--- title: Resources description: Resources in PingOne represent web application endpoints (APIs) protected by OAuth 2 authorization services. component: pingone page_id: pingone:applications:p1_resources canonical_url: https://docs.pingidentity.com/pingone/applications/p1_resources.html revdate: November 20, 2024 section_ids: attributes: Attributes scopes: Scopes permissions: Permissions --- # Resources Resources in PingOne represent web application endpoints (APIs) protected by OAuth *(tooltip: \
\

A standard framework that enables an application (OAuth client) to obtain access tokens from an OAuth authorization server for the purpose of retrieving protected resources on a resource server.\

\
)* 2 authorization services. When you define an application in PingOne and specify its allowed scopes, you identify the resources that users can access when they sign on to that application. | | | | - | -------------------------------------------------------------------- | | | Connections to external resources must use open standards protocols. | ## Attributes You can map PingOne user attributes to attributes in your resource. Learn more in [Mapping attributes](../directory/p1_editsamlattributemapping.html). ## Scopes Resources have scopes, and applications can request an access token that's associated with specific scopes when the token is granted. The endpoint enforces access through the encoded representation of the scopes in the access token. The endpoint decodes the token to determine the permissions allowed for the application. Learn more about predefined PingOne resources in [Resource scopes](p1_resource_scopes.html). ## Permissions With PingOne Authorize, you can use application permissions to set up role-based access control for API resources. A resource's application permissions control the kinds of actions users can perform on protected endpoints. Learn more in [Application permissions](p1_application_permissions.html).