PingFederate Admin API
The PingFederate Administrator API is a RESTful, JSON-based API that enables user authentication and single sign-on. It serves as a global authentication authority that allows employees, customers and partners to securely access all the applications they need from any device.
Administrative Accounts
The administrative accounts API endpoints support operations to create, read, update, and delete administrative account resources.
Roles available for an administrator.
-
USER_ADMINISTRATOR - Can create, deactivate or delete accounts and reset passwords. Additionally, install replacement license keys.
-
CRYPTO_ADMINISTRATOR - Can manage local keys and certificates.
-
ADMINISTRATOR - Can configure partner connections and most system settings (except the management of native accounts and the handling of local keys and certificates.
READ Administrative Accounts
READ One Administrative Account
CREATE Administrative Account
CREATE Native Account Password Change
CREATE Password Reset
UPDATE Native Administrative Account
DELETE PingFederate Native Administrative Account Information
Authentication API
The application authentication API endpoints support operations to create, read, update, and delete authentication application resources.
Settings
The authentication settings API endpoints support operations to read and update the current authentication settings.
READ Authentication API Settings
UPDATE Authentication API Settings
READ Authentication API Applications
READ One Authentication API Application
CREATE Authentication API Application
UPDATE Authentication API Application
DELETE Authentication API Application
Authentication Policies
The authentication policies API endpoints support operations manage default authentication policies and settings.
Default
The default authentication policies API endpoints support operations to read and update default authentication policies resources.
READ Default Authentication Policy
UPDATE Default Authentication Policy
Settings
The authentication policies settings API endpoints support operations to read and update authentication policies settings resources.
READ Authentication Policies Settings
UPDATE Authentication Policies Settings
Authentication Policy Contracts
READ Authentication Policy Contracts
READ One Authentication Policy Contract
CREATE Authentication Policy Contract
UPDATE Authentication Policy Contract
DELETE Authentication Policy Contract
Authentication Selectors
The authentication selectors API endpoints support operations manage authentication selectors and descriptors. The authentication selector descriptors API endpoints support operations to read and update authentication selector descriptor resources.
Descriptors
The authentication selector descriptors API endpoints support operations to read and update authentication selector descriptor resources.
READ Authentication Selector Descriptors
READ One Authentication Selector Descriptor
READ Authentication Selectors
READ One Authentication Selector
CREATE Authentication Selector
UPDATE Authentication Selector
DELETE Authentication Selector
Bulk
The bulk API endpoints support operations to manage bulk import of resources from a JSON file and export of resources to a JSON file.
READ API Resources
CREATE PingFederate Deployment Configuration Import
Certificates
The certificates API endpoints support operations to create, read, update, and delete certificate CA resources and endpoints to revoke certificates.
CA
The certificates/CA API endpoints support operations to create, read, update, and delete certificate resources.
READ Trusted Certificate Authorities
READ One Certificate File Download
READ Trusted Certificate Authority
CREATE Trusted Certificate Authority Import
DELETE Trusted Certificate Authority
Revocation
The certificate revocation API endpoints support operations to read and update certificate revocation resources.
Certificate Settings
The certificate revocation API endpoints support operations to read and update certificate revocation settings resources.
READ Certificate Revocation Settings
UPDATE Certificate Revocation Settings
OCSP Certificates
The certificate revocation API endpoints support operations to read and update certificate revocation OCSP certificate resources.
READ OCSP Responder Signature Verification Certificates
READ One OCSP Responder Signature Verification Certificate
CREATE OCSP Responder Signature Verification Certificate Import
DELETE OCSP Responder Signature Verification Certificate
Cluster
The cluster API endpoints support operations to replicate configuration updates to all nodes in the cluster and read cluster resources.
READ Cluster Status
CREATE Cluster Configuration Replication
Config Archive
The config archive API endpoints support operations to import and export config archive resources.
READ Configuration Archive Export
CREATE Configuration Archive Import
Config Store
The config store API endpoints support operations to create, read, update, and delete config store resources.
READ Config Store Settings
READ One Config Store Setting
UPDATE Config Store Setting
DELETE Config Store Setting
Connection Metadata
The connection metadata API endpoints support operations to import and export connection metadata.
CREATE SAML Metadata to JSON Conversion
CREATE SAML Connection Metadata Export
Data Store Management
The data stores API endpoints support operations to manage data store resources, data store actions, and data store descriptors.
Data Stores
The data stores API endpoints support operations to create, read, update, and delete data store resources.
READ Data Stores
READ One Data Store
CREATE Data Store
UPDATE Data Store
DELETE Data Store
Data Store Descriptors
The data store descriptors API endpoints support operations to read data store descriptor resources.
READ Custom Data Store Descriptors
READ One Custom Data Store Plugin
Data Store Actions
READ Data Store Actions
READ One Data Store Action
CREATE Data Source Action
Extended Properties
The extended properties API endpoints support operations to read and update extended properties resources.
READ Extended Properties
UPDATE Extended Properties
Identity Providers
Identity Provider Adapters
The identity provider/adapter API endpoints support operations to manage identity provider adapter resources, identity provider actions, and identity provider descriptors.
Identity Provider Adapters
The identity provider adapter API endpoints support operations to create, read, update, and delete identity provider adapter resources.
READ IdP Adapters
READ One IdP Adapter
CREATE IdP Adapter
UPDATE IdP Adapter
DELETE IdP Adapter
Identity Provider Descriptors
The identity provider descriptor API endpoints support operations to read identity provider descriptor resources.
READ IdP Adapter Descriptors
READ One IdP Adapter Plugin
Identity Provider Actions
The identity provider actions API endpoints support operations to create and read identity provider actions resources.
READ IdP Adapter Actions
READ One IdP Adapter Action
CREATE IdP Adapter Action
Identity Provider Connectors/Descriptors
The identity provider connectors/descriptors API endpoints support operations to manage identity provider connector descriptor resources.
READ Connector Descriptors
READ One Connector Descriptor
Identity Provider Default URLs
The identity provider default URLs API endpoints support operations to read and update default URL settings.
READ Identity Provider Default URL Settings
UPDATE Identity Provider Default URL Settings
Identity Provider and Service Provider Connections
The identity provider and service provider connection API endpoints support operations to manage service provider connections and settings.
Credentials
Certificates
The service provider certificates API endpoints support operations to create, read and update service provider certificate resources.
READ Service Provider Connection Certificates
CREATE Service Provider Connection Certificate
UPDATE Service Provider Connection Certificates
Decryption keys
READ Service Provider Connection Decryption Keys
UPDATE Service Provider Connection Decryption Keys
Signing settings
READ Service Provider Connection Signature Settings
UPDATE Service Provider Connection Signature Settings
READ Service Provider Connections
READ One Service Provider Connection
CREATE Service Provider Connection
UPDATE Service Provider Connection
DELETE Service Provider Connection
Identity Provider STS Request Parameters Contracts
The identity provider STS contracts API endpoints support operations to manage service provider STS request parameter contracts and settings.
READ STS Request Parameters Contracts
READ One STS Request Parameters Contract
CREATE STS Request Parameters Contract
UPDATE STS Request Parameters Contract
DELETE STS Request Parameters Contract
Identity Provider Token Processors/Descriptors
The identity provider token processors/descriptors API endpoints support operations to manage identity provider token processor descriptor resources.
Identity provider token processors
READ Token Processors
READ One Token Processor
CREATE Token Processor
UPDATE Token Processor
DELETE Token Processor
Identity Provider Token Processor Descriptors
READ Token Processors
READ One Token Processor
Identity Provider to Service Provider Adapter Mapping
The identity provider to service provider adapter mapping API endpoints support operations to manage identity provider to service provider adapter resources.
READ IdP-to-SP Adapter Mappings
READ One IdP-to-SP Adapter Mapping
CREATE IdP-to-SP Adapter Mapping
UPDATE IdP-to-SP Adapter Mapping
DELETE Adapter Mapping
Kerberos
Realms
The Kerberos/Realms API endpoints support operations to manage Kerberos/Realms configurations and settings.
Settings
READ Kerberos Realms Settings
UPDATE Kerberos Realms Settings
READ Kerberos Realms
READ One Kerberos Realm
CREATE Kerberos Realm
UPDATE Kerberos Realm
DELETE Kerberos Realm
Key Pairs
OAuth OpenID Connect
The key pairs/OAuth OpenID Connect API endpoints support operations to manage OAuth OpenID Connect key pairs.
READ OAuth or Open ID Connect Key Settings
UPDATE OAuth or Open ID Connect Key Settings
Signing
The key pairs/signing API endpoints support operations to manage signing key pairs.
Data model
Property | Description |
---|---|
id |
A string that specifies the resource’s unique identifier. |
property |
description text. |
Response codes
Code | Message |
---|---|
200 | Successful operation. |
201 | Successfully created. |
204 | Successfully removed. No content. |
400 | The request could not be completed. |
404 | The requested resource was not found. |
CSR
The key pairs/signing API endpoints support operations to manage signing key pairs.
READ Certificate Signing Request
CREATE CSR Response Import
Rotation Settings
The key pairs/signing API endpoints support operations to manage signing key pairs.
READ Rotation Settings
UPDATE Rotation Settings
DELETE Rotation Settings
Import
CREATE a Key Pair Import
Generate
CREATE Key Pair
Pkcs12
CREATE Key Pair Download in PKCS12 Format
Certificate
READ Certificate from Key Pair Download
READ Key Pairs
READ One Key Pair
DELETE Key Pair
SSL Client
The key pairs/SSL client API endpoints support operations to manage SSL client key pairs.
CSR
READ CSR Generation
CREATE CSR Response Import
Generate
CREATE Key Pair
Import
CREATE SSL Client Key Pair Import
Pkcs12
CREATE Key Pair Download in PKCS12 Format
Certificate
READ Certificate Download
READ SSL Client Key Pairs
READ One SSL Client Key Pair
DELETE SSL Client Key Pair
SSL Server
The key pairs/SSL server API endpoints support operations to manage SSL server key pairs.
Settings
READ SSL server certificate settings
UPDATE SSL server certificate settings
CSR
READ SSL Server CSR Generation
CREATE SSL Server CSR Response Import
Import
CREATE SSL Server Key Pair Import
Generate
CREATE SSL Server Key Pair Generation
Pkcs12
CREATE SSL Server Key Pair Download
Certificate
READ SSL Server Certificate Download
READ SSL Server Key Pairs
READ SSL Server Key Pair
DELETE SSL Server Key Pair
Algorithms
The key pairs/Algorithms API endpoints support operations to manage SSL key algorithms.
Data model
Property | Description |
---|---|
id |
A string that specifies the resource’s unique identifier. |
property |
description text. |
Response codes
Code | Message |
---|---|
200 | Successful operation. |
201 | Successfully created. |
204 | Successfully removed. No content. |
400 | The request could not be completed. |
404 | The requested resource was not found. |
READ Key Algorithms
License
The license API endpoints support operations to manage PingFederate licenses.
Data model
Property | Description |
---|---|
id |
A string that specifies the resource’s unique identifier. |
property |
description text. |
Response codes
Code | Message |
---|---|
200 | Successful operation. |
201 | Successfully created. |
204 | Successfully removed. No content. |
400 | The request could not be completed. |
404 | The requested resource was not found. |
Agreement
READ License Agreement
UPDATE License Agreement Acceptance
READ License
UPDATE License Import
Local Identity
Identity Profiles
The local identity/identity profiles API endpoints support operations to manage PingFederate local identity profiles.
READ Local Identity Profiles
READ One Local Identity Profile
CREATE Local Identity Profile
UPDATE Local Identity Profile
DELETE Local Identity Profile
Metadata URLs
The metadata URLs API endpoints support operations to manage PingFederate metadata URLs.
Data model
Property | Description |
---|---|
id |
A string that specifies the resource’s unique identifier. |
property |
description text. |
Response codes
Code | Message |
---|---|
200 | Successful operation. |
201 | Successfully created. |
204 | Successfully removed. No content. |
400 | The request could not be completed. |
404 | The requested resource was not found. |
READ Metadata URLs
READ One Metadata URL
CREATE Metadata URL
UPDATE Metadata URL
DELETE Metadata URL
Notification Publishers
The notification publishers API endpoints support operations to create, read, update and delete PingFederate notification publishers resources.
Notification Publishers Actions
READ Notification Publisher Plugin Actions
READ One Notification Publisher Plugin Action
CREATE Notification Publisher Plugin Instance Action
Notification Publishers Descriptors
READ Notification Publisher Plugin Descriptors
READ One Notification Publisher Plugin Descriptor
Notification Publishers Settings
READ Notification Publisher Settings
UPDATE Notification Publisher Settings
READ One Notification Publisher Plugin Instance
READ Notification Publisher Plugins
CREATE Notification Publisher Plugin
UPDATE Notification Publisher Plugin Instance
DELETE Notification Publisher Plugin
OAuth
Access Token Managers
The OAuth access token managers API endpoints support operations to managePingFederate OAuth access tokens.
Access Token Descriptors
READ Token Management Plugin Descriptors
READ One Token Management Plugin Descriptor
Access Token Settings
READ Access Token Management Settings
UPDATE Access Token Management Settings
READ Token Management Plugin Instances
READ One Token Management Plugin Instance
CREATE Token Management Plugin Instance
UPDATE Token Management Plugin Instance
DELETE Token Management Plugin Instance
Access Token Mappings
The OAuth access token mappings API endpoints support operations to manage PingFederate OAuth access token mappings.
READ Access Token Mappings
READ One Access Token Mapping
CREATE Access Token Mapping
UPDATE Access Token Mapping
DELETE Access Token Mapping
Authentication Policy Contract Mappings
The OAuth authentication policy contract mappings API endpoints support operations to manage PingFederate OAuth authentication policy contract mappings.
READ OAuth Authentication Policy Contract Mappings
READ One Authentication Policy Contract Mapping
CREATE Authentication Policy Contract Mapping
UPDATE Authentication Policy Contract Mapping
DELETE Authentication Policy Contract Mapping
Auth Server Settings
The OAuth authentication server settings API endpoints support operations to manage PingFederate OAuth authentication server settings.
Scopes
Common Groups
READ Common Scope Group
CREATE Common Scope Group
UPDATE Common Scope Group
DELETE Common Scope Group
Common
READ Common Scope
CREATE Common Scope
UPDATE Common Scope
DELETE Common Scope
Exclusive Groups
READ Exclusive Scope Group
CREATE Exclusive Scope Group
UPDATE Exclusive Scope Group
DELETE Exclusive Scope Group
Exclusive
READ Exclusive Scope
CREATE Exclusive Scope
UPDATE Exclusive Scope
DELETE Exclusive Scope
READ Authorization Server Settings
UPDATE Authorization Server Settings
CIBA Server Policy
The OAuth CIBA server policy API endpoints support operations to manage PingFederate OAuth CIBA server policies.
Request Policies
READ Request Policies
READ One Request Policy
CREATE Request Policy
UPDATE Request Policy
DELETE Request Policy
Settings
READ CIBA Server Request Policy Settings
UPDATE CIBA Server Request Policy Settings
Client Registration Policies
The OAuth client registration policies API endpoints support operations to manage PingFederate OAuth client registration policies.
Data model
Property | Description |
---|---|
id |
A string that specifies the resource’s unique identifier. |
property |
description text. |
Response codes
Code | Message |
---|---|
200 | Successful operation. |
201 | Successfully created. |
204 | Successfully removed. No content. |
400 | The request could not be completed. |
404 | The requested resource was not found. |
Descriptors
READ Client Registration Policy Plugin Descriptors
READ One Client Registration Policy Plugin Descriptor
READ Client Registration Policy Plugins
READ One Client Registration Policy Plugin
CREATE Client Registration Policy Plugin
UPDATE Client Registration Policy Plugin
DELETE Client Registration Policy Plugin
Clients
The OAuth clients API endpoints support create, read, update, and delete operations to manage PingFederate OAuth clients.
Client Secret
READ OAuth Client Secret
UPDATE OAuth Client Secret
READ OAuth Clients
READ One OAuth Client
CREATE OAuth Client
UPDATE OAuth Client
DELETE OAuth Client
Client Settings
The OAuth client settings API endpoints support read and update operations to manage PingFederate OAuth client settings.
Data model
Property | Description |
---|---|
id |
A string that specifies the resource’s unique identifier. |
property |
description text. |
Response codes
Code | Message |
---|---|
200 | Successful operation. |
201 | Successfully created. |
204 | Successfully removed. No content. |
400 | The request could not be completed. |
404 | The requested resource was not found. |
READ OAuth Client Settings
UPDATE OAuth Client Settings
Identity Provider Adapter Mappings
The OAuth identity provider adapter mappings API endpoints support create, read, update, and delete operations to manage PingFederate OAuth identity provider adapter mappings.
READ Identity Provider Adapter Mappings
READ One Identity Provider Adapter Mapping
CREATE Identity Provider Adapter Mapping
UPDATE Identity Provider Adapter Mapping
DELETE Identity Provider Adapter Mapping
OpenID Connect
Policies
READ OpenID Connect Policies
READ One OpenID Connect Policy
CREATE OpenID Connect Policy
UPDATE OpenID Connect Policy
DELETE OpenID Connect Policy
Settings
READ OpenID Connect Settings
UPDATE OpenID Connect Settings
Out of Band Auth Plugins
Descriptors
READ Out of Band Authenticator Plugin Descriptors
READ One Out of Band Authenticator Plugin Descriptor
Actions
READ Out of Band Authenticator Plugin Instance Actions
READ One Out of Band Authenticator Plugin Instance Action
CREATE Out of Band Authenticator Plugin Instance Action
READ Out of Band Authenticator Plugin Instances
READ One Out of Band Authenticator Plugin Instance
CREATE Out of Band Authenticator Plugin Instance
UPDATE Out of Band Authenticator Plugin Instance
DELETE Out of Band Authenticator Plugin Instance
Resource Owner Credentials Mappings
READ Resource Owner Credentials Mappings
READ One Resource Owner Credentials Mapping
CREATE Resource Owner Credentials Mapping
UPDATE Resource Owner Credentials Mapping
DELETE Resource Owner Credentials Mapping
Token Exchange
Generator
Groups
READ OAuth 2.0 Token Exchange Generator Groups
READ One OAuth 2.0 Token Exchange Generator
CREATE OAuth 2.0 Token Exchange Generator Group
UPDATE OAuth 2.0 Token Exchange Generator Group
DELETE OAuth 2.0 Token Exchange Generator Group
Settings
READ General OAuth 2.0 Token Exchange Generator Settings
UPDATE General OAuth 2.0 Token Exchange Generator Settings
Processor
Policies
READ OAuth 2.0 Token Exchange Processor Policies
READ One OAuth 2.0 Token Exchange Processor Policy
CREATE OAuth 2.0 Token Exchange Processor Policy
UPDATE OAuth 2.0 Token Exchange Processor Policy
DELETE OAuth 2.0 Token Exchange Processor Policy
Settings
READ General OAuth 2.0 Token Exchange Processor Settings
UPDATE General OAuth 2.0 Token Exchange Processor Settings
Token Generator Mappings
READ Token Exchange Processor Policy to Token Generator Mappings
READ One Token Exchange Processor Policy to Token Generator Mapping
CREATE Token Exchange Processor Policy to Token Generator Mapping
UPDATE Token Exchange Processor Policy to Token Generator Mapping
DELETE Token Exchange Processor Policy to Token Generator Mapping
Password Credential Validators
Descriptors
READ Password Credential Validator Descriptors
READ One Password Credential Validator Descriptor
READ Password Credential Validators
READ One Password Credential Validator
CREATE Password Credential Validator Instance
UPDATE Password Credential Validator Instance
DELETE Password Credential Validator Instance
Redirect Validation
READ Redirect Validation Settings
UPDATE Redirect Validation Settings
Server Settings
Captcha Settings
READ CAPTCHA Settings
UPDATE CAPTCHA Settings
Email Server
(Deprecated) READ email server settings
(Deprecated) UPDATE Email Server Settings
Notifications
READ Notification Settings
UPDATE Notification Settings
Outbound Provisioning
READ Outbound Provisioning Database Settings
UPDATE Outbound Provisioning Database Settings
System Keys
READ System Keys
CREATE System Keys Rotation
UPDATE System Keys
READ Server Settings
UPDATE Server Settings
Session
Application Session Policy
READ Application Session Policy
UPDATE Application Session Policy
Authentication Session Policies
Global
READ Global Authentication Session Policy
UPDATE Global Authentication Session Policy
READ Session Policies
READ One Session Policy
CREATE Session Policy
UPDATE Session Policy
DELETE Session Policy
Settings
READ General Session Management Settings
UPDATE General Session Management Settings
Service Provider
Adapters
Descriptors
READ SP Adapter Plugin Descriptors
READ One SP Adapter Plugin Descriptor
URL Mappings
(Deprecated) READ URL and Adapter Instance Mappings
(Deprecated) UPDATE URL and Adapter Instance Mappings
Actions
READ SP Adapter Instance Actions
READ One SP Adapter Instance Action
CREATE SP Adapter Instance Action
READ Configured SP Adapter Instances
READ One SP Adapter Instance
CREATE SP Adapter Instance
UPDATE SP Adapter Instance
DELETE SP Adapter Instance
Authentication Policy Contract Mappings
READ APC-to-SP Adapter Mappings
READ One APC-to-SP Adapter Mapping
CREATE APC-to-SP Adapter Mapping
UPDATE APC-to-SP Adapter Mapping
DELETE APC-to-SP Adapter Mapping
Default URLs
READ SP Default URLs
UPDATE SP Default URLs
IdP Connections
Credentials
Certs
READ IdP Connection Certificate
CREATE IdP Connection Certificate
UPDATE IdP Connection Certificates
Decryption Keys
READ IdP Connection Decryption Keys
UPDATE IdP Connection Decryption Keys
Signing Settings
READ IdP Connection Signature Settings
UPDATE IdP Connection Signature Settings
READ IdP Connections
READ One IdP Connection
CREATE IdP Connection
UPDATE IdP Connection
DELETE IdP Connection
Target Url Mappings
READ Mappings
UPDATE Mappings
Token Generators
Descriptors
READ Token Generator Plugin Descriptors
READ One Token Generator Plugin Descriptor
READ Token Generator Instances
READ One Token Generator Instance
CREATE Token Generator Instance
UPDATE Token Generator Instance
DELETE Token Generator Instance
Token Processor to Token Generator Mappings
Use the /tokenProcessorToTokenGeneratorMappings
endpoint to retrieve and manipulate mappings.
READ Token Processor to Token Generator Mappings
READ One Token Processor to Token Generator Mapping
CREATE Token Processor to Token Generator Mapping
UPDATE Token Processor to Token Generator Mapping
DELETE Token Processor to Token Generator Mapping
Version
Use the version endpoint to retrieve the server version.
Response class model
Property | Type | Description |
---|---|---|
version | string | Server version. |
READ Server Version
Virtual Host Names
The virtualHostNames endpoint enables you to retrieve or update virtual host name settings.
Class model
VirtualHostNameSettings: Settings for virtual host names.
Property | Type | Description |
---|---|---|
virtualHostNames | array[string] | List of virtual host names. |