Step 1: Create a web application
PUT {{apiPath}}/environments/{{envID}}/applications/{{sharedWebAppID}}You can use the PUT {{apiPath}}/environments/{{envID}}/applications endpoint to update the grantTypes property to specify both the AUTHORIZATION_CODE and the REFRESH_TOKEN grants.
|
The application’s data model includes additional optional configuration properties for refresh tokens, such as |
The response returns information about the new application, including its id property, which identifies the ID for this application resource. You will need the application’s ID property value to get the application secret, and you will need it to associate the sign-on policy with the application.
Body
raw ( application/json )
{
"enabled": true,
"name": "Shared-Web-App",
"type": "WEB_APP",
"protocol": "OPENID_CONNECT",
"grantTypes": [
"AUTHORIZATION_CODE",
"REFRESH_TOKEN"
],
"redirectUris": [
"http://localhost:3000/callback"
],
"responseTypes": [
"CODE"
],
"tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC"
}Example Request
-
cURL
-
C#
-
Go
-
HTTP
-
Java
-
jQuery
-
NodeJS
-
Python
-
PHP
-
Ruby
-
Swift
curl --location --globoff --request PUT '{{apiPath}}/environments/{{envID}}/applications/{{sharedWebAppID}}' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer {{accessToken}}' \
--data '{
"enabled": true,
"name": "Shared-Web-App",
"type": "WEB_APP",
"protocol": "OPENID_CONNECT",
"grantTypes": [
"AUTHORIZATION_CODE",
"REFRESH_TOKEN"
],
"redirectUris": [
"http://localhost:3000/callback"
],
"responseTypes": [
"CODE"
],
"tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC"
}'var options = new RestClientOptions("{{apiPath}}/environments/{{envID}}/applications/{{sharedWebAppID}}")
{
MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("", Method.Put);
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Authorization", "Bearer {{accessToken}}");
var body = @"{" + "\n" +
@" ""enabled"": true," + "\n" +
@" ""name"": ""Shared-Web-App""," + "\n" +
@" ""type"": ""WEB_APP""," + "\n" +
@" ""protocol"": ""OPENID_CONNECT""," + "\n" +
@" ""grantTypes"": [" + "\n" +
@" ""AUTHORIZATION_CODE""," + "\n" +
@" ""REFRESH_TOKEN""" + "\n" +
@" ]," + "\n" +
@" ""redirectUris"": [" + "\n" +
@" ""http://localhost:3000/callback""" + "\n" +
@" ]," + "\n" +
@" ""responseTypes"": [" + "\n" +
@" ""CODE""" + "\n" +
@" ]," + "\n" +
@" ""tokenEndpointAuthMethod"": ""CLIENT_SECRET_BASIC""" + "\n" +
@"}";
request.AddStringBody(body, DataFormat.Json);
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "{{apiPath}}/environments/{{envID}}/applications/{{sharedWebAppID}}"
method := "PUT"
payload := strings.NewReader(`{
"enabled": true,
"name": "Shared-Web-App",
"type": "WEB_APP",
"protocol": "OPENID_CONNECT",
"grantTypes": [
"AUTHORIZATION_CODE",
"REFRESH_TOKEN"
],
"redirectUris": [
"http://localhost:3000/callback"
],
"responseTypes": [
"CODE"
],
"tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC"
}`)
client := &http.Client {
}
req, err := http.NewRequest(method, url, payload)
if err != nil {
fmt.Println(err)
return
}
req.Header.Add("Content-Type", "application/json")
req.Header.Add("Authorization", "Bearer {{accessToken}}")
res, err := client.Do(req)
if err != nil {
fmt.Println(err)
return
}
defer res.Body.Close()
body, err := io.ReadAll(res.Body)
if err != nil {
fmt.Println(err)
return
}
fmt.Println(string(body))
}PUT /environments/{{envID}}/applications/{{sharedWebAppID}} HTTP/1.1
Host: {{apiPath}}
Content-Type: application/json
Authorization: Bearer {{accessToken}}
{
"enabled": true,
"name": "Shared-Web-App",
"type": "WEB_APP",
"protocol": "OPENID_CONNECT",
"grantTypes": [
"AUTHORIZATION_CODE",
"REFRESH_TOKEN"
],
"redirectUris": [
"http://localhost:3000/callback"
],
"responseTypes": [
"CODE"
],
"tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC"
}OkHttpClient client = new OkHttpClient().newBuilder()
.build();
MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, "{\n \"enabled\": true,\n \"name\": \"Shared-Web-App\",\n \"type\": \"WEB_APP\",\n \"protocol\": \"OPENID_CONNECT\",\n \"grantTypes\": [\n \"AUTHORIZATION_CODE\",\n \"REFRESH_TOKEN\"\n ],\n \"redirectUris\": [\n \"http://localhost:3000/callback\"\n ],\n \"responseTypes\": [\n \"CODE\"\n ],\n \"tokenEndpointAuthMethod\": \"CLIENT_SECRET_BASIC\"\n}");
Request request = new Request.Builder()
.url("{{apiPath}}/environments/{{envID}}/applications/{{sharedWebAppID}}")
.method("PUT", body)
.addHeader("Content-Type", "application/json")
.addHeader("Authorization", "Bearer {{accessToken}}")
.build();
Response response = client.newCall(request).execute();var settings = {
"url": "{{apiPath}}/environments/{{envID}}/applications/{{sharedWebAppID}}",
"method": "PUT",
"timeout": 0,
"headers": {
"Content-Type": "application/json",
"Authorization": "Bearer {{accessToken}}"
},
"data": JSON.stringify({
"enabled": true,
"name": "Shared-Web-App",
"type": "WEB_APP",
"protocol": "OPENID_CONNECT",
"grantTypes": [
"AUTHORIZATION_CODE",
"REFRESH_TOKEN"
],
"redirectUris": [
"http://localhost:3000/callback"
],
"responseTypes": [
"CODE"
],
"tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC"
}),
};
$.ajax(settings).done(function (response) {
console.log(response);
});var request = require('request');
var options = {
'method': 'PUT',
'url': '{{apiPath}}/environments/{{envID}}/applications/{{sharedWebAppID}}',
'headers': {
'Content-Type': 'application/json',
'Authorization': 'Bearer {{accessToken}}'
},
body: JSON.stringify({
"enabled": true,
"name": "Shared-Web-App",
"type": "WEB_APP",
"protocol": "OPENID_CONNECT",
"grantTypes": [
"AUTHORIZATION_CODE",
"REFRESH_TOKEN"
],
"redirectUris": [
"http://localhost:3000/callback"
],
"responseTypes": [
"CODE"
],
"tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC"
})
};
request(options, function (error, response) {
if (error) throw new Error(error);
console.log(response.body);
});import requests
import json
url = "{{apiPath}}/environments/{{envID}}/applications/{{sharedWebAppID}}"
payload = json.dumps({
"enabled": True,
"name": "Shared-Web-App",
"type": "WEB_APP",
"protocol": "OPENID_CONNECT",
"grantTypes": [
"AUTHORIZATION_CODE",
"REFRESH_TOKEN"
],
"redirectUris": [
"http://localhost:3000/callback"
],
"responseTypes": [
"CODE"
],
"tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC"
})
headers = {
'Content-Type': 'application/json',
'Authorization': 'Bearer {{accessToken}}'
}
response = requests.request("PUT", url, headers=headers, data=payload)
print(response.text)<?php
require_once 'HTTP/Request2.php';
$request = new HTTP_Request2();
$request->setUrl('{{apiPath}}/environments/{{envID}}/applications/{{sharedWebAppID}}');
$request->setMethod(HTTP_Request2::METHOD_PUT);
$request->setConfig(array(
'follow_redirects' => TRUE
));
$request->setHeader(array(
'Content-Type' => 'application/json',
'Authorization' => 'Bearer {{accessToken}}'
));
$request->setBody('{\n "enabled": true,\n "name": "Shared-Web-App",\n "type": "WEB_APP",\n "protocol": "OPENID_CONNECT",\n "grantTypes": [\n "AUTHORIZATION_CODE",\n "REFRESH_TOKEN"\n ],\n "redirectUris": [\n "http://localhost:3000/callback"\n ],\n "responseTypes": [\n "CODE"\n ],\n "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC"\n}');
try {
$response = $request->send();
if ($response->getStatus() == 200) {
echo $response->getBody();
}
else {
echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
$response->getReasonPhrase();
}
}
catch(HTTP_Request2_Exception $e) {
echo 'Error: ' . $e->getMessage();
}require "uri"
require "json"
require "net/http"
url = URI("{{apiPath}}/environments/{{envID}}/applications/{{sharedWebAppID}}")
http = Net::HTTP.new(url.host, url.port);
request = Net::HTTP::Put.new(url)
request["Content-Type"] = "application/json"
request["Authorization"] = "Bearer {{accessToken}}"
request.body = JSON.dump({
"enabled": true,
"name": "Shared-Web-App",
"type": "WEB_APP",
"protocol": "OPENID_CONNECT",
"grantTypes": [
"AUTHORIZATION_CODE",
"REFRESH_TOKEN"
],
"redirectUris": [
"http://localhost:3000/callback"
],
"responseTypes": [
"CODE"
],
"tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC"
})
response = http.request(request)
puts response.read_bodylet parameters = "{\n \"enabled\": true,\n \"name\": \"Shared-Web-App\",\n \"type\": \"WEB_APP\",\n \"protocol\": \"OPENID_CONNECT\",\n \"grantTypes\": [\n \"AUTHORIZATION_CODE\",\n \"REFRESH_TOKEN\"\n ],\n \"redirectUris\": [\n \"http://localhost:3000/callback\"\n ],\n \"responseTypes\": [\n \"CODE\"\n ],\n \"tokenEndpointAuthMethod\": \"CLIENT_SECRET_BASIC\"\n}"
let postData = parameters.data(using: .utf8)
var request = URLRequest(url: URL(string: "{{apiPath}}/environments/{{envID}}/applications/{{sharedWebAppID}}")!,timeoutInterval: Double.infinity)
request.addValue("application/json", forHTTPHeaderField: "Content-Type")
request.addValue("Bearer {{accessToken}}", forHTTPHeaderField: "Authorization")
request.httpMethod = "PUT"
request.httpBody = postData
let task = URLSession.shared.dataTask(with: request) { data, response, error in
guard let data = data else {
print(String(describing: error))
return
}
print(String(data: data, encoding: .utf8)!)
}
task.resume()Example Response
200 OK
{
"_links": {
"self": {
"href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/7029adfa-164d-4234-a3ca-3e4900ef94a6"
},
"environment": {
"href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
},
"metadata": {
"href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/7029adfa-164d-4234-a3ca-3e4900ef94a6/metadata"
},
"attributes": {
"href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/7029adfa-164d-4234-a3ca-3e4900ef94a6/attributes"
},
"secret": {
"href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/7029adfa-164d-4234-a3ca-3e4900ef94a6/secret"
},
"grants": {
"href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/7029adfa-164d-4234-a3ca-3e4900ef94a6/grants"
}
},
"environment": {
"id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
},
"id": "7029adfa-164d-4234-a3ca-3e4900ef94a6",
"name": "Shared-Web-App",
"enabled": true,
"type": "WEB_APP",
"protocol": "OPENID_CONNECT",
"createdAt": "2026-04-08T15:39:17.367Z",
"updatedAt": "2026-04-22T00:13:53.818Z",
"clientId": "7029adfa-164d-4234-a3ca-3e4900ef94a6",
"assignActorRoles": false,
"responseTypes": [
"CODE"
],
"grantTypes": [
"REFRESH_TOKEN",
"AUTHORIZATION_CODE"
],
"tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",
"pkceEnforcement": "OPTIONAL",
"requestScopesForMultipleResourcesEnabled": false,
"parRequirement": "OPTIONAL",
"devicePollingInterval": 5,
"redirectUris": [
"http://localhost:3000/callback"
],
"parTimeout": 60,
"deviceTimeout": 600
}