Applications service


Applications

Application resources define the connection between PingOne for Customers and the actual application (also known as a client connection). The applications service implements functions to create, read, update, delete, and search for applications resources.

This service also provides endpoints to get an application’s connection settings, such as the application id and secret, which are used to submit an authorization request to the PingOne authorization service.

Applications API operations

The Applications service supports the following endpoint operations:

For hands-on experience with the Applications API endpoints, click the Run in Postman button below to download a Postman collection that you can import and open in your local Postman application.

Applications data model

Property Description
description A string that specifies the description of the application.
enabled A string that specifies the current enabled state of the application. Options are ENABLED or DISABLED.
environment A string that specifies the environment associated with the application.
icon The HREF and the ID for the application icon.
id A string that specifies the application ID.
loginPageUrl A string that specifies the custom login page URL for the application.
name A string that specifies the name of the application. This is a required property.
protocol A string that specifies the protocol for the Application. Options are OPENID_CONNECT or SAML.
type A string that specifies the type associated with the application. This is a required property. Options are WEB_APP, NATIVE_APP, SINGLE_PAGE_APP, and SERVICE.

Applications OIDC settings data model

Property Description
grantTypes A string that specifies the grant type for the authorization request. This is a required property. Options are authorization_code, refresh_token, implicit, and client_credentials.
postLogoutRedirectUris A string that specifies the URLs that the browser can be redirected to after logout.
redirectUris A string that specifies the callback URI for the authentication response.
responseTypes A string that specifies the code or token type returned by an authorization request. Options are token, id_token, code, and refresh_token.
secret A string that specifies the secret ID that is used to sign access tokens where the secret is used as the key.
tokenEndpointAuthMethod A string that specifies the client authentication methods supported by the token endpoint. This is a required property. Options are none',client_secret_basic, andclient_secret_post`.

Applications SAML settings data model

Property Description
acsUrls A string that specifies the assertion consumer service URLs.
assertionDuration An integer that specifies the maximum amount of time that an assertion is valid.
name A string that specifies the name of SAML attribute and must be unique within an application. The saml_subject name is a reserved case-insensitive name which indicates the mapping to be used for the subject in an assertion. This si a required property.
required A boolean that indicates if the attribute is mandatory to include the attribute in SAML assertion response. If true, and the attribute does have a value when building the assertion, the SSO flow will fail.
sloEndpoint A string that specifies the SAML single logout endpoint URL. This property is required.
sloResponseEndpoint A string that specifies the single logout response URL. This property is optional.
spEntityId A string that specifies the service provider’s entity ID.
value A string that specifies the string constants or expression for mapping the attribute path against a specific source. The expression format is: {.<attribute_path>}. The only supported source is user (for example, {user.id}). This is a required property.

Response codes

Code Message
200 Successful operation.
201 Successfully created.
204 Successfully removed. No content.
400 The request was invalid. Check that the UUID for Environment is correct.
401 You weren’t authenticated to perform this operation.
403 You lack either the necessary permissions or the licensing to perform this operation.
404 No applications exist. Check the UUID for the Environment.
409 An application of this name already exists in the identified Environment.
500 An unexpected error occurred.

Note: You need the Client Application Developer role to perform operations on application resources.

Endpoint examples

Get applications

The GET /environments/{environmentId}/applications endpoint returns a list of all application resources for the specified environment resource.

curl -X "GET" "https://api.pingone.com/v1/environments/{environmentId}/applications" \
-H 'Content-type: application/json' \
-H 'Authorization: Bearer jwtToken'

The response data looks like this:

{
    "_links": {
        "self": {
            "href": "https://api.pingone.com/v1/environments/02d37832-476a-431b-8a60-d77cecd7005c/applications"
        }
    },
    "_embedded": {
        "applications": [
            {
                "_links": {
                    "self": {
                        "href": "https://api.pingone.com/v1/environments/02d37832-476a-431b-8a60-d77cecd7005c/applications/1e894703-52db-41a9-acb8-7bb5afa442ef"
                    },
                    "environment": {
                        "href": "https://api.pingone.com/v1/environments/02d37832-476a-431b-8a60-d77cecd7005c"
                    },
                    "secret": {
                        "href": "https://api.pingone.com/v1/environments/02d37832-476a-431b-8a60-d77cecd7005c/applications/1e894703-52db-41a9-acb8-7bb5afa442ef/secret"
                    },
                    "grants": {
                        "href": "https://api.pingone.com/v1/environments/02d37832-476a-431b-8a60-d77cecd7005c/applications/1e894703-52db-41a9-acb8-7bb5afa442ef/grants"
                    },
                    "openidConnect": {
                        "href": "https://api.pingone.com/v1/environments/02d37832-476a-431b-8a60-d77cecd7005c/applications/1e894703-52db-41a9-acb8-7bb5afa442ef/client"
                    }
                },
                "name": "Adobe Acrobat",
                "enabled": false,
                "type": "SERVICE",
                "protocol": "OPENID_CONNECT",
                "environment": {
                    "id": "02d37832-476a-431b-8a60-d77cecd7005c"
                },
                "id": "1e894703-52db-41a9-acb8-7bb5afa442ef"
            },
            {
                "_links": {
                    "self": {
                        "href": "https://api.pingone.com/v1/environments/02d37832-476a-431b-8a60-d77cecd7005c/applications/42077bdc-ce61-4005-950b-4d5a1670db8b"
                    },
                    "environment": {
                        "href": "https://api.pingone.com/v1/environments/02d37832-476a-431b-8a60-d77cecd7005c"
                    },
                    "secret": {
                        "href": "https://api.pingone.com/v1/environments/02d37832-476a-431b-8a60-d77cecd7005c/applications/42077bdc-ce61-4005-950b-4d5a1670db8b/secret"
                    },
                    "grants": {
                        "href": "https://api.pingone.com/v1/environments/02d37832-476a-431b-8a60-d77cecd7005c/applications/42077bdc-ce61-4005-950b-4d5a1670db8b/grants"
                    },
                    "openidConnect": {
                        "href": "https://api.pingone.com/v1/environments/02d37832-476a-431b-8a60-d77cecd7005c/applications/42077bdc-ce61-4005-950b-4d5a1670db8b/client"
                    }
                },
                "name": "Adobe Connect",
                "enabled": true,
                "type": "SERVICE",
                "protocol": "OPENID_CONNECT",
                "environment": {
                    "id": "02d37832-476a-431b-8a60-d77cecd7005c"
                },
                "id": "42077bdc-ce61-4005-950b-4d5a1670db8b"
            },
            {
                "_links": {
                    "self": {
                        "href": "https://api.pingone.com/v1/environments/02d37832-476a-431b-8a60-d77cecd7005c/applications/7ce83e9d-fc62-4fae-a62f-86e422e411b6"
                    },
                    "environment": {
                        "href": "https://api.pingone.com/v1/environments/02d37832-476a-431b-8a60-d77cecd7005c"
                    },
                    "secret": {
                        "href": "https://api.pingone.com/v1/environments/02d37832-476a-431b-8a60-d77cecd7005c/applications/7ce83e9d-fc62-4fae-a62f-86e422e411b6/secret"
                    },
                    "grants": {
                        "href": "https://api.pingone.com/v1/environments/02d37832-476a-431b-8a60-d77cecd7005c/applications/7ce83e9d-fc62-4fae-a62f-86e422e411b6/grants"
                    },
                    "openidConnect": {
                        "href": "https://api.pingone.com/v1/environments/02d37832-476a-431b-8a60-d77cecd7005c/applications/7ce83e9d-fc62-4fae-a62f-86e422e411b6/client"
                    }
                },
                "name": "Safari",
                "enabled": false,
                "type": "SERVICE",
                "protocol": "OPENID_CONNECT",
                "environment": {
                    "id": "02d37832-476a-431b-8a60-d77cecd7005c"
                },
                "id": "7ce83e9d-fc62-4fae-a62f-86e422e411b6"
            },
            {
                "_links": {
                    "self": {
                        "href": "https://api.pingone.com/v1/environments/02d37832-476a-431b-8a60-d77cecd7005c/applications/df5ee1b0-593c-46a5-a88b-30e2de4b3887"
                    },
                    "environment": {
                        "href": "https://api.pingone.com/v1/environments/02d37832-476a-431b-8a60-d77cecd7005c"
                    },
                    "secret": {
                        "href": "https://api.pingone.com/v1/environments/02d37832-476a-431b-8a60-d77cecd7005c/applications/df5ee1b0-593c-46a5-a88b-30e2de4b3887/secret"
                    },
                    "grants": {
                        "href": "https://api.pingone.com/v1/environments/02d37832-476a-431b-8a60-d77cecd7005c/applications/df5ee1b0-593c-46a5-a88b-30e2de4b3887/grants"
                    },
                    "openidConnect": {
                        "href": "https://api.pingone.com/v1/environments/02d37832-476a-431b-8a60-d77cecd7005c/applications/df5ee1b0-593c-46a5-a88b-30e2de4b3887/client"
                    }
                },
                "name": "SalesForce",
                "enabled": true,
                "type": "SERVICE",
                "protocol": "OPENID_CONNECT",
                "environment": {
                    "id": "02d37832-476a-431b-8a60-d77cecd7005c"
                },
                "id": "df5ee1b0-593c-46a5-a88b-30e2de4b3887"
            },
            {
                "_links": {
                    "self": {
                        "href": "https://api.pingone.com/v1/environments/02d37832-476a-431b-8a60-d77cecd7005c/applications/c6edbb84-74f0-45be-ad91-36141f4d0235"
                    },
                    "environment": {
                        "href": "https://api.pingone.com/v1/environments/02d37832-476a-431b-8a60-d77cecd7005c"
                    },
                    "secret": {
                        "href": "https://api.pingone.com/v1/environments/02d37832-476a-431b-8a60-d77cecd7005c/applications/c6edbb84-74f0-45be-ad91-36141f4d0235/secret"
                    },
                    "grants": {
                        "href": "https://api.pingone.com/v1/environments/02d37832-476a-431b-8a60-d77cecd7005c/applications/c6edbb84-74f0-45be-ad91-36141f4d0235/grants"
                    },
                    "openidConnect": {
                        "href": "https://api.pingone.com/v1/environments/02d37832-476a-431b-8a60-d77cecd7005c/applications/c6edbb84-74f0-45be-ad91-36141f4d0235/client"
                    }
                },
                "name": "WebEx",
                "enabled": true,
                "type": "SERVICE",
                "protocol": "OPENID_CONNECT",
                "environment": {
                    "id": "02d37832-476a-431b-8a60-d77cecd7005c"
                },
                "id": "c6edbb84-74f0-45be-ad91-36141f4d0235"
            }
        ]
    },
    "size": 5
}

To minimize the number of application resources returned in the search, you can apply a filtering expression to fine-tune the response data. For example, to return a list of applications resources that are enabled, you can add a filter to the request URL.

The following sample returns a list of application resources with the enabled attribute value set to true:

curl -X "GET" "https://api.pingone.com/v1/environments/{environmentId}/applications?filter=enabled%20eq%20%22true%22" \
-H 'Content-type: application/json' \
-H 'Authorization: Bearer jwtToken'

The response data shows only the application resources with an enabled status of true.

Get-one-application

To get data for a single application resource, the GET /environments/{environmentId}/applications/{applicationId} operation returns data only for the application resource with the specified ID.

curl -X GET "https://api.pingone.com/v1/environments/{environmentId}/applications/{applicationId}" \
-H "Content-type: application/json" \
-H "Authorization: Bearer jwtToken"

The response data looks like this:

{
    "_links": {
        "self": {
            "href": "https://api.pingone.com/v1/environments/02d37832-476a-431b-8a60-d77cecd7005c/applications/7ce83e9d-fc62-4fae-a62f-86e422e411b6"
        },
        "environment": {
            "href": "https://api.pingone.com/v1/environments/02d37832-476a-431b-8a60-d77cecd7005c"
        },
        "secret": {
            "href": "https://api.pingone.com/v1/environments/02d37832-476a-431b-8a60-d77cecd7005c/applications/7ce83e9d-fc62-4fae-a62f-86e422e411b6/secret"
        },
        "openidConnect": {
            "href": "https://api.pingone.com/v1/environments/02d37832-476a-431b-8a60-d77cecd7005c/applications/7ce83e9d-fc62-4fae-a62f-86e422e411b6/client"
        },
        "grants": {
            "href": "https://api.pingone.com/v1/environments/02d37832-476a-431b-8a60-d77cecd7005c/applications/7ce83e9d-fc62-4fae-a62f-86e422e411b6/grants"
        }
    },
    "name": "Safari",
    "enabled": false,
    "type": "SERVICE",
    "environment": {
        "id": "02d37832-476a-431b-8a60-d77cecd7005c"
    },
    "id": "7ce83e9d-fc62-4fae-a62f-86e422e411b6"
}

Add applications

The POST /environments/{environmentId}/applications operation adds a new application resource to the specified environment.

curl -X "POST" "https://api.pingone.com/v1/environments/{environmentId}/applications" \
-H 'Content-type: application/json' \
-H 'Authorization: Bearer jwtToken' \
-d $'{
  "name": "Imaging Services",
  "description": "Digital printing services.",
  "enabled": true,
  "type": "SERVICE",
  "loginPageUrl": "http://example.com",
  "protocol": "OPENID_CONNECT",
  "responseTypes": [
    "TOKEN",
    "ID_TOKEN"
  ],
  "grantTypes": [
    "IMPLICIT",
    "REFRESH_TOKEN"
  ],
  "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",
  "postLogoutRedirectUris": [
    "https://example.com"
  ],
  "redirectUris": [
    "http://localhost:3000/response",
    "http://localhost:3000/code/response",
    "https://example.com",
    "https://www.getpostman.com/oauth2/callback"
  ]
}'

In addition to the required name attribute, the request body also specifies a value of “true” for the enabled attribute. All other attribute values are optional for the POST request. If a value is not specified for the enabled attribute, it is set to false by default.

Note: If you set the protocol attribute to OPENID_CONNECT, you must provide values for the following OIDC settings:

  • responseTypes
  • grantTypes
  • tokenEndpointAuthMethod
  • postLogoutRedirectUris
  • redirectUris

The response data looks like this:

{
    "_links": {
        "self": {
            "href": "https://api.pingone.com/v1/environments/0bda42bc-d54f-449f-8d46-d5b8990c43ba/applications/4d5293f4-08a0-4fc6-a767-bf049230f5fe"
        },
        "environment": {
            "href": "https://api.pingone.com/v1/environments/0bda42bc-d54f-449f-8d46-d5b8990c43ba"
        }
    },
    "name": "Imaging Services",
    "description": "Digital printing services.",
    "enabled": true,
    "type": "SERVICE",
    "loginPageUrl": "http://example.com",
    "protocol": "OPENID_CONNECT",
    "responseTypes": [
      "TOKEN",
      "ID_TOKEN"
    ],
    "grantTypes": [
      "IMPLICIT",
      "REFRESH_TOKEN"
    ],
    "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",
    "postLogoutRedirectUris": [
      "https://example.com"
    ],
    "redirectUris": [
      "http://localhost:3000/response",
      "http://localhost:3000/code/response",
      "https://example.com",
      "https://www.getpostman.com/oauth2/callback"
    ]
    "environment": {
        "id": "0bda42bc-d54f-449f-8d46-d5b8990c43ba"
    },
    "id": "4d5293f4-08a0-4fc6-a767-bf049230f5fe"
}

If you set the protocol attribute to SAML, you must provide values for the following SAML settings:

  • spEntityId
  • acsUrls
  • assertionDuration
  • sloEndpoint
  • sloResponseEndpoint (optional)

The request looks like this:

curl -X "POST" "https://api.pingone.com/v1/environments/{environmentId}/applications" \
-H 'Content-type: application/json' \
-H 'Authorization: Bearer jwtToken' \
-d $'{
    "name": "Imaging Services",
    "description": "Digital printing services.",
    "enabled": true,
    "#loginPageUrl": "http://example.com",
    "type": "SERVICE",
    "protocol": "SAML",
    "#icon": {
        "id": "04ad537e-c9cd-45c3-abfb-f41946cfe374",
        "href": "https://upload.wikimedia.org/wikipedia/commons/a/a8/logo.jpg"
    },
    "assertionDuration": 30,
    "acsUrls": [
        "http://example.com"
    ],
    "sloEndpoint": "http://example.com/SLOService.php",
    "sloResponseEndpoint": "http://example.com/SLOServiceResponse.php",
    "spEntityId": "test"
}'

Update applications

To update a property value associated with a selected application resource, use the PUT /environments/{environmentId}/applications/{applicationId} operation to modify the specified attribute values. For example, you can change the description attribute value of the application.

curl -X "PUT" "https://api.pingone.com/v1/{environmentId}/applications/{applicationId}" \
-H 'Content-type: application/json' \
-H 'Authorization: Bearer jwtToken' \
-d $'{
  "description": "Digital printing and document scanning services."
}'

The request body specifies an updated property value for the description attribute to provide additional information about the application.

{
    "_links": {
        "self": {
            "href": "https://api.pingone.com/v1/environments/0bda42bc-d54f-449f-8d46-d5b8990c43ba/applications/4d5293f4-08a0-4fc6-a767-bf049230f5fe"
        },
        "environment": {
            "href": "https://api.pingone.com/v1/environments/0bda42bc-d54f-449f-8d46-d5b8990c43ba"
        }
    },
    "name": "Imaging Services",
    "description": "Digital printing and document scanning services.",
    "enabled": true,
    "type": "SERVICE",
    "loginPageUrl": "http://example.com",
    "protocol": "OPENID_CONNECT",
    "responseTypes": [
      "TOKEN",
      "ID_TOKEN"
    ],
    "grantTypes": [
      "IMPLICIT",
      "REFRESH_TOKEN"
    ],
    "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",
    "postLogoutRedirectUris": [
      "https://example.com"
    ],
    "redirectUris": [
      "http://localhost:3000/response",
      "http://localhost:3000/code/response",
      "https://example.com",
      "https://www.getpostman.com/oauth2/callback"
    ]
    "environment": {
        "id": "0bda42bc-d54f-449f-8d46-d5b8990c43ba"
    },
    "id": "4d5293f4-08a0-4fc6-a767-bf049230f5fe"
}

Get an application secret

An application resource’s secret is a required parameter when you submit a client_credentials request to the PingOne authorization server. The application’s secret attribute value will have a minimum length of 64 characters according to SHA-512 requirements when using the HS512 algorithm to sign ID tokens using the secret as the key.

The GET /environments/{environmentId}/applications/{applicationId}/secret operation returns the specified application resource’s secret attribute.

curl -X GET "https://api.pingone.com/v1/environments/{environmentId}/applications/{applicationId}/secret" \
-H "Content-type: application/json" \
-H "Authorization: Bearer jwtToken"

The response data looks like this:

{
    "_links": {
        "self": {
            "href": "https://api.pingone.com/v1/environments/0bda42bc-d54f-449f-8d46-d5b8990c43ba/applications/4d5293f4-08a0-4fc6-a767-bf049230f5fe/secret"
        },
        "environment": {
            "href": "https://api.pingone.com/v1/environments/0bda42bc-d54f-449f-8d46-d5b8990c43ba"
        },
        "application": {
            "href": "https://api.pingone.com/v1/environments/0bda42bc-d54f-449f-8d46-d5b8990c43ba/applications/4d5293f4-08a0-4fc6-a767-bf049230f5fe"
        }
    },
    "environment": {
        "id": "0bda42bc-d54f-449f-8d46-d5b8990c43ba"
    },
    "secret": "l2tO2tfqRWZ~DLZ1Dfi8rptBNgKzcJHtOPiqjJ0iJwaRXufnU5tzR51acNkzl5Hy"
}

Update an application secret

The following sample shows the POST /environments/{environmentId}/applications/{applicationId}/secret operation to generate a new client_secret value for the specified application resource. This request does not take any parameters in the request body. The application ID is specified in the request URL.

curl -X POST "https://api.pingone.com/v1/environments/{environmentId}/applications/{applicationId}/secret" \
-H "Content-type: application/json" \
-H "Authorization: Bearer jwtToken"

Get an application’s connection settings

An application resource’s id is a required parameter when you submit a client_credentials request.

The GET /environments/{environmentId}/applications/{applicationId}/client operation returns the application connection settings for the specified application resource.

curl -X GET "https://api.pingone.com/v1/environments/{environmentId}/applications/{applicationId}/client" \
-H "Content-type: application/json" \
-H "Authorization: Bearer jwtToken"

The response data looks like this:

{
    "_links": {
        "self": {
            "href": "https://api.pingone.com/v1/environments/0bda42bc-d54f-449f-8d46-d5b8990c43ba/applications/4d5293f4-08a0-4fc6-a767-bf049230f5fe/client"
        },
        "environment": {
            "href": "https://api.pingone.com/v1/environments/0bda42bc-d54f-449f-8d46-d5b8990c43ba"
        },
        "application": {
            "href": "https://api.pingone.com/v1/environments/0bda42bc-d54f-449f-8d46-d5b8990c43ba/applications/4d5293f4-08a0-4fc6-a767-bf049230f5fe"
        }
    },
    "environment": {
        "id": "0bda42bc-d54f-449f-8d46-d5b8990c43ba"
    },
    "application": {
        "id": "4d5293f4-08a0-4fc6-a767-bf049230f5fe"
    },
    "grantTypes": [
        "CLIENT_CREDENTIALS"
    ],
    "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC"
}

Update an application’s connection settings

When you update an application resource’s connection settings, you must specify a value for the grantTypes associated with the application. For more information about access grant types, see Getting started.

You must also specify a value for the tokenEndpointAuthMethod attribute, which determines the application authentication method. The application uses the token endpoint to obtain an access token. The tokenEndpointAuthMethod attribute supports the following authentication methods:

  • none

    An authentication method for public applications that do not have a client_secret. This method is often used with the implicit or refresh_token grant types.

  • client_secret_basic

    An authentication method in which an OAuth application uses the HTTP basic authentication scheme to obtain the access token.

  • client_secret_post

    An authentication method in which an OAuth application uses HTTP post authentication scheme to obtain the access token.

Note: The tokenEndpointAuthMethod attribute must not be set to NONE for a client_credentials grant type.

The PUT /environments/{environmentId}/applications/{applicationId}/client operation updates the application connection settings for the specified application resource.

curl -X PUT "https://api.pingone.com/v1/environments/02d37832-476a-431b-8a60-d77cecd7005c/applications/1e894703-52db-41a9-acb8-7bb5afa442ef/client" \
-H "Content-type: application/json" \
-H "Authorization: Bearer jwtToken" \
-d $'{
  "grantTypes": "refresh_token",
  "tokenEndpointAuthMethod": "none"
}'

The following table shows the relationships between the application type attribute and the default grantTypes, response_type, and tokenEndpointAuthMethod attributes.

Application type Grant type Response type Token endpoint authentication method
Non-interactive client_credentials token client_secret_basic
Native authorization_code, implicit, refresh_token token, id_token, code none
Web authorization_code, refresh_token code client_secret_basic
Single-page implicit token, id_token none

Note: For any application type (except non-interactive), you can specify either none, client_secret_basic, or client_secret_post as the tokenEndpointAuthMethod attribute value. Non-interactive applications use the client_credentials grant type, which does not support a tokenEndpointAuthMethod value of none.

Get SAML attributes

The GET /environments/{environmentId}/applications/{applicationId}/attributes endpoint returns a list of all SAML attributes for the application specified by its ID in the request URL.

curl -X "GET" "https://api.pingone.com/v1/environments/{environmentId}/applications/{applicationId}/attributes" \
-H 'Content-type: application/json' \
-H 'Authorization: Bearer jwtToken'

The response data looks like this:

{
    "_links": {
        "self": {
            "href": "https://api.pingone.com/v1/environments/912588d4-0d58-4cff-8e3b-cf9b7325b9f7/applications/a813421c-170b-49de-8627-0c3fbbe8a646/attributes"
        }
    },
    "_embedded": {
        "attributes": [
            {
                "_links": {
                    "self": {
                        "href": "https://api.pingone.com/v1/environments/912588d4-0d58-4cff-8e3b-cf9b7325b9f7/applications/a813421c-170b-49de-8627-0c3fbbe8a646/attributes/9ad3f0ad-2d89-492b-8a82-ad9d51a5ed30"
                    }
                },
                "name": "username",
                "value": "{user.id}",
                "required": false,
                "id": "9ad3f0ad-2d89-492b-8a82-ad9d51a5ed30",
                "environment": {
                    "id": "912588d4-0d58-4cff-8e3b-cf9b7325b9f7"
                },
                "application": {
                    "id": "a813421c-170b-49de-8627-0c3fbbe8a646"
                }
            }
        ]
    },
    "size": 1
}

If the application does not include any SAML attributes, the response data looks like this:

{
    "_links": {
        "self": {
            "href": "https://api.pingone.com/v1/environments/912588d4-0d58-4cff-8e3b-cf9b7325b9f7/applications/a813421c-170b-49de-8627-0c3fbbe8a646/attributes"
        }
    },
    "_embedded": {
        "attributes": []
    },
    "size": 0
}

Get one SAML attribute

To get data for a single SAML attribute associated with an application resource, the GET /environments/{environmentId}/applications/{applicationId}/attributes/{attributeId} operation returns data only for the application resource with the specified ID.

curl -X GET "https://api.pingone.com/v1/environments/{environmentId}/applications/{applicationId}/attributes/{attributeId}" \
-H "Content-type: application/json" \
-H "Authorization: Bearer jwtToken"

The response data looks like this:

{
    "_links": {
        "self": {
            "href": "https://api.pingone.com/v1/environments/912588d4-0d58-4cff-8e3b-cf9b7325b9f7/applications/a813421c-170b-49de-8627-0c3fbbe8a646/attributes/9ad3f0ad-2d89-492b-8a82-ad9d51a5ed30"
        },
        "application": {
            "href": "https://api.pingone.com/v1/environments/912588d4-0d58-4cff-8e3b-cf9b7325b9f7/applications/a813421c-170b-49de-8627-0c3fbbe8a646"
        }
    },
    "name": "username",
    "value": "{user.username}",
    "required": false,
    "id": "9ad3f0ad-2d89-492b-8a82-ad9d51a5ed30",
    "environment": {
        "id": "912588d4-0d58-4cff-8e3b-cf9b7325b9f7"
    },
    "application": {
        "id": "a813421c-170b-49de-8627-0c3fbbe8a646"
    }
}

Add SAML attributes

The POST /environments/{environmentId}/applications/{applicationId}/attributes operation adds a new SAML attribute to the application resource specified by its ID in the request URL.

curl -X "POST" "https://api.pingone.com/v1/environments/{environmentId}/applications/{applicationId}/attributes" \
-H 'Content-type: application/json' \
-H 'Authorization: Bearer jwtToken' \
-d $'{
	"name": "username",
	"value": "{user.username}",
	"required": false
}'

In the request body, the name and value attributes are required. All other attribute values are optional for the POST request.

The response data looks like this:

{
    "_links": {
        "self": {
            "href": "https://api.pingone.com/v1/environments/912588d4-0d58-4cff-8e3b-cf9b7325b9f7/applications/a813421c-170b-49de-8627-0c3fbbe8a646/attributes/9ad3f0ad-2d89-492b-8a82-ad9d51a5ed30"
        },
        "application": {
            "href": "https://api.pingone.com/v1/environments/912588d4-0d58-4cff-8e3b-cf9b7325b9f7/applications/a813421c-170b-49de-8627-0c3fbbe8a646"
        }
    },
    "name": "username",
    "value": "{user.username}",
    "required": false,
    "id": "9ad3f0ad-2d89-492b-8a82-ad9d51a5ed30",
    "environment": {
        "id": "912588d4-0d58-4cff-8e3b-cf9b7325b9f7"
    },
    "application": {
        "id": "a813421c-170b-49de-8627-0c3fbbe8a646"
    }
}

Update SAML attributes

The PUT /environments/{environmentId}/applications/{applicationId}/attributes/{attributeId} operation updates the SAML attribute specified by its ID in the request URL.

curl -X "PUT" "https://api.pingone.com/v1/environments/{environmentId}/applications/{applicationId}/attributes/{attributeId}" \
-H 'Content-type: application/json' \
-H 'Authorization: Bearer jwtToken' \
-d $'{
	"name": "username",
	"value": "{user.id}",
	"required": true
}'

The response data looks like this:

{
    "_links": {
        "self": {
            "href": "https://api.pingone.com/v1/environments/912588d4-0d58-4cff-8e3b-cf9b7325b9f7/applications/a813421c-170b-49de-8627-0c3fbbe8a646/attributes/9ad3f0ad-2d89-492b-8a82-ad9d51a5ed30"
        },
        "application": {
            "href": "https://api.pingone.com/v1/environments/912588d4-0d58-4cff-8e3b-cf9b7325b9f7/applications/a813421c-170b-49de-8627-0c3fbbe8a646"
        }
    },
    "name": "username",
    "value": "{user.id}",
    "required": true,
    "id": "9ad3f0ad-2d89-492b-8a82-ad9d51a5ed30",
    "environment": {
        "id": "912588d4-0d58-4cff-8e3b-cf9b7325b9f7"
    },
    "application": {
        "id": "a813421c-170b-49de-8627-0c3fbbe8a646"
    }
}

Delete SAML attributes

To delete a SAML attribute associated with an application resource, you need to specify the the application resource ID and the attribute ID. The DELETE /environments/{environmentId}/applications/{applicationId}/attributes/{attributeId} operation deletes the identified SAML attribute from the specified application.

curl -X "DELETE" "https://api.pingone.com/v1/environments/{environmentId}/applications/{applicationId}/attributes/{attributeId}" \
-H 'Content-type: application/json' \
-H 'Authorization: Bearer jwtToken'

For successful delete operations, a 204 NO CONTENT message is returned by the request.

Delete an application

To delete an application resource, you need to specify the environment ID and the application resource ID. The DELETE /environments/{environmentId}/applications/{applicationId} operation deletes the identified application resource.

curl -X "DELETE" "https://api.pingone.com/v1/environments/{environmentId}/applications/{applicationId}" \
-H 'Content-type: application/json' \
-H 'Authorization: Bearer jwtToken'

For successful delete operations, a 204 NO CONTENT message is returned by the request.