Use the POST /idp/tokenProcessors endpoint to create a new token processor instance. If the token processor is not properly configured, a 422 status code is returned along with a list of validation errors that must be corrected.

Status codes

Code Reason
201 Token processor created.
400 The request was improperly formatted or contained invalid fields.
403 PingFederate does not have its IdP role enabled. Operation not available.
422 Validation error(s) occurred.

TokenProcessor - A token processor instance.

Property Type Description
attributeContract TokenProcessorAttributeContract The list of attributes that the token processor provides.
configuration * PluginConfiguration Plugin instance configuration.
id * string The ID of the plugin instance. The ID cannot be modified once the instance is created.
Note: Ignored when specifying a connection’s adapter override.
name * string The plugin instance name. The name cannot be modified once the instance is created.
Note: Ignored when specifying a connection’s adapter override.
parentRef ResourceLink The reference to this plugin’s parent instance. The parent reference is only accepted if the plugin type supports parent instances.
Note: This parent reference is required if this plugin instance is used as an overriding plugin (e.g. connection adapter overrides)
pluginDescriptorRef * ResourceLink Reference to the plugin descriptor for this instance. The plugin descriptor cannot be modified once the instance is created.
Note: Ignored when specifying a connection’s adapter override.

TokenProcessorAttributeContract - A set of attributes exposed by a token processor.

Property Type Description
coreAttributes * array[TokenProcessorAttribute] A list of token processor attributes that correspond to the attributes exposed by the token processor type.
extendedAttributes array[TokenProcessorAttribute] A list of additional attributes that can be returned by the token processor. The extended attributes are only used if the token processor supports them.
inherited boolean Whether this attribute contract is inherited from its parent instance. If true, the rest of the properties in this model become read-only. The default value is false.
maskOgnlValues boolean Whether or not all OGNL expressions used to fulfill an outgoing assertion contract should be masked in the logs. Defaults to false.

TokenProcessorAttribute - An attribute for the token processor attribute contract.

Property Type Description
masked boolean Specifies whether this attribute is masked in PingFederate logs. Defaults to false.
name * string The name of this attribute.

ResourceLink - A reference to a resource.

Property Type Description
id * string The ID of the resource.
location string A read-only URL that references the resource. If the resource is not currently URL-accessible, this property will be null.

PluginConfiguration - Configuration settings for a plugin instance.

Property Type Description
fields array[ConfigField] List of configuration fields.
tables array[ConfigTable] List of configuration tables.

ConfigTable - A plugin configuration table populated with values.

Property Type Description
inherited boolean Whether this table is inherited from its parent instance. If true, the rows become read-only. The default value is false.
name * string The name of the table.
rows array[ConfigRow] List of table rows.

ConfigRow - A row of configuration values for a plugin configuration table.

Property Type Description
defaultRow boolean Whether this row is the default.
fields * array[ConfigField] The configuration fields in the row.

ConfigField - A plugin configuration field value.

Property Type Description
encryptedValue string For encrypted or hashed fields, this attribute contains the encrypted representation of the field’s value, if a value is defined. If you do not want to update the stored value, this attribute should be passed back unchanged.
inherited boolean Whether this field is inherited from its parent instance. If true, the value/encrypted value properties become read-only. The default value is false.
name * string The name of the configuration field.
value string The value for the configuration field. For encrypted or hashed fields, GETs will not return this attribute. To update an encrypted or hashed field, specify the new value in this attribute.