Step 1: Create a PingOne web application
POST {{apiPath}}/environments/{{envID}}/applicationsThis example shows the POST {{apiPath}}/environments/{{envID}}/applications operation to create a new application. This app configuration represents (to PingOne) the real application that users will query to sign-on.
In this request:
-
{{envID}}represents the environment ID for your environment. -
These properties are required in the request body:
-
enabled. The current enabled state of the application. -
name. The name of the application. -
type. The application type. In this workflow, thetypeisWEB_APP. -
protocol. The protocol used by the application. In this workflow, theprotocolisOPENID_CONNECT. -
grantTypes. The grant type for the authorization request. In this workflow, thegrantTypesproperty specifies theauthorization_codegrant type. -
redirectUris. The callback URI for the authentication response. -
responseTypes. The code or token type returned by an authorization request. In this workflow, theresponseTypesproperty specifiesCODE` to return an authorization code. -
tokenEndpointAuthMethod. The client authentication methods supported by the token endpoint. In this workflow, thetokenEndpointAuthMethodproperty specifiesNONE. This workflow uses Proof Key for Code Exchange (PKCE) parameters in the authorization request and in the token request to authenticate the token request.
-
-
The response returns a
Status: 201 createdmessage and shows the new application’s configuration data. -
The response data includes the application’s
idproperty. Unless you’re using the Postman collection for this workflow (which sets the environment variables), you’ll need to copy the applicationidproperty for use in a subsequent step.
Body
raw ( application/json )
{
"enabled": true,
"name": "DV-FlowApp_piflow{{$timestamp}}",
"description": "This is an OIDC Web application.",
"type": "WEB_APP",
"protocol": "OPENID_CONNECT",
"grantTypes": [
"AUTHORIZATION_CODE"
],
"redirectUris": [
"https://example.com"
],
"responseTypes": [
"CODE"
],
"tokenEndpointAuthMethod": "NONE",
"pkceEnforcement": "S256_REQUIRED",
"refreshTokenDuration": 86400,
"refreshTokenRollingDuration": 86400
}Example Request
-
cURL
-
C#
-
Go
-
HTTP
-
Java
-
jQuery
-
NodeJS
-
Python
-
PHP
-
Ruby
-
Swift
curl --location --globoff '{{apiPath}}/environments/{{envID}}/applications' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer {{accessToken}}' \
--data '{
"enabled": true,
"name": "DV-FlowApp_piflow{{$timestamp}}",
"description": "This is an OIDC Web application.",
"type": "WEB_APP",
"protocol": "OPENID_CONNECT",
"grantTypes": [
"AUTHORIZATION_CODE"
],
"redirectUris": [
"https://example.com"
],
"responseTypes": [
"CODE"
],
"tokenEndpointAuthMethod": "NONE",
"pkceEnforcement": "S256_REQUIRED",
"refreshTokenDuration": 86400,
"refreshTokenRollingDuration": 86400
}'var options = new RestClientOptions("{{apiPath}}/environments/{{envID}}/applications")
{
MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("", Method.Post);
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Authorization", "Bearer {{accessToken}}");
var body = @"{" + "\n" +
@" ""enabled"": true," + "\n" +
@" ""name"": ""DV-FlowApp_piflow{{$timestamp}}""," + "\n" +
@" ""description"": ""This is an OIDC Web application.""," + "\n" +
@" ""type"": ""WEB_APP""," + "\n" +
@" ""protocol"": ""OPENID_CONNECT""," + "\n" +
@" ""grantTypes"": [" + "\n" +
@" ""AUTHORIZATION_CODE""" + "\n" +
@" ]," + "\n" +
@" ""redirectUris"": [" + "\n" +
@" ""https://example.com""" + "\n" +
@" ]," + "\n" +
@" ""responseTypes"": [" + "\n" +
@" ""CODE""" + "\n" +
@" ]," + "\n" +
@" ""tokenEndpointAuthMethod"": ""NONE""," + "\n" +
@" ""pkceEnforcement"": ""S256_REQUIRED""," + "\n" +
@" ""refreshTokenDuration"": 86400," + "\n" +
@" ""refreshTokenRollingDuration"": 86400" + "\n" +
@"}";
request.AddStringBody(body, DataFormat.Json);
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "{{apiPath}}/environments/{{envID}}/applications"
method := "POST"
payload := strings.NewReader(`{
"enabled": true,
"name": "DV-FlowApp_piflow{{$timestamp}}",
"description": "This is an OIDC Web application.",
"type": "WEB_APP",
"protocol": "OPENID_CONNECT",
"grantTypes": [
"AUTHORIZATION_CODE"
],
"redirectUris": [
"https://example.com"
],
"responseTypes": [
"CODE"
],
"tokenEndpointAuthMethod": "NONE",
"pkceEnforcement": "S256_REQUIRED",
"refreshTokenDuration": 86400,
"refreshTokenRollingDuration": 86400
}`)
client := &http.Client {
}
req, err := http.NewRequest(method, url, payload)
if err != nil {
fmt.Println(err)
return
}
req.Header.Add("Content-Type", "application/json")
req.Header.Add("Authorization", "Bearer {{accessToken}}")
res, err := client.Do(req)
if err != nil {
fmt.Println(err)
return
}
defer res.Body.Close()
body, err := io.ReadAll(res.Body)
if err != nil {
fmt.Println(err)
return
}
fmt.Println(string(body))
}POST /environments/{{envID}}/applications HTTP/1.1
Host: {{apiPath}}
Content-Type: application/json
Authorization: Bearer {{accessToken}}
{
"enabled": true,
"name": "DV-FlowApp_piflow{{$timestamp}}",
"description": "This is an OIDC Web application.",
"type": "WEB_APP",
"protocol": "OPENID_CONNECT",
"grantTypes": [
"AUTHORIZATION_CODE"
],
"redirectUris": [
"https://example.com"
],
"responseTypes": [
"CODE"
],
"tokenEndpointAuthMethod": "NONE",
"pkceEnforcement": "S256_REQUIRED",
"refreshTokenDuration": 86400,
"refreshTokenRollingDuration": 86400
}OkHttpClient client = new OkHttpClient().newBuilder()
.build();
MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, "{\n \"enabled\": true,\n \"name\": \"DV-FlowApp_piflow{{$timestamp}}\",\n \"description\": \"This is an OIDC Web application.\",\n \"type\": \"WEB_APP\",\n \"protocol\": \"OPENID_CONNECT\",\n \"grantTypes\": [\n \"AUTHORIZATION_CODE\"\n ],\n \"redirectUris\": [\n \"https://example.com\"\n ],\n \"responseTypes\": [\n \"CODE\"\n ],\n \"tokenEndpointAuthMethod\": \"NONE\",\n \"pkceEnforcement\": \"S256_REQUIRED\",\n \"refreshTokenDuration\": 86400,\n \"refreshTokenRollingDuration\": 86400\n}");
Request request = new Request.Builder()
.url("{{apiPath}}/environments/{{envID}}/applications")
.method("POST", body)
.addHeader("Content-Type", "application/json")
.addHeader("Authorization", "Bearer {{accessToken}}")
.build();
Response response = client.newCall(request).execute();var settings = {
"url": "{{apiPath}}/environments/{{envID}}/applications",
"method": "POST",
"timeout": 0,
"headers": {
"Content-Type": "application/json",
"Authorization": "Bearer {{accessToken}}"
},
"data": JSON.stringify({
"enabled": true,
"name": "DV-FlowApp_piflow{{$timestamp}}",
"description": "This is an OIDC Web application.",
"type": "WEB_APP",
"protocol": "OPENID_CONNECT",
"grantTypes": [
"AUTHORIZATION_CODE"
],
"redirectUris": [
"https://example.com"
],
"responseTypes": [
"CODE"
],
"tokenEndpointAuthMethod": "NONE",
"pkceEnforcement": "S256_REQUIRED",
"refreshTokenDuration": 86400,
"refreshTokenRollingDuration": 86400
}),
};
$.ajax(settings).done(function (response) {
console.log(response);
});var request = require('request');
var options = {
'method': 'POST',
'url': '{{apiPath}}/environments/{{envID}}/applications',
'headers': {
'Content-Type': 'application/json',
'Authorization': 'Bearer {{accessToken}}'
},
body: JSON.stringify({
"enabled": true,
"name": "DV-FlowApp_piflow{{$timestamp}}",
"description": "This is an OIDC Web application.",
"type": "WEB_APP",
"protocol": "OPENID_CONNECT",
"grantTypes": [
"AUTHORIZATION_CODE"
],
"redirectUris": [
"https://example.com"
],
"responseTypes": [
"CODE"
],
"tokenEndpointAuthMethod": "NONE",
"pkceEnforcement": "S256_REQUIRED",
"refreshTokenDuration": 86400,
"refreshTokenRollingDuration": 86400
})
};
request(options, function (error, response) {
if (error) throw new Error(error);
console.log(response.body);
});import requests
import json
url = "{{apiPath}}/environments/{{envID}}/applications"
payload = json.dumps({
"enabled": True,
"name": "DV-FlowApp_piflow{{$timestamp}}",
"description": "This is an OIDC Web application.",
"type": "WEB_APP",
"protocol": "OPENID_CONNECT",
"grantTypes": [
"AUTHORIZATION_CODE"
],
"redirectUris": [
"https://example.com"
],
"responseTypes": [
"CODE"
],
"tokenEndpointAuthMethod": "NONE",
"pkceEnforcement": "S256_REQUIRED",
"refreshTokenDuration": 86400,
"refreshTokenRollingDuration": 86400
})
headers = {
'Content-Type': 'application/json',
'Authorization': 'Bearer {{accessToken}}'
}
response = requests.request("POST", url, headers=headers, data=payload)
print(response.text)<?php
require_once 'HTTP/Request2.php';
$request = new HTTP_Request2();
$request->setUrl('{{apiPath}}/environments/{{envID}}/applications');
$request->setMethod(HTTP_Request2::METHOD_POST);
$request->setConfig(array(
'follow_redirects' => TRUE
));
$request->setHeader(array(
'Content-Type' => 'application/json',
'Authorization' => 'Bearer {{accessToken}}'
));
$request->setBody('{\n "enabled": true,\n "name": "DV-FlowApp_piflow{{$timestamp}}",\n "description": "This is an OIDC Web application.",\n "type": "WEB_APP",\n "protocol": "OPENID_CONNECT",\n "grantTypes": [\n "AUTHORIZATION_CODE"\n ],\n "redirectUris": [\n "https://example.com"\n ],\n "responseTypes": [\n "CODE"\n ],\n "tokenEndpointAuthMethod": "NONE",\n "pkceEnforcement": "S256_REQUIRED",\n "refreshTokenDuration": 86400,\n "refreshTokenRollingDuration": 86400\n}');
try {
$response = $request->send();
if ($response->getStatus() == 200) {
echo $response->getBody();
}
else {
echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
$response->getReasonPhrase();
}
}
catch(HTTP_Request2_Exception $e) {
echo 'Error: ' . $e->getMessage();
}require "uri"
require "json"
require "net/http"
url = URI("{{apiPath}}/environments/{{envID}}/applications")
http = Net::HTTP.new(url.host, url.port);
request = Net::HTTP::Post.new(url)
request["Content-Type"] = "application/json"
request["Authorization"] = "Bearer {{accessToken}}"
request.body = JSON.dump({
"enabled": true,
"name": "DV-FlowApp_piflow{{\$timestamp}}",
"description": "This is an OIDC Web application.",
"type": "WEB_APP",
"protocol": "OPENID_CONNECT",
"grantTypes": [
"AUTHORIZATION_CODE"
],
"redirectUris": [
"https://example.com"
],
"responseTypes": [
"CODE"
],
"tokenEndpointAuthMethod": "NONE",
"pkceEnforcement": "S256_REQUIRED",
"refreshTokenDuration": 86400,
"refreshTokenRollingDuration": 86400
})
response = http.request(request)
puts response.read_bodylet parameters = "{\n \"enabled\": true,\n \"name\": \"DV-FlowApp_piflow{{$timestamp}}\",\n \"description\": \"This is an OIDC Web application.\",\n \"type\": \"WEB_APP\",\n \"protocol\": \"OPENID_CONNECT\",\n \"grantTypes\": [\n \"AUTHORIZATION_CODE\"\n ],\n \"redirectUris\": [\n \"https://example.com\"\n ],\n \"responseTypes\": [\n \"CODE\"\n ],\n \"tokenEndpointAuthMethod\": \"NONE\",\n \"pkceEnforcement\": \"S256_REQUIRED\",\n \"refreshTokenDuration\": 86400,\n \"refreshTokenRollingDuration\": 86400\n}"
let postData = parameters.data(using: .utf8)
var request = URLRequest(url: URL(string: "{{apiPath}}/environments/{{envID}}/applications")!,timeoutInterval: Double.infinity)
request.addValue("application/json", forHTTPHeaderField: "Content-Type")
request.addValue("Bearer {{accessToken}}", forHTTPHeaderField: "Authorization")
request.httpMethod = "POST"
request.httpBody = postData
let task = URLSession.shared.dataTask(with: request) { data, response, error in
guard let data = data else {
print(String(describing: error))
return
}
print(String(data: data, encoding: .utf8)!)
}
task.resume()Example Response
201 Created
{
"_links": {
"self": {
"href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/2a73aff9-990f-4003-870d-1c450133b521"
},
"environment": {
"href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
},
"attributes": {
"href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/2a73aff9-990f-4003-870d-1c450133b521/attributes"
},
"secret": {
"href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/2a73aff9-990f-4003-870d-1c450133b521/secret"
},
"grants": {
"href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/2a73aff9-990f-4003-870d-1c450133b521/grants"
},
"keyRotationPolicy": {
"href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/keyRotationPolicies/38c6ccb0-bfd9-4e6b-ace7-4651c52a3c2c"
}
},
"environment": {
"id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
},
"id": "2a73aff9-990f-4003-870d-1c450133b521",
"name": "DV-FlowApp_piflow1745438034",
"description": "This is an OIDC Web application.",
"enabled": true,
"hiddenFromAppPortal": false,
"type": "WEB_APP",
"protocol": "OPENID_CONNECT",
"createdAt": "2025-04-23T19:53:54.275Z",
"updatedAt": "2025-04-23T19:53:54.275Z",
"assignActorRoles": false,
"responseTypes": [
"CODE"
],
"pkceEnforcement": "S256_REQUIRED",
"redirectUris": [
"https://example.com"
],
"deviceTimeout": 600,
"grantTypes": [
"AUTHORIZATION_CODE"
],
"idpSignoff": false,
"refreshTokenDuration": 86400,
"additionalRefreshTokenReplayProtectionEnabled": true,
"tokenEndpointAuthMethod": "NONE",
"refreshTokenRollingDuration": 86400,
"parRequirement": "OPTIONAL",
"devicePollingInterval": 5,
"parTimeout": 60,
"signing": {
"keyRotationPolicy": {
"id": "38c6ccb0-bfd9-4e6b-ace7-4651c52a3c2c"
}
},
"refreshTokenType": "OPAQUE_TOKEN"
}