PingFederate Admin API

The PingFederate Administrator API is a RESTful, JSON-based API that enables user authentication and single sign-on. It serves as a global authentication authority that allows employees, customers and partners to securely access all the applications they need from any device.

Administrative Accounts

The administrative accounts API endpoints support operations to create, read, update, and delete administrative account resources.

Roles available for an administrator.

  • USER_ADMINISTRATOR - Can create, deactivate or delete accounts and reset passwords. Additionally, install replacement license keys.

  • CRYPTO_ADMINISTRATOR - Can manage local keys and certificates.

  • ADMINISTRATOR - Can configure partner connections and most system settings (except the management of native accounts and the handling of local keys and certificates.


READ Administrative Accounts


READ One Administrative Account


CREATE Administrative Account


CREATE Native Account Password Change


CREATE Password Reset


UPDATE Native Administrative Account


DELETE PingFederate Native Administrative Account Information

Authentication API

The application authentication API endpoints support operations to create, read, update, and delete authentication application resources.

Settings

The authentication settings API endpoints support operations to read and update the current authentication settings.


READ Authentication API Settings


UPDATE Authentication API Settings


READ Authentication API Applications


READ One Authentication API Application


CREATE Authentication API Application


UPDATE Authentication API Application


DELETE Authentication API Application

Authentication Policies

The authentication policies API endpoints support operations manage default authentication policies and settings.

Default

The default authentication policies API endpoints support operations to read and update default authentication policies resources.


READ Default Authentication Policy


UPDATE Default Authentication Policy

Settings

The authentication policies settings API endpoints support operations to read and update authentication policies settings resources.


READ Authentication Policies Settings


UPDATE Authentication Policies Settings

Authentication Policy Contracts


READ Authentication Policy Contracts


READ One Authentication Policy Contract


CREATE Authentication Policy Contract


UPDATE Authentication Policy Contract


DELETE Authentication Policy Contract

Authentication Selectors

The authentication selectors API endpoints support operations manage authentication selectors and descriptors. The authentication selector descriptors API endpoints support operations to read and update authentication selector descriptor resources.

Descriptors

The authentication selector descriptors API endpoints support operations to read and update authentication selector descriptor resources.


READ Authentication Selector Descriptors


READ One Authentication Selector Descriptor


READ Authentication Selectors


READ One Authentication Selector


CREATE Authentication Selector


UPDATE Authentication Selector


DELETE Authentication Selector

Bulk

The bulk API endpoints support operations to manage bulk import of resources from a JSON file and export of resources to a JSON file.


READ API Resources


CREATE PingFederate Deployment Configuration Import

Certificates

The certificates API endpoints support operations to create, read, update, and delete certificate CA resources and endpoints to revoke certificates.

CA

The certificates/CA API endpoints support operations to create, read, update, and delete certificate resources.


READ Trusted Certificate Authorities


READ One Certificate File Download


READ Trusted Certificate Authority


CREATE Trusted Certificate Authority Import


DELETE Trusted Certificate Authority

Revocation

The certificate revocation API endpoints support operations to read and update certificate revocation resources.

Certificate Settings

The certificate revocation API endpoints support operations to read and update certificate revocation settings resources.


READ Certificate Revocation Settings


UPDATE Certificate Revocation Settings

OCSP Certificates

The certificate revocation API endpoints support operations to read and update certificate revocation OCSP certificate resources.


READ OCSP Responder Signature Verification Certificates


READ One OCSP Responder Signature Verification Certificate


CREATE OCSP Responder Signature Verification Certificate Import


DELETE OCSP Responder Signature Verification Certificate

Cluster

The cluster API endpoints support operations to replicate configuration updates to all nodes in the cluster and read cluster resources.


READ Cluster Status


CREATE Cluster Configuration Replication

Config Archive

The config archive API endpoints support operations to import and export config archive resources.


READ Configuration Archive Export


CREATE Configuration Archive Import

Config Store

The config store API endpoints support operations to create, read, update, and delete config store resources.


READ Config Store Settings


READ One Config Store Setting


UPDATE Config Store Setting


DELETE Config Store Setting

Connection Metadata

The connection metadata API endpoints support operations to import and export connection metadata.


CREATE SAML Metadata to JSON Conversion


CREATE SAML Connection Metadata Export

Data Store Management

The data stores API endpoints support operations to manage data store resources, data store actions, and data store descriptors.

Data Stores

The data stores API endpoints support operations to create, read, update, and delete data store resources.


READ Data Stores


READ One Data Store


CREATE Data Store


UPDATE Data Store


DELETE Data Store

Data Store Descriptors

The data store descriptors API endpoints support operations to read data store descriptor resources.


READ Custom Data Store Descriptors


READ One Custom Data Store Plugin

Data Store Actions


READ Data Store Actions


READ One Data Store Action


CREATE Data Source Action

Extended Properties

The extended properties API endpoints support operations to read and update extended properties resources.


READ Extended Properties


UPDATE Extended Properties

Identity Providers

Identity Provider Adapters

The identity provider/adapter API endpoints support operations to manage identity provider adapter resources, identity provider actions, and identity provider descriptors.

Identity Provider Adapters

The identity provider adapter API endpoints support operations to create, read, update, and delete identity provider adapter resources.


READ IdP Adapters


READ One IdP Adapter


CREATE IdP Adapter


UPDATE IdP Adapter


DELETE IdP Adapter

Identity Provider Descriptors

The identity provider descriptor API endpoints support operations to read identity provider descriptor resources.


READ IdP Adapter Descriptors


READ One IdP Adapter Plugin

Identity Provider Actions

The identity provider actions API endpoints support operations to create and read identity provider actions resources.


READ IdP Adapter Actions


READ One IdP Adapter Action


CREATE IdP Adapter Action

Identity Provider Connectors/Descriptors

The identity provider connectors/descriptors API endpoints support operations to manage identity provider connector descriptor resources.


READ Connector Descriptors


READ One Connector Descriptor

Identity Provider Default URLs

The identity provider default URLs API endpoints support operations to read and update default URL settings.


READ Identity Provider Default URL Settings


UPDATE Identity Provider Default URL Settings

Identity Provider and Service Provider Connections

The identity provider and service provider connection API endpoints support operations to manage service provider connections and settings.

Credentials

Certificates

The service provider certificates API endpoints support operations to create, read and update service provider certificate resources.


READ Service Provider Connection Certificates


CREATE Service Provider Connection Certificate


UPDATE Service Provider Connection Certificates

Decryption keys


READ Service Provider Connection Decryption Keys


UPDATE Service Provider Connection Decryption Keys

Signing settings


READ Service Provider Connection Signature Settings


UPDATE Service Provider Connection Signature Settings


READ Service Provider Connections


READ One Service Provider Connection


CREATE Service Provider Connection


UPDATE Service Provider Connection


DELETE Service Provider Connection

Identity Provider STS Request Parameters Contracts

The identity provider STS contracts API endpoints support operations to manage service provider STS request parameter contracts and settings.


READ STS Request Parameters Contracts


READ One STS Request Parameters Contract


CREATE STS Request Parameters Contract


UPDATE STS Request Parameters Contract


DELETE STS Request Parameters Contract

Identity Provider Token Processors/Descriptors

The identity provider token processors/descriptors API endpoints support operations to manage identity provider token processor descriptor resources.

Identity provider token processors


READ Token Processors


READ One Token Processor


CREATE Token Processor


UPDATE Token Processor


DELETE Token Processor

Identity Provider Token Processor Descriptors


READ Token Processors


READ One Token Processor

Identity Provider to Service Provider Adapter Mapping

The identity provider to service provider adapter mapping API endpoints support operations to manage identity provider to service provider adapter resources.


READ IdP-to-SP Adapter Mappings


READ One IdP-to-SP Adapter Mapping


CREATE IdP-to-SP Adapter Mapping


UPDATE IdP-to-SP Adapter Mapping


DELETE Adapter Mapping

Kerberos

Realms

The Kerberos/Realms API endpoints support operations to manage Kerberos/Realms configurations and settings.

Settings


READ Kerberos Realms Settings


UPDATE Kerberos Realms Settings


READ Kerberos Realms


READ One Kerberos Realm


CREATE Kerberos Realm


UPDATE Kerberos Realm


DELETE Kerberos Realm

Key Pairs

OAuth OpenID Connect

The key pairs/OAuth OpenID Connect API endpoints support operations to manage OAuth OpenID Connect key pairs.


READ OAuth or Open ID Connect Key Settings


UPDATE OAuth or Open ID Connect Key Settings

Signing

The key pairs/signing API endpoints support operations to manage signing key pairs.

Data model

Property Description
id A string that specifies the resource’s unique identifier.
property description text.

Response codes

Code Message
200 Successful operation.
201 Successfully created.
204 Successfully removed. No content.
400 The request could not be completed.
404 The requested resource was not found.

CSR

The key pairs/signing API endpoints support operations to manage signing key pairs.


READ Certificate Signing Request


CREATE CSR Response Import

Rotation Settings

The key pairs/signing API endpoints support operations to manage signing key pairs.


READ Rotation Settings


UPDATE Rotation Settings


DELETE Rotation Settings

Import


CREATE a Key Pair Import

Generate


CREATE Key Pair

Pkcs12


CREATE Key Pair Download in PKCS12 Format

Certificate


READ Certificate from Key Pair Download


READ Key Pairs


READ One Key Pair


DELETE Key Pair

SSL Client

The key pairs/SSL client API endpoints support operations to manage SSL client key pairs.

CSR


READ CSR Generation


CREATE CSR Response Import

Generate


CREATE Key Pair

Import


CREATE SSL Client Key Pair Import

Pkcs12


CREATE Key Pair Download in PKCS12 Format

Certificate


READ Certificate Download


READ SSL Client Key Pairs


READ One SSL Client Key Pair


DELETE SSL Client Key Pair

SSL Server

The key pairs/SSL server API endpoints support operations to manage SSL server key pairs.

Settings


READ SSL server certificate settings


UPDATE SSL server certificate settings

CSR


READ SSL Server CSR Generation


CREATE SSL Server CSR Response Import

Import


CREATE SSL Server Key Pair Import

Generate


CREATE SSL Server Key Pair Generation

Pkcs12


CREATE SSL Server Key Pair Download

Certificate


READ SSL Server Certificate Download


READ SSL Server Key Pairs


READ SSL Server Key Pair


DELETE SSL Server Key Pair

Algorithms

The key pairs/Algorithms API endpoints support operations to manage SSL key algorithms.

Data model

Property Description
id A string that specifies the resource’s unique identifier.
property description text.

Response codes

Code Message
200 Successful operation.
201 Successfully created.
204 Successfully removed. No content.
400 The request could not be completed.
404 The requested resource was not found.

READ Key Algorithms

License

The license API endpoints support operations to manage PingFederate licenses.

Data model

Property Description
id A string that specifies the resource’s unique identifier.
property description text.

Response codes

Code Message
200 Successful operation.
201 Successfully created.
204 Successfully removed. No content.
400 The request could not be completed.
404 The requested resource was not found.

Agreement


READ License Agreement


UPDATE License Agreement Acceptance


READ License


UPDATE License Import

Local Identity

Identity Profiles

The local identity/identity profiles API endpoints support operations to manage PingFederate local identity profiles.


READ Local Identity Profiles


READ One Local Identity Profile


CREATE Local Identity Profile


UPDATE Local Identity Profile


DELETE Local Identity Profile

Metadata URLs

The metadata URLs API endpoints support operations to manage PingFederate metadata URLs.

Data model

Property Description
id A string that specifies the resource’s unique identifier.
property description text.

Response codes

Code Message
200 Successful operation.
201 Successfully created.
204 Successfully removed. No content.
400 The request could not be completed.
404 The requested resource was not found.

READ Metadata URLs


READ One Metadata URL


CREATE Metadata URL


UPDATE Metadata URL


DELETE Metadata URL

Notification Publishers

The notification publishers API endpoints support operations to create, read, update and delete PingFederate notification publishers resources.

Notification Publishers Actions


READ Notification Publisher Plugin Actions


READ One Notification Publisher Plugin Action


CREATE Notification Publisher Plugin Instance Action

Notification Publishers Descriptors


READ Notification Publisher Plugin Descriptors


READ One Notification Publisher Plugin Descriptor

Notification Publishers Settings


READ Notification Publisher Settings


UPDATE Notification Publisher Settings


READ One Notification Publisher Plugin Instance


READ Notification Publisher Plugins


CREATE Notification Publisher Plugin


UPDATE Notification Publisher Plugin Instance


DELETE Notification Publisher Plugin

OAuth

Access Token Managers

The OAuth access token managers API endpoints support operations to managePingFederate OAuth access tokens.

Access Token Descriptors


READ Token Management Plugin Descriptors


READ One Token Management Plugin Descriptor

Access Token Settings


READ Access Token Management Settings


UPDATE Access Token Management Settings


READ Token Management Plugin Instances


READ One Token Management Plugin Instance


CREATE Token Management Plugin Instance


UPDATE Token Management Plugin Instance


DELETE Token Management Plugin Instance

Access Token Mappings

The OAuth access token mappings API endpoints support operations to manage PingFederate OAuth access token mappings.


READ Access Token Mappings


READ One Access Token Mapping


CREATE Access Token Mapping


UPDATE Access Token Mapping


DELETE Access Token Mapping

Authentication Policy Contract Mappings

The OAuth authentication policy contract mappings API endpoints support operations to manage PingFederate OAuth authentication policy contract mappings.


READ OAuth Authentication Policy Contract Mappings


READ One Authentication Policy Contract Mapping


CREATE Authentication Policy Contract Mapping


UPDATE Authentication Policy Contract Mapping


DELETE Authentication Policy Contract Mapping

Auth Server Settings

The OAuth authentication server settings API endpoints support operations to manage PingFederate OAuth authentication server settings.

Scopes

Common Groups


READ Common Scope Group


CREATE Common Scope Group


UPDATE Common Scope Group


DELETE Common Scope Group

Common


READ Common Scope


CREATE Common Scope


UPDATE Common Scope


DELETE Common Scope

Exclusive Groups


READ Exclusive Scope Group


CREATE Exclusive Scope Group


UPDATE Exclusive Scope Group


DELETE Exclusive Scope Group

Exclusive


READ Exclusive Scope


CREATE Exclusive Scope


UPDATE Exclusive Scope


DELETE Exclusive Scope


READ Authorization Server Settings


UPDATE Authorization Server Settings

CIBA Server Policy

The OAuth CIBA server policy API endpoints support operations to manage PingFederate OAuth CIBA server policies.

Request Policies


READ Request Policies


READ One Request Policy


CREATE Request Policy


UPDATE Request Policy


DELETE Request Policy

Settings


READ CIBA Server Request Policy Settings


UPDATE CIBA Server Request Policy Settings

Client Registration Policies

The OAuth client registration policies API endpoints support operations to manage PingFederate OAuth client registration policies.

Data model

Property Description
id A string that specifies the resource’s unique identifier.
property description text.

Response codes

Code Message
200 Successful operation.
201 Successfully created.
204 Successfully removed. No content.
400 The request could not be completed.
404 The requested resource was not found.

Descriptors


READ Client Registration Policy Plugin Descriptors


READ One Client Registration Policy Plugin Descriptor


READ Client Registration Policy Plugins


READ One Client Registration Policy Plugin


CREATE Client Registration Policy Plugin


UPDATE Client Registration Policy Plugin


DELETE Client Registration Policy Plugin

Clients

The OAuth clients API endpoints support create, read, update, and delete operations to manage PingFederate OAuth clients.

Client Secret


READ OAuth Client Secret


UPDATE OAuth Client Secret


READ OAuth Clients


READ One OAuth Client


CREATE OAuth Client


UPDATE OAuth Client


DELETE OAuth Client

Client Settings

The OAuth client settings API endpoints support read and update operations to manage PingFederate OAuth client settings.

Data model

Property Description
id A string that specifies the resource’s unique identifier.
property description text.

Response codes

Code Message
200 Successful operation.
201 Successfully created.
204 Successfully removed. No content.
400 The request could not be completed.
404 The requested resource was not found.

READ OAuth Client Settings


UPDATE OAuth Client Settings

Identity Provider Adapter Mappings

The OAuth identity provider adapter mappings API endpoints support create, read, update, and delete operations to manage PingFederate OAuth identity provider adapter mappings.


READ Identity Provider Adapter Mappings


READ One Identity Provider Adapter Mapping


CREATE Identity Provider Adapter Mapping


UPDATE Identity Provider Adapter Mapping


DELETE Identity Provider Adapter Mapping

OpenID Connect

Policies


READ OpenID Connect Policies


READ One OpenID Connect Policy


CREATE OpenID Connect Policy


UPDATE OpenID Connect Policy


DELETE OpenID Connect Policy

Settings


READ OpenID Connect Settings


UPDATE OpenID Connect Settings

Out of Band Auth Plugins

Descriptors


READ Out of Band Authenticator Plugin Descriptors


READ One Out of Band Authenticator Plugin Descriptor

Actions


READ Out of Band Authenticator Plugin Instance Actions


READ One Out of Band Authenticator Plugin Instance Action


CREATE Out of Band Authenticator Plugin Instance Action


READ Out of Band Authenticator Plugin Instances


READ One Out of Band Authenticator Plugin Instance


CREATE Out of Band Authenticator Plugin Instance


UPDATE Out of Band Authenticator Plugin Instance


DELETE Out of Band Authenticator Plugin Instance

Resource Owner Credentials Mappings


READ Resource Owner Credentials Mappings


READ One Resource Owner Credentials Mapping


CREATE Resource Owner Credentials Mapping


UPDATE Resource Owner Credentials Mapping


DELETE Resource Owner Credentials Mapping

Token Exchange

Generator

Groups


READ OAuth 2.0 Token Exchange Generator Groups


READ One OAuth 2.0 Token Exchange Generator


CREATE OAuth 2.0 Token Exchange Generator Group


UPDATE OAuth 2.0 Token Exchange Generator Group


DELETE OAuth 2.0 Token Exchange Generator Group

Settings


READ General OAuth 2.0 Token Exchange Generator Settings


UPDATE General OAuth 2.0 Token Exchange Generator Settings

Processor

Policies


READ OAuth 2.0 Token Exchange Processor Policies


READ One OAuth 2.0 Token Exchange Processor Policy


CREATE OAuth 2.0 Token Exchange Processor Policy


UPDATE OAuth 2.0 Token Exchange Processor Policy


DELETE OAuth 2.0 Token Exchange Processor Policy

Settings


READ General OAuth 2.0 Token Exchange Processor Settings


UPDATE General OAuth 2.0 Token Exchange Processor Settings

Token Generator Mappings


READ Token Exchange Processor Policy to Token Generator Mappings


READ One Token Exchange Processor Policy to Token Generator Mapping


CREATE Token Exchange Processor Policy to Token Generator Mapping


UPDATE Token Exchange Processor Policy to Token Generator Mapping


DELETE Token Exchange Processor Policy to Token Generator Mapping

Password Credential Validators

Descriptors


READ Password Credential Validator Descriptors


READ One Password Credential Validator Descriptor


READ Password Credential Validators


READ One Password Credential Validator


CREATE Password Credential Validator Instance


UPDATE Password Credential Validator Instance


DELETE Password Credential Validator Instance

Redirect Validation


READ Redirect Validation Settings


UPDATE Redirect Validation Settings

Server Settings

Captcha Settings


READ CAPTCHA Settings


UPDATE CAPTCHA Settings

Email Server


(Deprecated) READ email server settings


(Deprecated) UPDATE Email Server Settings

Notifications


READ Notification Settings


UPDATE Notification Settings

Outbound Provisioning


READ Outbound Provisioning Database Settings


UPDATE Outbound Provisioning Database Settings

System Keys


READ System Keys


CREATE System Keys Rotation


UPDATE System Keys


READ Server Settings


UPDATE Server Settings

Session

Application Session Policy


READ Application Session Policy


UPDATE Application Session Policy

Authentication Session Policies

Global


READ Global Authentication Session Policy


UPDATE Global Authentication Session Policy


READ Session Policies


READ One Session Policy


CREATE Session Policy


UPDATE Session Policy


DELETE Session Policy

Settings


READ General Session Management Settings


UPDATE General Session Management Settings

Service Provider

Adapters

Descriptors


READ SP Adapter Plugin Descriptors


READ One SP Adapter Plugin Descriptor

URL Mappings


(Deprecated) READ URL and Adapter Instance Mappings


(Deprecated) UPDATE URL and Adapter Instance Mappings

Actions


READ SP Adapter Instance Actions


READ One SP Adapter Instance Action


CREATE SP Adapter Instance Action


READ Configured SP Adapter Instances


READ One SP Adapter Instance


CREATE SP Adapter Instance


UPDATE SP Adapter Instance


DELETE SP Adapter Instance

Authentication Policy Contract Mappings


READ APC-to-SP Adapter Mappings


READ One APC-to-SP Adapter Mapping


CREATE APC-to-SP Adapter Mapping


UPDATE APC-to-SP Adapter Mapping


DELETE APC-to-SP Adapter Mapping

Default URLs


READ SP Default URLs


UPDATE SP Default URLs

IdP Connections

Credentials

Certs


READ IdP Connection Certificate


CREATE IdP Connection Certificate


UPDATE IdP Connection Certificates

Decryption Keys


READ IdP Connection Decryption Keys


UPDATE IdP Connection Decryption Keys

Signing Settings


READ IdP Connection Signature Settings


UPDATE IdP Connection Signature Settings


READ IdP Connections


READ One IdP Connection


CREATE IdP Connection


UPDATE IdP Connection


DELETE IdP Connection

Target Url Mappings


READ Mappings


UPDATE Mappings

Token Generators

Descriptors


READ Token Generator Plugin Descriptors


READ One Token Generator Plugin Descriptor


READ Token Generator Instances


READ One Token Generator Instance


CREATE Token Generator Instance


UPDATE Token Generator Instance


DELETE Token Generator Instance

Token Processor to Token Generator Mappings

Use the /tokenProcessorToTokenGeneratorMappings endpoint to retrieve and manipulate mappings.


READ Token Processor to Token Generator Mappings


READ One Token Processor to Token Generator Mapping


CREATE Token Processor to Token Generator Mapping


UPDATE Token Processor to Token Generator Mapping


DELETE Token Processor to Token Generator Mapping

Version

Use the version endpoint to retrieve the server version.

Response class model

Property Type Description
version string Server version.

READ Server Version

Virtual Host Names

The virtualHostNames endpoint enables you to retrieve or update virtual host name settings.

Class model

VirtualHostNameSettings: Settings for virtual host names.

Property Type Description
virtualHostNames array[string] List of virtual host names.

READ Virtual Host Names Settings


UPDATE Virtual Host Names Settings