Hosting Environment
Operating System
Task Type
Draft Beta

PingIntelligence for APIs: API Security Enforcer 3.2.1

Updated 66

Add to MyDocs | Hide Show Table of Contents

Sideband API Security Enforcer

When deployed in sideband mode. ASE receives API calls from an API gateway which passes API traffic information for AI processing. In such a deployment, ASE works along with the API gateway to protect your API environment. The following diagram shows a typical ASE sideband deployment:

The following is a description of the traffic flow through the API gateway and Ping Identity ASE.

  1. Incoming request to API gateway
  2. API gateway makes an API call to send the request detail in JSON format to ASE
  3. ASE checks the request against a registered set of APIs and checks the origin IP against the AI generated Blacklist. If all checks pass, ASE returns a 200-OK response to the API gateway. Else, a different response code is sent to the Gateway. The request is also logged by ASE and sent to the AI Engine for processing.
  4. If the API gateway receives a 200-OK response from ASE, then it forwards the request to the backend server, else the Gateway returns a different response code to the client.
  5. The response from the backend server is received by the API gateway.
  6. The API gateway makes a second API call to pass the response information to ASE which sends the information to the AI engine for processing.
  7. ASE receives the response information and sends a 200-OK to the API gateway.
  8. API gateway sends the response received from the backend server to the client.
Note: Make sure that XFF is enabled in the API gateway for ASE to detect the client IP addresses correctly.

Configuring ASE for sideband

To configure ASE to work in the sideband mode, edit the ase.conf file located in the config directory. Set the value of the mode parameter to sideband. The default value of the mode parameter is inline. Following is a snippet of the ase.conf file with the mode parameter set to sideband.

; Defines running mode for API Security Enforcer.

Tags Product > PingIntelligence; Product > PingIntelligence > PingIntelligence 3.2