sunleo sunleo - 5 months ago 33
reST (reStructuredText) Question

PingFederate and PingAccess REST APIs using Authorization token

I am calling PF and PA REST Web services using username and password but it seems vulnerable to provide credentials.Is there a way to provide the only Authorization code for REST AP service calls instead of credentials?.

At the moment am calling in this way

root@ubuntu:/home/joe# curl -k -u "**UserName:Password**" -H "X-Xsrf-Header: PingAccess" https://localhost:9000/pa-admin-api/v1/virtualhosts


The PingAccess administrative API supports OAuth Access Tokens for authentication. They must be access tokens issued by PingFederate (using any grant type) and contain a configured scope for administrative API access. For more details see:

PingFederate itself currently does not support OAuth for administrative APIs however there are a number of options for authentication. The most secure form of authentication currently supported is client certificate authentication. For more details, see: