Grants


Applications resource grant API operations

The Applications resource grant endpoints support the following operations:

For hands-on experience with the Applications API endpoints, click the Run in Postman button below to download a Postman collection that you can import and open in your local Postman application.

Applications resource grant data model

Property Description
application.id A string that specifies the application resource ID.
createdAt The time the resource was created.
id A string that specifies the application resource grant ID.
resource.id A string that specifies the ID of the protected resource associated with this grant. This is a required property.
scopes.id A array that specifies the IDs of the scopes associated with this grant. This is a required property.
updatedAt The time the resource was last updated.

Response codes

Code Message
200 Successful operation.
201 Successfully created.
204 Successfully removed. No content.
400 The request could not be completed.
401 You do not have access to this resource.
403 You do not have permissions or are not licensed to make this request.
404 The requested resource was not found.
500 An unexpected error occurred.

Endpoint examples

Get application grants

The GET /environments/{environmentId}/applications/{applicationId}/grants endpoint returns a list of all resource access grants for the application specified in the request URL.

curl -X "GET" "https://api.pingone.com/v1/environments/{environmentId}/applications/{applicationId}/grants" \
-H 'Authorization: Bearer jwtToken'

The response data looks like this.

{
    "_links": {
        "self": {
            "href": "https://api.pingone.com/v1/environments/88c23def-39c9-4646-8d41-aa91a14a1006/applications/cf12be70-c56d-45b6-b45a-956cfbf7fc6c/grants"
        }
    },
    "_embedded": {
        "grants": [
            {
                "_links": {
                    "self": {
                        "href": "https://api.pingone.com/v1/environments/88c23def-39c9-4646-8d41-aa91a14a1006/applications/cf12be70-c56d-45b6-b45a-956cfbf7fc6c/grants/3186744d-7d70-4d25-8406-f555c232d9b8"
                    },
                    "environment": {
                        "href": "https://api.pingone.com/v1/environments/88c23def-39c9-4646-8d41-aa91a14a1006"
                    },
                    "resource": {
                        "href": "https://api.pingone.com/v1/environments/88c23def-39c9-4646-8d41-aa91a14a1006/resources/f110aebc-2cc1-4430-bdbb-816e741c7aeb"
                    },
                    "application": {
                        "href": "https://api.pingone.com/v1/environments/88c23def-39c9-4646-8d41-aa91a14a1006/applications/cf12be70-c56d-45b6-b45a-956cfbf7fc6c"
                    }
                },
                "id": "3186744d-7d70-4d25-8406-f555c232d9b8",
                "environment": {
                    "id": "88c23def-39c9-4646-8d41-aa91a14a1006"
                },
                "resource": {
                    "id": "f110aebc-2cc1-4430-bdbb-816e741c7aeb"
                },
                "application": {
                    "id": "cf12be70-c56d-45b6-b45a-956cfbf7fc6c"
                },
                "scopes": [
                    {
                        "id": "d40c91da-a438-41a5-b519-1cc5dd08d2b4"
                    }
                ],
                "createdAt": "2019-03-21T23:30:25.313Z",
                "updatedAt": "2019-03-21T23:30:25.313Z"
            }
        ]
    },
    "count": 1,
    "size": 1
}

Get one application grant

To get data for a single application resource grant, the GET /environments/{environmentId}/applications/{applicationId}/grants/{grantId} operation returns data only for the application resource grant with the specified ID.

curl -X GET "https://api.pingone.com/v1/environments/{environmentId}/applications/{applicationId}/grants/{grantId}" \
-H "Authorization: Bearer jwtToken"

Add an application grant

The POST /environments/{environmentId}/applications/{applicationId}/grants operation creates a new resource access grant for the application specified in the request URL. You must specify the resource property ID to create the resource access grant. You can also identify the scopes from the resource being granted. The scopes property allows a list of OIDC scopes to associate with the resource access grant.

curl -X "POST" "https://api.pingone.com/v1/environments/{environmentId}/applications" \
-H 'Content-type: application/json' \
-H 'Authorization: Bearer jwtToken' \
-d '{
    "resource": {
        "id": "<resourceID>"
    },
    "scopes": [
        {
        	"id": "<OIDCscopeID>"
        }
    ]
}'

Update an application grant

To update a property value associated with a selected application resource grant, use the PUT /environments/{environmentId}/applications/{applicationId}/grants/{grantId} operation to modify the attribute values for the specified grant resource. For example, you can change the scopes attribute value to add another OIDC scope ID.

curl -X "PUT" "https://api.pingone.com/v1/{environmentId}/applications/{applicationId}/grants/{grantId}" \
-H 'Content-type: application/json' \
-H 'Authorization: Bearer jwtToken' \
-d '{
    "resource": {
        "id": "<resourceID>"
    },
    "scopes": [
        {
        	"id": "<OIDCscopeID>"
        }
        {
        	"id": "<anotherOIDCscopeID>"
        }
    ]
}'

Delete an application grant

To delete an application resource grant, you need to specify the environment ID, the application ID, and the grant ID. The DELETE /environments/{environmentId}/applications/{applicationId}/grants/{grantId} operation deletes the identified application resource grant.

curl -X "DELETE" "https://api.pingone.com/v1/environments/{environmentId}/applications/{applicationId}/grants/{grantId}" \
-H 'Authorization: Bearer jwtToken'

For successful delete operations, a 204 NO CONTENT message is returned by the request.