---
title: /uma/permission_request
description: UMA permission endpoint, as defined in the Federated Authorization for User-Managed Access (UMA) 2.0 specification.
component: pingam
version: 8.1
page_id: pingam:uma:endpoint-permission_request
canonical_url: https://docs.pingidentity.com/pingam/8.1/uma/endpoint-permission_request.html
keywords: ["User-Managed Access (UMA)", "Endpoints", "Permission Request"]
page_aliases: ["uma-guide:endpoint-permission_request.adoc"]
---

# /uma/permission\_request

UMA permission endpoint, as defined in the [Federated Authorization for User-Managed Access (UMA) 2.0](https://docs.kantarainitiative.org/uma/wg/oauth-uma-federated-authz-2.0-08.html#permission-endpoint) specification.

Use this endpoint to request permission tickets to the authorization server during the [UMA grant flow](uma-grant-flow.html).

> **Collapse: Supported HTTP methods**
>
> | Action  | HTTP method |
> | ------- | ----------- |
> | Request | POST        |

You must compose the path to the token endpoint addressing the specific realm where the token will be issued. For example, `https://am.example.com:8443/am/uma/realms/root/realms/subrealm1/permission_request`.

The permission request endpoint does not support any parameters. To authenticate to the endpoint, send an `Authorization: Bearer` header with the PAT of the resource owner.

To request a ticket, send an HTTP POST request to the endpoint specifying the resource and the scope that the permission ticket applies to in the payload, as a JSON object that follows the UMA 2.0 specification. For example:

```bash
$ curl -X POST \
--header 'authorization: Bearer 057ad16f-7dba-4049-9f34-e609d230d43a' \
--header 'content-type: application/json' \
--data '[
    {
        "resource_id" : "ef4d750e-3831-483b-b395-c6f059b5e15d0",
        "resource_scopes" : ["download"]
    }
]' \
"https://am.example.com:8443/am/uma/realms/root/realms/alpha/permission_request"
{
    "ticket": "eyJ0eXAiOiJ…​XPeJi3E"
}
```

Both of the objects in the JSON body are required. To obtain the resource ID, query the [/uma/resource\_set](endpoint-resource_set.html) endpoint.

|   |                                                                                                                                                                                     |
| - | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|   | The default lifetime for a permission ticket is 120 seconds. To change it, go to Realms > *realm name* > Services > UMA Provider, and edit the Permission Ticket Lifetime property. |

For an example of requesting a permission ticket in the flow, see [UMA grant flow](uma-grant-flow.html).