PingOne Authorize provides three default endpoints for deployment stages: Dev, Test, and Prod. You can add up to 30 endpoints in each environment and update or delete endpoints to suit your organization’s needs.


Endpoints that correspond to API services are required for API Access Management policy deployment. These endpoints are managed by the system and you can’t delete them.

You can configure an endpoint to use the latest version of a policy, or you can deploy a specific named version of a policy to the endpoint. When you use the latest version of a policy, any updates to the policy are published to the endpoint automatically. Because this compiles a publishing package each time a request is made to the endpoint and can cause a slower system response, Use latest is intended for policy development and debugging only. By default, the Dev stage endpoint is configured to use the latest version of a policy. You can change this setting, or configure endpoints for other stages to use the latest version or specific versions of policies.

You can configure decision endpoints to keep track of the 20 most recent decisions made during the last 24 hours. It’s helpful to enable this setting during policy development as a debugging tool so you can visualize and examine recent decisions. This can cause a slower system response, so the setting is disabled by default.

Event subscriptions, or webhooks, enable you to use third-party tools to monitor audit events for decision endpoints.

The PingOne API provides operations to create, read, update, and delete decision endpoint resources. It also provides an evaluation action to execute a decision request against a resource. For more information about using the API, see PingAuthorize Policy Decision Service.