The gateway instance running within your infrastructure authenticates with PingOne through a gateway credential. The examples that follow show common actions to create and manage gateway credentials.

You need the Environment Admin role to perform operations on gateway entities.

Gateway credentials data model

Property Description
createdAt A date that specifies the date the credential was created in Coordinated Universal Time (UTC). This is a required property.
id A string that specifies the auto-generated ID for this credential. This is the JWT’s jti claim. This is a required property.
lastUsedAt A date that specifies the date the credential was last used in UTC. This is a required property.
token A string that specifies the signed JWT for the gateway credential. This property is present only when the gateway credential is created.

Gateway credentials token claims

The gateway credential includes the following claims:

Claim Description
aud A string that lists of names of resources that this token is intended for (for example, https://api.pingone.com).
authUrl a string that specifies the authorization server URL (for example, https://auth.pingone.com).
consoleUrl A string that specifies the admin console URL (for example, https://console.pingone.com).
environmentId A string that specifies the environment ID of the authenticated user or application.
environmentName A string that specifies the name of the PingOne environment.
gatewayId A string that specifies the PingOne gateway ID.
gatewayName A string that specifies the name of the PingOne gateway.
gatewayType A string that specifies the name of the PingOne gateway type. Options are LDAP and PING_FEDERATE.
iat An integer that specifies the timestamp, measured in the number of seconds since January 1, 1970, UTC, indicating when this token was originally issued, as defined in JWT RFC7519.
iss A string that specifies the per-environment issue URI: wss://gateways.pingone.com.
jti A string that specifies the UUID for the token.
organizationId A string that specifies the PingOne organization ID of the authenticated user or application.
organizationName A string that specifies the name of the PingOne organization.
region A string that specifies the target region’s name.
targetClusterEnvironment A string that specifies the name of the PingOne target cluster envoronment.
targetGeography A string that specifies the target’s region. Options are NA, EU, and AP.

Response codes

Code Message
201 Successfully created.
204 Successfully removed. No content.
400 The request could not be completed.
401 You do not have access to this resource.
404 The requested resource was not found.