com/loginPage",
  "grantTypes": [
    "CLIENT_CREDENTIALS",
    "AUTHORIZATION_CODE"
  ],
  "postLogoutRedirectUris": [
    "https://example.com/logout"
  ],
  "redirectUris": [
    "https://example.com"
  ],
  "responseTypes": [
    "CODE"
  ],
  "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",
  "pkceEnforcement": "OPTIONAL",
  "refreshTokenDuration": 86400,
  "refreshTokenRollingDuration": 86400
})

response = http.request(request)
puts response.read_body
let parameters = "{\n    \"enabled\": true,\n    \"name\": \"InteractiveWorkerApp_{{$timestamp}}\",\n    \"description\": \"Test Description - Interactive Worker App\",\n    \"type\": \"WORKER\",\n    \"protocol\": \"OPENID_CONNECT\",\n    \"homePageUrl\": \"https://example.com/homePage\",\n    \"loginPageUrl\": \"https://example.com/loginPage\",\n    \"grantTypes\": [\n        \"CLIENT_CREDENTIALS\",\n        \"AUTHORIZATION_CODE\"\n    ],\n    \"postLogoutRedirectUris\": [\n        \"https://example.com/logout\"\n    ],\n    \"redirectUris\": [\n        \"https://example.com\"\n    ],\n    \"responseTypes\": [\n        \"CODE\"\n    ],\n    \"tokenEndpointAuthMethod\": \"CLIENT_SECRET_BASIC\",\n    \"pkceEnforcement\": \"OPTIONAL\",\n    \"refreshTokenDuration\": 86400,\n    \"refreshTokenRollingDuration\": 86400\n}"
let postData = parameters.data(using: .utf8)

var request = URLRequest(url: URL(string: "{{apiPath}}/environments/{{envID}}/applications")!,timeoutInterval: Double.infinity)
request.addValue("application/json", forHTTPHeaderField: "Content-Type")
request.addValue("Bearer {{accessToken}}", forHTTPHeaderField: "Authorization")

request.httpMethod = "POST"
request.httpBody = postData

let task = URLSession.shared.dataTask(with: request) { data, response, error in
  guard let data = data else {
    print(String(describing: error))
    return
  }
  print(String(data: data, encoding: .utf8)!)
}

task.resume()

Example Response

201 Created

{
    "_links": {
        "self": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/ae72e133-0935-4935-a84c-4dcf7b5e8b71"
        },
        "environment": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
        },
        "attributes": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/ae72e133-0935-4935-a84c-4dcf7b5e8b71/attributes"
        },
        "secret": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/ae72e133-0935-4935-a84c-4dcf7b5e8b71/secret"
        },
        "grants": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/ae72e133-0935-4935-a84c-4dcf7b5e8b71/grants"
        },
        "roleAssignments": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/ae72e133-0935-4935-a84c-4dcf7b5e8b71/roleAssignments"
        }
    },
    "environment": {
        "id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
    },
    "id": "ae72e133-0935-4935-a84c-4dcf7b5e8b71",
    "name": "InteractiveWorkerApp_1667841878",
    "description": "Test Description - Interactive Worker App",
    "enabled": true,
    "hiddenFromAppPortal": false,
    "type": "WORKER",
    "loginPageUrl": "https://example.com/loginPage",
    "homePageUrl": "https://example.com/homePage",
    "accessControl": {
        "role": {
            "type": "ADMIN_USERS_ONLY"
        }
    },
    "protocol": "OPENID_CONNECT",
    "createdAt": "2022-11-07T17:24:38.329Z",
    "updatedAt": "2022-11-07T17:24:38.329Z",
    "assignActorRoles": true,
    "responseTypes": [
        "CODE"
    ],
    "grantTypes": [
        "CLIENT_CREDENTIALS",
        "AUTHORIZATION_CODE"
    ],
    "refreshTokenDuration": 86400,
    "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",
    "pkceEnforcement": "OPTIONAL",
    "postLogoutRedirectUris": [
        "https://example.com/logout"
    ],
    "refreshTokenRollingDuration": 86400,
    "redirectUris": [
        "https://example.com"
    ]
}