The Directory REST API is the native interface for client access to the PingDirectory server.
Instead of trying to manage directory hierarchy or require attribute mapping, the Directory REST API provides direct access to directory data in a way that is dynamic, discoverable, and efficient. For more information, see PingDirectory REST API Reference and the Developer portal.
The Directory REST API gives developers who are more comfortable with REST than LDAP access to arbitrary directory data in a way that ensures that directory data remains consistent regardless of whether it is accessed from LDAP or REST.
The Directory API is enabled during server setup. After setup, individual services and applications can be enabled or disabled by configuring the HTTPS Connection Handler.
Although both the Directory REST API and System for Cross-domain Identity Management (SCIM) provide REST access to directory data, the goals of the two protocols are different. SCIM is useful to generic, external clients that require simple, narrow access to identity data, but because it's a less common standard for identity stores, it might not offer as much functionality or be as user-friendly as the Directory REST API.
The Directory REST API can be used for the following operations.
HTTP operation | Resource endpoint | Description | Allowed query parameters |
---|---|---|---|
DELETE |
|
Delete an entry |
Not applicable |
GET |
|
Get metadata about the API and server |
Not applicable |
GET |
|
Retrieve a single entry |
|
GET |
|
Search an entry's descendants |
|
GET |
|
Retrieve the schemas of all available object classes |
Not applicable |
GET |
|
Retrieve schema for a specific object class |
Not applicable |
GET |
|
Retrieve schema for operational attributes |
Not applicable |
GET |
|
Alias for retrieving the current user |
Not applicable |
PATCH |
|
Modify an entry (add or delete values) |
expand |
POST |
|
Create a new entry |
expand |
POST |
|
Generate a new password suggestion |
Not applicable |
POST |
|
Get password quality requirements |
Not applicable |
POST |
|
Modify an existing password |
Not applicable |
POST |
|
Generate an access token using a password only, or a password in combination with a TOTP, OTP, or registered YubiKey |
Not applicable |
POST |
|
Generate a time-based, one-time shared secret to exchange for a TOTP |
Not applicable |
POST |
|
Revoke a time-based, one-time shared secret |
Not applicable |
POST |
|
Generate an OTP and deliver it to the user out of band |
Not applicable |
POST |
|
Register a YubiKey device for a particular user |
Not applicable |
POST |
|
Revoke a YubiKey device for a particular user |
Not applicable |
PUT |
|
Modify or rename an entry |
expand Important:
You can't update a user’s Instead, use the |