- Adapters and connections
- Authentication policy contracts
- Cluster management
- Data stores and password credential validators
- Keys and certificates
- License management
- Local administrative account management
- OAuth settings
- Server settings
Initial setup using the administrative API
After installing PingFederate, instead of using the administrative console to begin the initial setup process, you may make four unauthenticated administrative API requests to perform the following tasks:
- A GET request to /license/agreement to retrieve an URL to the license agreement.
- A PUT request to /license/agreement to accept the license agreement.
- A PUT request to /license to import a license file.
- A POST request to /administrativeAccounts to create the first local administrative account (for native authentication).
You must assign the administrative role User Admin
USER_ADMINISTRATOR) to the first local administrative account. Other
administrative roles are optional at this point. For more information, refer to the
interactive documentation for the administrative API (see Accessing the API interactive documentation).
Once the first local administrative account is created, you can make other authenticated administrative API requests to configure various components in PingFederate.
Similar to the administrative console, access to the administrative API is protected after initial setup. The administrative API supports various authentication options, see Configure access to the administrative API for more information.
The administrative API supports concurrent access. When concurrent API calls are made to modify the same API resource (such as the same IdP Adapter instance or the same SP connection), the last request processed by PingFederate wins.
PingFederate records actions performed via the administrative API in the admin-api.log file. Information includes the time of the event, the action performed, the authentication method, and other fields. For more information, see Administrative API audit log.