--- title: PingAccess API endpoints description: The following endpoints enable external applications to communicate with the PingAccess server and provide complete administrative capabilities for PingAccess. component: pingaccess version: 9.1 page_id: pingaccess:reference_guides:pa_api_endpoints canonical_url: https://docs.pingidentity.com/pingaccess/9.1/reference_guides/pa_api_endpoints.html revdate: June 1, 2026 --- # PingAccess API endpoints The following endpoints enable external applications to communicate with the PingAccess server and provide complete administrative capabilities for PingAccess. * [Heartbeat endpoint](pa_heartbeat_endpoint.html) Enables administrators to verify that the server is running. * [OpenID Connect endpoints](pa_oidc_endpoints.html) Enables PingFederate or other token providers to interface with PingAccess using the OpenID Connect (OIDC) *(tooltip: \
\

An authentication protocol built on top of OAuth that authenticates users and enables clients (relying parties) of all types to request and receive information about authenticated sessions and users. OIDC is extensible, allowing clients to use optional features such as encryption of identity data, discovery of OpenID Providers (OAuth authorization servers), and session management.\

\
)* protocol. * [Authentication Token Management endpoint](pa_authn_token_management_endpoint.html) Enables protected applications to validate authentication tokens issued by a PingAccess identity mapping. * [OAuth endpoint](pa_oauth_endpoint.html) Enables an OAuth authorization server (OAuth AS) *(tooltip: \
\

The authorizing service in an OAuth framework that issues and manages access tokens for clients to access protected resources.\

\
)* to interface with PingAccess as an OAuth resource server. * [Clustered engine endpoint](pa-engine-endpoints.html) Enables clustered PingAccess engine nodes to automatically pull updated certificate information from the admin node. * [Administrative API endpoints](pa_admin_api_endpoints.html) Enables users to use PingAccess administrative functions. These are REST APIs that include documentation and testing tools. | | | | - | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | Some endpoint examples in this document include the default application reserved path, `/pa`. You can modify the reserved path using the [PingAccess Admin API](pa_admin_api_endpoints.html). If you do, you must update endpoint and other applicable application URLs accordingly.Similarly, if you select the **Use context root as reserved resource base path** checkbox on your PingAccess application, you must enter the context root of the application before the reserved path in endpoint and other applicable application URLs. For example, if the context root of your application is `myApp` and you haven't modified the reserved path, use the path `myApp/pa` instead of `/pa`. | The features documented here are affected by the settings in the [`run.properties` file](pa_config_file_ref.html).