PingFederate includes a REST-based API for administrative functions. The administrative API provides a programmatic way to make configuration changes to PingFederate as an alternative to using the administrative console.
- Adapters and connections
- Authentication policy contracts
- Cluster management
- Data stores and password credential validators
- Keys and certificates
- License management
- Local administrative account management
- OAuth settings
- Server settings
For a complete list, see Accessing the API interactive documentation.
Initial setup using the administrative API
After installing PingFederate you can make four unauthenticated administrative API requests to perform the following tasks:
- A GET request to /license/agreement to retrieve a URL to the license agreement.
- A PUT request to /license/agreement to accept the license agreement.
- A PUT request to /license to import a license file.
- A POST request to /administrativeAccounts to create the first local administrative account, for native authentication.
You must assign the User Admin administrative role,
the first local administrative account. Other administrative roles are optional at this
point. For more information, see the interactive documentation for the administrative API
Accessing the API interactive documentation.
After the first local administrative account is created, you can make other authenticated administrative API requests to configure various components in PingFederate.
Authentication and authorization
Similar to the administrative console, access to the administrative API is protected after initial setup. The administrative API supports various authentication and authorization options. For more information, see Configure access to the administrative API.
The administrative API supports concurrent access. When concurrent API calls are made to modify the same API resource, such as the identity provider (IdP) adapter instance or the service provider (SP) connection, PingFederate processes the last request made.
PingFederate records actions performed through the administrative API in the admin-api.log file. Information includes the time of the event, the action performed, the authentication method, and other fields. For more information, see Administrative API audit log.