Step 1: Create a web application
POST {{apiPath}}/environments/{{envID}}/applicationsYou can use the POST {{apiPath}}/environments/{{envID}}/applications endpoint to create the new application. The application’s protocol property is required, and in this example it specifies an OPENID_CONNECT application. In addition, for the grantTypes property, this application configuration specifies the AUTHORIZATION_CODE and the REFRESH_TOKEN grants.
|
The applications data model includes additional optional configuration properties for refresh tokens, such as |
The response data returns information about the new application, including its id property, which identifies the UUID for this application resource. You will need the application’s UUID property value in Step 2 to get the application secret, in Step 5 to associate the sign-on policy with the application and in Step 9 to send the authorization request.
Body
raw ( application/json )
{
"enabled": true,
"name": "WebAppSimpleLogin_{{$timestamp}}",
"description": "This is an OIDC Web application.",
"type": "WEB_APP",
"protocol": "OPENID_CONNECT",
"grantTypes": [
"AUTHORIZATION_CODE",
"REFRESH_TOKEN"
],
"redirectUris": [
"https://www.google.com"
],
"responseTypes": [
"CODE"
],
"tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC"
}Example Request
-
cURL
-
C#
-
Go
-
HTTP
-
Java
-
jQuery
-
NodeJS
-
Python
-
PHP
-
Ruby
-
Swift
curl --location --globoff '{{apiPath}}/environments/{{envID}}/applications' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer {{accessToken}}' \
--data '{
"enabled": true,
"name": "WebAppSimpleLogin_{{$timestamp}}",
"description": "This is an OIDC Web application.",
"type": "WEB_APP",
"protocol": "OPENID_CONNECT",
"grantTypes": [
"AUTHORIZATION_CODE",
"REFRESH_TOKEN"
],
"redirectUris": [
"https://www.google.com"
],
"responseTypes": [
"CODE"
],
"tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC"
}'var options = new RestClientOptions("{{apiPath}}/environments/{{envID}}/applications")
{
MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("", Method.Post);
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Authorization", "Bearer {{accessToken}}");
var body = @"{" + "\n" +
@" ""enabled"": true," + "\n" +
@" ""name"": ""WebAppSimpleLogin_{{$timestamp}}""," + "\n" +
@" ""description"": ""This is an OIDC Web application.""," + "\n" +
@" ""type"": ""WEB_APP""," + "\n" +
@" ""protocol"": ""OPENID_CONNECT""," + "\n" +
@" ""grantTypes"": [" + "\n" +
@" ""AUTHORIZATION_CODE""," + "\n" +
@" ""REFRESH_TOKEN""" + "\n" +
@" ]," + "\n" +
@" ""redirectUris"": [" + "\n" +
@" ""https://www.google.com""" + "\n" +
@" ]," + "\n" +
@" ""responseTypes"": [" + "\n" +
@" ""CODE""" + "\n" +
@" ]," + "\n" +
@" ""tokenEndpointAuthMethod"": ""CLIENT_SECRET_BASIC""" + "\n" +
@"}";
request.AddStringBody(body, DataFormat.Json);
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "{{apiPath}}/environments/{{envID}}/applications"
method := "POST"
payload := strings.NewReader(`{
"enabled": true,
"name": "WebAppSimpleLogin_{{$timestamp}}",
"description": "This is an OIDC Web application.",
"type": "WEB_APP",
"protocol": "OPENID_CONNECT",
"grantTypes": [
"AUTHORIZATION_CODE",
"REFRESH_TOKEN"
],
"redirectUris": [
"https://www.google.com"
],
"responseTypes": [
"CODE"
],
"tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC"
}`)
client := &http.Client {
}
req, err := http.NewRequest(method, url, payload)
if err != nil {
fmt.Println(err)
return
}
req.Header.Add("Content-Type", "application/json")
req.Header.Add("Authorization", "Bearer {{accessToken}}")
res, err := client.Do(req)
if err != nil {
fmt.Println(err)
return
}
defer res.Body.Close()
body, err := io.ReadAll(res.Body)
if err != nil {
fmt.Println(err)
return
}
fmt.Println(string(body))
}POST /environments/{{envID}}/applications HTTP/1.1
Host: {{apiPath}}
Content-Type: application/json
Authorization: Bearer {{accessToken}}
{
"enabled": true,
"name": "WebAppSimpleLogin_{{$timestamp}}",
"description": "This is an OIDC Web application.",
"type": "WEB_APP",
"protocol": "OPENID_CONNECT",
"grantTypes": [
"AUTHORIZATION_CODE",
"REFRESH_TOKEN"
],
"redirectUris": [
"https://www.google.com"
],
"responseTypes": [
"CODE"
],
"tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC"
}OkHttpClient client = new OkHttpClient().newBuilder()
.build();
MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, "{\n \"enabled\": true,\n \"name\": \"WebAppSimpleLogin_{{$timestamp}}\",\n \"description\": \"This is an OIDC Web application.\",\n \"type\": \"WEB_APP\",\n \"protocol\": \"OPENID_CONNECT\",\n \"grantTypes\": [\n \"AUTHORIZATION_CODE\",\n \"REFRESH_TOKEN\"\n ],\n \"redirectUris\": [\n \"https://www.google.com\"\n ],\n \"responseTypes\": [\n \"CODE\"\n ],\n \"tokenEndpointAuthMethod\": \"CLIENT_SECRET_BASIC\"\n}");
Request request = new Request.Builder()
.url("{{apiPath}}/environments/{{envID}}/applications")
.method("POST", body)
.addHeader("Content-Type", "application/json")
.addHeader("Authorization", "Bearer {{accessToken}}")
.build();
Response response = client.newCall(request).execute();var settings = {
"url": "{{apiPath}}/environments/{{envID}}/applications",
"method": "POST",
"timeout": 0,
"headers": {
"Content-Type": "application/json",
"Authorization": "Bearer {{accessToken}}"
},
"data": JSON.stringify({
"enabled": true,
"name": "WebAppSimpleLogin_{{$timestamp}}",
"description": "This is an OIDC Web application.",
"type": "WEB_APP",
"protocol": "OPENID_CONNECT",
"grantTypes": [
"AUTHORIZATION_CODE",
"REFRESH_TOKEN"
],
"redirectUris": [
"https://www.google.com"
],
"responseTypes": [
"CODE"
],
"tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC"
}),
};
$.ajax(settings).done(function (response) {
console.log(response);
});var request = require('request');
var options = {
'method': 'POST',
'url': '{{apiPath}}/environments/{{envID}}/applications',
'headers': {
'Content-Type': 'application/json',
'Authorization': 'Bearer {{accessToken}}'
},
body: JSON.stringify({
"enabled": true,
"name": "WebAppSimpleLogin_{{$timestamp}}",
"description": "This is an OIDC Web application.",
"type": "WEB_APP",
"protocol": "OPENID_CONNECT",
"grantTypes": [
"AUTHORIZATION_CODE",
"REFRESH_TOKEN"
],
"redirectUris": [
"https://www.google.com"
],
"responseTypes": [
"CODE"
],
"tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC"
})
};
request(options, function (error, response) {
if (error) throw new Error(error);
console.log(response.body);
});import requests
import json
url = "{{apiPath}}/environments/{{envID}}/applications"
payload = json.dumps({
"enabled": True,
"name": "WebAppSimpleLogin_{{$timestamp}}",
"description": "This is an OIDC Web application.",
"type": "WEB_APP",
"protocol": "OPENID_CONNECT",
"grantTypes": [
"AUTHORIZATION_CODE",
"REFRESH_TOKEN"
],
"redirectUris": [
"https://www.google.com"
],
"responseTypes": [
"CODE"
],
"tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC"
})
headers = {
'Content-Type': 'application/json',
'Authorization': 'Bearer {{accessToken}}'
}
response = requests.request("POST", url, headers=headers, data=payload)
print(response.text)<?php
require_once 'HTTP/Request2.php';
$request = new HTTP_Request2();
$request->setUrl('{{apiPath}}/environments/{{envID}}/applications');
$request->setMethod(HTTP_Request2::METHOD_POST);
$request->setConfig(array(
'follow_redirects' => TRUE
));
$request->setHeader(array(
'Content-Type' => 'application/json',
'Authorization' => 'Bearer {{accessToken}}'
));
$request->setBody('{\n "enabled": true,\n "name": "WebAppSimpleLogin_{{$timestamp}}",\n "description": "This is an OIDC Web application.",\n "type": "WEB_APP",\n "protocol": "OPENID_CONNECT",\n "grantTypes": [\n "AUTHORIZATION_CODE",\n "REFRESH_TOKEN"\n ],\n "redirectUris": [\n "https://www.google.com"\n ],\n "responseTypes": [\n "CODE"\n ],\n "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC"\n}');
try {
$response = $request->send();
if ($response->getStatus() == 200) {
echo $response->getBody();
}
else {
echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
$response->getReasonPhrase();
}
}
catch(HTTP_Request2_Exception $e) {
echo 'Error: ' . $e->getMessage();
}require "uri"
require "json"
require "net/http"
url = URI("{{apiPath}}/environments/{{envID}}/applications")
http = Net::HTTP.new(url.host, url.port);
request = Net::HTTP::Post.new(url)
request["Content-Type"] = "application/json"
request["Authorization"] = "Bearer {{accessToken}}"
request.body = JSON.dump({
"enabled": true,
"name": "WebAppSimpleLogin_{{\$timestamp}}",
"description": "This is an OIDC Web application.",
"type": "WEB_APP",
"protocol": "OPENID_CONNECT",
"grantTypes": [
"AUTHORIZATION_CODE",
"REFRESH_TOKEN"
],
"redirectUris": [
"https://www.google.com"
],
"responseTypes": [
"CODE"
],
"tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC"
})
response = http.request(request)
puts response.read_bodylet parameters = "{\n \"enabled\": true,\n \"name\": \"WebAppSimpleLogin_{{$timestamp}}\",\n \"description\": \"This is an OIDC Web application.\",\n \"type\": \"WEB_APP\",\n \"protocol\": \"OPENID_CONNECT\",\n \"grantTypes\": [\n \"AUTHORIZATION_CODE\",\n \"REFRESH_TOKEN\"\n ],\n \"redirectUris\": [\n \"https://www.google.com\"\n ],\n \"responseTypes\": [\n \"CODE\"\n ],\n \"tokenEndpointAuthMethod\": \"CLIENT_SECRET_BASIC\"\n}"
let postData = parameters.data(using: .utf8)
var request = URLRequest(url: URL(string: "{{apiPath}}/environments/{{envID}}/applications")!,timeoutInterval: Double.infinity)
request.addValue("application/json", forHTTPHeaderField: "Content-Type")
request.addValue("Bearer {{accessToken}}", forHTTPHeaderField: "Authorization")
request.httpMethod = "POST"
request.httpBody = postData
let task = URLSession.shared.dataTask(with: request) { data, response, error in
guard let data = data else {
print(String(describing: error))
return
}
print(String(data: data, encoding: .utf8)!)
}
task.resume()Example Response
201 Created
{
"_links": {
"self": {
"href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/e4b75946-322a-4d8a-8ce8-ea32f7a1d86d"
},
"environment": {
"href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
},
"attributes": {
"href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/e4b75946-322a-4d8a-8ce8-ea32f7a1d86d/attributes"
},
"secret": {
"href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/e4b75946-322a-4d8a-8ce8-ea32f7a1d86d/secret"
},
"grants": {
"href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/e4b75946-322a-4d8a-8ce8-ea32f7a1d86d/grants"
},
"keyRotationPolicy": {
"href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/keyRotationPolicies/38c6ccb0-bfd9-4e6b-ace7-4651c52a3c2c"
}
},
"environment": {
"id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
},
"id": "e4b75946-322a-4d8a-8ce8-ea32f7a1d86d",
"name": "WebAppSimpleLogin_1737741456",
"description": "This is an OIDC Web application.",
"enabled": true,
"hiddenFromAppPortal": false,
"type": "WEB_APP",
"protocol": "OPENID_CONNECT",
"createdAt": "2025-01-24T17:57:35.959Z",
"updatedAt": "2025-01-24T17:57:35.959Z",
"assignActorRoles": false,
"responseTypes": [
"CODE"
],
"grantTypes": [
"REFRESH_TOKEN",
"AUTHORIZATION_CODE"
],
"additionalRefreshTokenReplayProtectionEnabled": true,
"tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",
"pkceEnforcement": "OPTIONAL",
"parRequirement": "OPTIONAL",
"devicePollingInterval": 5,
"redirectUris": [
"https://www.google.com"
],
"parTimeout": 60,
"signing": {
"keyRotationPolicy": {
"id": "38c6ccb0-bfd9-4e6b-ace7-4651c52a3c2c"
}
},
"deviceTimeout": 600
}