PingOne Platform APIs

Step 1: Create a PingOne web application

   

POST {{apiPath}}/environments/{{envID}}/applications

This example shows the POST {{apiPath}}/environments/{{envID}}/applications operation to create a new application. This app configuration represents (to PingOne) the real application that users will query to sign-on.

In this request:

  • {{envID}} represents the environment ID for your environment.

  • These properties are required in the request body:

    • enabled. The current enabled state of the application.

    • name. The name of the application.

    • type. The application type. In this workflow, the type is WEB_APP.

    • protocol. The protocol used by the application. In this workflow, the protocol is OPENID_CONNECT.

    • grantTypes. The grant type for the authorization request. In this workflow, the grantTypes property specifies the authorization_code grant type.

    • redirectUris. The callback URI for the authentication response.

    • responseTypes. The code or token type returned by an authorization request. In this workflow, the responseTypes property specifies CODE` to return an authorization code.

    • tokenEndpointAuthMethod. The client authentication methods supported by the token endpoint. In this workflow, the tokenEndpointAuthMethod property specifies CLIENT_SECRET_BASIC.

  • The response returns a Status: 201 created message and shows the new application’s configuration data.

  • The response data includes the application’s id property. Unless you’re using the Postman collection for this workflow (which sets the environment variables), you’ll need to copy the application id property for use in a subsequent step.

Headers

Authorization      Bearer {{accessToken}}

Content-Type      application/json

Body

raw ( application/json )

{
    "enabled": true,
    "name": "DV-FlowApp_piflow{{$timestamp}}",
    "description": "This is an OIDC Web application.",
    "type": "WEB_APP",
    "protocol": "OPENID_CONNECT",
    "grantTypes": [
        "AUTHORIZATION_CODE"
    ],
    "redirectUris": [
        "https://www.example.com",
        "https://example.com/login/callback",
        "http://localhost:3000",
        "http://localhost:3000/login/callback",
        "http://localhost:8080"
    ],
    "responseTypes": [
        "CODE"
    ],
    "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC"
}

Example Request

  • cURL

  • C#

  • Go

  • HTTP

  • Java

  • jQuery

  • NodeJS

  • Python

  • PHP

  • Ruby

  • Swift

curl --location --globoff '{{apiPath}}/environments/{{envID}}/applications' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer {{accessToken}}' \
--data '{
    "enabled": true,
    "name": "DV-FlowApp_piflow{{$timestamp}}",
    "description": "This is an OIDC Web application.",
    "type": "WEB_APP",
    "protocol": "OPENID_CONNECT",
    "grantTypes": [
        "AUTHORIZATION_CODE"
    ],
    "redirectUris": [
        "https://www.example.com",
        "https://example.com/login/callback",
        "http://localhost:3000",
        "http://localhost:3000/login/callback",
        "http://localhost:8080"
    ],
    "responseTypes": [
        "CODE"
    ],
    "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC"
}'
var options = new RestClientOptions("{{apiPath}}/environments/{{envID}}/applications")
{
  MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("", Method.Post);
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Authorization", "Bearer {{accessToken}}");
var body = @"{" + "\n" +
@"    ""enabled"": true," + "\n" +
@"    ""name"": ""DV-FlowApp_piflow{{$timestamp}}""," + "\n" +
@"    ""description"": ""This is an OIDC Web application.""," + "\n" +
@"    ""type"": ""WEB_APP""," + "\n" +
@"    ""protocol"": ""OPENID_CONNECT""," + "\n" +
@"    ""grantTypes"": [" + "\n" +
@"        ""AUTHORIZATION_CODE""" + "\n" +
@"    ]," + "\n" +
@"    ""redirectUris"": [" + "\n" +
@"        ""https://www.example.com""," + "\n" +
@"        ""https://example.com/login/callback""," + "\n" +
@"        ""http://localhost:3000""," + "\n" +
@"        ""http://localhost:3000/login/callback""," + "\n" +
@"        ""http://localhost:8080""" + "\n" +
@"    ]," + "\n" +
@"    ""responseTypes"": [" + "\n" +
@"        ""CODE""" + "\n" +
@"    ]," + "\n" +
@"    ""tokenEndpointAuthMethod"": ""CLIENT_SECRET_BASIC""" + "\n" +
@"}";
request.AddStringBody(body, DataFormat.Json);
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);
package main

import (
  "fmt"
  "strings"
  "net/http"
  "io"
)

func main() {

  url := "{{apiPath}}/environments/{{envID}}/applications"
  method := "POST"

  payload := strings.NewReader(`{
    "enabled": true,
    "name": "DV-FlowApp_piflow{{$timestamp}}",
    "description": "This is an OIDC Web application.",
    "type": "WEB_APP",
    "protocol": "OPENID_CONNECT",
    "grantTypes": [
        "AUTHORIZATION_CODE"
    ],
    "redirectUris": [
        "https://www.example.com",
        "https://example.com/login/callback",
        "http://localhost:3000",
        "http://localhost:3000/login/callback",
        "http://localhost:8080"
    ],
    "responseTypes": [
        "CODE"
    ],
    "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC"
}`)

  client := &http.Client {
  }
  req, err := http.NewRequest(method, url, payload)

  if err != nil {
    fmt.Println(err)
    return
  }
  req.Header.Add("Content-Type", "application/json")
  req.Header.Add("Authorization", "Bearer {{accessToken}}")

  res, err := client.Do(req)
  if err != nil {
    fmt.Println(err)
    return
  }
  defer res.Body.Close()

  body, err := io.ReadAll(res.Body)
  if err != nil {
    fmt.Println(err)
    return
  }
  fmt.Println(string(body))
}
POST /environments/{{envID}}/applications HTTP/1.1
Host: {{apiPath}}
Content-Type: application/json
Authorization: Bearer {{accessToken}}

{
    "enabled": true,
    "name": "DV-FlowApp_piflow{{$timestamp}}",
    "description": "This is an OIDC Web application.",
    "type": "WEB_APP",
    "protocol": "OPENID_CONNECT",
    "grantTypes": [
        "AUTHORIZATION_CODE"
    ],
    "redirectUris": [
        "https://www.example.com",
        "https://example.com/login/callback",
        "http://localhost:3000",
        "http://localhost:3000/login/callback",
        "http://localhost:8080"
    ],
    "responseTypes": [
        "CODE"
    ],
    "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC"
}
OkHttpClient client = new OkHttpClient().newBuilder()
  .build();
MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, "{\n    \"enabled\": true,\n    \"name\": \"DV-FlowApp_piflow{{$timestamp}}\",\n    \"description\": \"This is an OIDC Web application.\",\n    \"type\": \"WEB_APP\",\n    \"protocol\": \"OPENID_CONNECT\",\n    \"grantTypes\": [\n        \"AUTHORIZATION_CODE\"\n    ],\n    \"redirectUris\": [\n        \"https://www.example.com\",\n        \"https://example.com/login/callback\",\n        \"http://localhost:3000\",\n        \"http://localhost:3000/login/callback\",\n        \"http://localhost:8080\"\n    ],\n    \"responseTypes\": [\n        \"CODE\"\n    ],\n    \"tokenEndpointAuthMethod\": \"CLIENT_SECRET_BASIC\"\n}");
Request request = new Request.Builder()
  .url("{{apiPath}}/environments/{{envID}}/applications")
  .method("POST", body)
  .addHeader("Content-Type", "application/json")
  .addHeader("Authorization", "Bearer {{accessToken}}")
  .build();
Response response = client.newCall(request).execute();
var settings = {
  "url": "{{apiPath}}/environments/{{envID}}/applications",
  "method": "POST",
  "timeout": 0,
  "headers": {
    "Content-Type": "application/json",
    "Authorization": "Bearer {{accessToken}}"
  },
  "data": JSON.stringify({
    "enabled": true,
    "name": "DV-FlowApp_piflow{{$timestamp}}",
    "description": "This is an OIDC Web application.",
    "type": "WEB_APP",
    "protocol": "OPENID_CONNECT",
    "grantTypes": [
      "AUTHORIZATION_CODE"
    ],
    "redirectUris": [
      "https://www.example.com",
      "https://example.com/login/callback",
      "http://localhost:3000",
      "http://localhost:3000/login/callback",
      "http://localhost:8080"
    ],
    "responseTypes": [
      "CODE"
    ],
    "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC"
  }),
};

$.ajax(settings).done(function (response) {
  console.log(response);
});
var request = require('request');
var options = {
  'method': 'POST',
  'url': '{{apiPath}}/environments/{{envID}}/applications',
  'headers': {
    'Content-Type': 'application/json',
    'Authorization': 'Bearer {{accessToken}}'
  },
  body: JSON.stringify({
    "enabled": true,
    "name": "DV-FlowApp_piflow{{$timestamp}}",
    "description": "This is an OIDC Web application.",
    "type": "WEB_APP",
    "protocol": "OPENID_CONNECT",
    "grantTypes": [
      "AUTHORIZATION_CODE"
    ],
    "redirectUris": [
      "https://www.example.com",
      "https://example.com/login/callback",
      "http://localhost:3000",
      "http://localhost:3000/login/callback",
      "http://localhost:8080"
    ],
    "responseTypes": [
      "CODE"
    ],
    "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC"
  })

};
request(options, function (error, response) {
  if (error) throw new Error(error);
  console.log(response.body);
});
import requests
import json

url = "{{apiPath}}/environments/{{envID}}/applications"

payload = json.dumps({
  "enabled": True,
  "name": "DV-FlowApp_piflow{{$timestamp}}",
  "description": "This is an OIDC Web application.",
  "type": "WEB_APP",
  "protocol": "OPENID_CONNECT",
  "grantTypes": [
    "AUTHORIZATION_CODE"
  ],
  "redirectUris": [
    "https://www.example.com",
    "https://example.com/login/callback",
    "http://localhost:3000",
    "http://localhost:3000/login/callback",
    "http://localhost:8080"
  ],
  "responseTypes": [
    "CODE"
  ],
  "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC"
})
headers = {
  'Content-Type': 'application/json',
  'Authorization': 'Bearer {{accessToken}}'
}

response = requests.request("POST", url, headers=headers, data=payload)

print(response.text)
<?php
require_once 'HTTP/Request2.php';
$request = new HTTP_Request2();
$request->setUrl('{{apiPath}}/environments/{{envID}}/applications');
$request->setMethod(HTTP_Request2::METHOD_POST);
$request->setConfig(array(
  'follow_redirects' => TRUE
));
$request->setHeader(array(
  'Content-Type' => 'application/json',
  'Authorization' => 'Bearer {{accessToken}}'
));
$request->setBody('{\n    "enabled": true,\n    "name": "DV-FlowApp_piflow{{$timestamp}}",\n    "description": "This is an OIDC Web application.",\n    "type": "WEB_APP",\n    "protocol": "OPENID_CONNECT",\n    "grantTypes": [\n        "AUTHORIZATION_CODE"\n    ],\n    "redirectUris": [\n        "https://www.example.com",\n        "https://example.com/login/callback",\n        "http://localhost:3000",\n        "http://localhost:3000/login/callback",\n        "http://localhost:8080"\n    ],\n    "responseTypes": [\n        "CODE"\n    ],\n    "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC"\n}');
try {
  $response = $request->send();
  if ($response->getStatus() == 200) {
    echo $response->getBody();
  }
  else {
    echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
    $response->getReasonPhrase();
  }
}
catch(HTTP_Request2_Exception $e) {
  echo 'Error: ' . $e->getMessage();
}
require "uri"
require "json"
require "net/http"

url = URI("{{apiPath}}/environments/{{envID}}/applications")

http = Net::HTTP.new(url.host, url.port);
request = Net::HTTP::Post.new(url)
request["Content-Type"] = "application/json"
request["Authorization"] = "Bearer {{accessToken}}"
request.body = JSON.dump({
  "enabled": true,
  "name": "DV-FlowApp_piflow{{\$timestamp}}",
  "description": "This is an OIDC Web application.",
  "type": "WEB_APP",
  "protocol": "OPENID_CONNECT",
  "grantTypes": [
    "AUTHORIZATION_CODE"
  ],
  "redirectUris": [
    "https://www.example.com",
    "https://example.com/login/callback",
    "http://localhost:3000",
    "http://localhost:3000/login/callback",
    "http://localhost:8080"
  ],
  "responseTypes": [
    "CODE"
  ],
  "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC"
})

response = http.request(request)
puts response.read_body
let parameters = "{\n    \"enabled\": true,\n    \"name\": \"DV-FlowApp_piflow{{$timestamp}}\",\n    \"description\": \"This is an OIDC Web application.\",\n    \"type\": \"WEB_APP\",\n    \"protocol\": \"OPENID_CONNECT\",\n    \"grantTypes\": [\n        \"AUTHORIZATION_CODE\"\n    ],\n    \"redirectUris\": [\n        \"https://www.example.com\",\n        \"https://example.com/login/callback\",\n        \"http://localhost:3000\",\n        \"http://localhost:3000/login/callback\",\n        \"http://localhost:8080\"\n    ],\n    \"responseTypes\": [\n        \"CODE\"\n    ],\n    \"tokenEndpointAuthMethod\": \"CLIENT_SECRET_BASIC\"\n}"
let postData = parameters.data(using: .utf8)

var request = URLRequest(url: URL(string: "{{apiPath}}/environments/{{envID}}/applications")!,timeoutInterval: Double.infinity)
request.addValue("application/json", forHTTPHeaderField: "Content-Type")
request.addValue("Bearer {{accessToken}}", forHTTPHeaderField: "Authorization")

request.httpMethod = "POST"
request.httpBody = postData

let task = URLSession.shared.dataTask(with: request) { data, response, error in
  guard let data = data else {
    print(String(describing: error))
    return
  }
  print(String(data: data, encoding: .utf8)!)
}

task.resume()

Example Response

201 Created

{
    "_links": {
        "self": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/2e54323b-b56e-42b0-849c-f9691bc75254"
        },
        "environment": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
        },
        "attributes": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/2e54323b-b56e-42b0-849c-f9691bc75254/attributes"
        },
        "secret": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/2e54323b-b56e-42b0-849c-f9691bc75254/secret"
        },
        "grants": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/2e54323b-b56e-42b0-849c-f9691bc75254/grants"
        },
        "keyRotationPolicy": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/keyRotationPolicies/38c6ccb0-bfd9-4e6b-ace7-4651c52a3c2c"
        }
    },
    "environment": {
        "id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
    },
    "id": "2e54323b-b56e-42b0-849c-f9691bc75254",
    "name": "DV-FlowApp_piflow1740430794",
    "description": "This is an OIDC Web application.",
    "enabled": true,
    "hiddenFromAppPortal": false,
    "type": "WEB_APP",
    "protocol": "OPENID_CONNECT",
    "createdAt": "2025-02-24T20:59:54.052Z",
    "updatedAt": "2025-02-24T20:59:54.052Z",
    "assignActorRoles": false,
    "responseTypes": [
        "CODE"
    ],
    "pkceEnforcement": "OPTIONAL",
    "redirectUris": [
        "https://www.example.com",
        "https://example.com/login/callback",
        "http://localhost:3000",
        "http://localhost:3000/login/callback",
        "http://localhost:8080"
    ],
    "deviceTimeout": 600,
    "grantTypes": [
        "AUTHORIZATION_CODE"
    ],
    "idpSignoff": false,
    "additionalRefreshTokenReplayProtectionEnabled": true,
    "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",
    "parRequirement": "OPTIONAL",
    "devicePollingInterval": 5,
    "parTimeout": 60,
    "signing": {
        "keyRotationPolicy": {
            "id": "38c6ccb0-bfd9-4e6b-ace7-4651c52a3c2c"
        }
    }
}