--- title: /uma/claims_gathering description: AM-specific endpoint for handling interactive claims-gathering requests during UMA flows. component: pingam version: 8.1 page_id: pingam:uma:endpoint-claims_gathering canonical_url: https://docs.pingidentity.com/pingam/8.1/uma/endpoint-claims_gathering.html keywords: ["User-Managed Access (UMA)", "Endpoints", "Claims Gathering Requests"] page_aliases: ["uma-guide:endpoint-claims_gathering.adoc"] --- # /uma/claims\_gathering AM-specific endpoint for handling interactive claims-gathering requests during UMA flows. | | | | - | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | This endpoint is protected by the CSRF parameter, similar to the `/oauth2/authorize` endpoint. However, the CSRF parameter only takes the value of the SHA-256 hash of the requesting party's session ID. | > **Collapse: Supported HTTP methods** > > | Action | HTTP method | > | ------- | ----------- | > | Request | GET | > | Request | POST | For GET requests, the endpoint does the following: * validates that the request has all the required parameters * checks that the provided `claims_redirect_uri` is valid * checks whether a session was provided with the request * if there is a session, validates the session and checks whether it was obtained by authenticating with the claims gathering tree * if the session is invalid, rotates the permission ticket, and redirects the user to the claims gathering tree for authentication * if the session is valid, displays a consent page, where the end user can request that a PCT *(tooltip: persisted claims token)* be issued. For POST requests, the endpoint does the following: * validates the CSRF token * saves the authorization decision and the gathered claims in the permission ticket, and rotates the ticket * returns the new ticket to the `claims_redirect_uri` so that the client can continue with the authorization flow To authenticate to the endpoint, send the SSO token of the resource owner as the value of the `iPlanetDirectoryPro` header.