Add a custom resource for your protected endpoints.

Application resources are features that users want to access, such as checking and savings accounts, an investment services add-on, or an invoicing module in a business application.

Note:

PingOne platform resources, such as identities and PingOne APIs, are protected by PingOne platform roles and permissions. Application resources protect access to resources that are developed by your organization’s engineering teams.

An application permission is the combination of an action and a resource. Think of permissions as actions that can be taken on a resource. Configure application permissions by assigning actions to application resources.

Note:

You can add up to 128 application resources and 128 application permissions in each PingOne environment.

For example, consider a business application called BizPro that has invoicing capabilities. Endpoints for the associated invoicing API allow the following actions on the invoices resource:

  • Read invoices: GET /bizpro/invoices
  • Create an invoice: POST /bizpro/invoices
  • Update an invoice: PUT /bizpro/invoices/{{invoiceId}}
  • Pay an invoice: POST /bizpro/invoices/{{invoiceId}}/pay
  • Void an invoice: POST /bizpro/invoices/{{invoiceId}}/void

To control access to invoices, you create corresponding application permissions:

  • Invoices:Read
  • Invoices:Write
  • Invoices:Update
  • Invoices:Pay
  • Invoices:Void

Application roles simplify managing these permissions. For example, David, an invoicing processor, might have permissions to create and pay invoices, while Melissa, the billing supervisor, can view and void invoices. For more information, see Adding an application role.

  1. Go to Applications > Resources and locate the resource for your protected endpoints.
  2. Click the resource to open the details pane.
  3. On the Permissions tab, click + Add Permissions.
    Screen capture showing the + Add Permissions button on the Permissions tab.
  4. Enter a unique Name for the application resource and an optional Description. Click Next.
    Screen capture showing the Name and Description fields in the Create Application Resource window.
    Note:

    The name can include Unicode letters, marks, numbers, spaces, forward slashes, dots, apostrophes, underscores, and hyphens, with a maximum length of 20 characters.

  5. Configure permissions for the application resource:
    1. For each action that you want to protect with a permission, enter an Action.
    2. Optional: Enter a Description for the action.
      Screen capture showing the Application Resource, Action, and Description columns in the Configure Permission window.
    3. Click + Add to add another action.
  6. Click Save.

Assign permissions to roles.