To begin using the PingOne Platform APIs, you will need to complete the following tasks:

Configure an application connection using the PingOne Admin Console application.
Get the application’s access token (a JSON Web Token).
Use the access token to run a simple API request.

After you complete these tasks, you can make any PingOne API calls allowed by the permissions encoded in your access token. For general information about PingOne APIs, see Management APIs Overview and Authentication APIs Overview.

Note: To create a PingFederate worker application for use with the PingOne MFA product, see Getting Started with PingOne MFA. For more information about PingFederate worker application configuration properties, see CREATE Application (OIDC Protocol - PingFederate Worker App).

Configure an application connection

Application connections determine how PingOne integrates with client applications. When you define the application connection, you also define the application’s access to PingOne resources, which are encoded in the application’s access token. To make calls to the PingOne API, you must submit your access token with the API request.

To acquire an access token, you can use the Admin Console to configure your first application connection. To create the application connection:

Click Connections.
Click + Add Application.
Select the Worker application type.
Click Configure.
Create the application profile by entering the following information:
- Application name. A unique identifier for the application.
- Description (optional). A brief characterization of the application.
- Icon (optional). A pictorial representation of the application. Use a file up to 1MB in JPG, JPEG, GIF, or PNG format.
Click Save and Close.

The Applications page shows the new application. To view the application’s access token, you must enable the new application:

Click the enable/disable button at the right. The toggle switch shows green to indicate that the new application is enabled.

To get the access token:

Click the application’s details icon (located to the right of the enable/disable button).
Click the Configuration tab.
Click Get Access Token.
From the Access Token window, click Copy Access Token to copy the access token.

Note: To run an API test, you also need the environment ID associated with this application connection.

To get your environment ID from the Admin Console:

Click Settings.
Click Environment.
Click Properties.

The Properties page shows the environment ID.

Test your access token

Your PingOne account has at least one defined environment resource. You can use the PingOne APIs to return information about the environment resource associated with your application connection.

In the North America (NA) region:

curl -X GET "https://api.pingone.com/v1/environments/{environmentId}" \
-H "Authorization: Bearer jwtToken"

In the European Union (EU) region:

curl -X GET "https://api.pingone.eu/v1/environments/{environmentId}" \
-H "Authorization: Bearer jwtToken"

In the Asia Pacific (AP) region:

curl -X GET "https://api.pingone.asia/v1/environments/{environmentId}" \
-H "Authorization: Bearer jwtToken"

The jwtToken value in your request is your full base64url-encoded access token generated by the PingOne authentication service. If your token is valid, the API request returns a 200: Successful operation message. It also displays the property data for the environment and HAL links to show the related resources associated with the environment.