Deploy for sideband API access management
A PingAccess API access management sideband deployment enables an organization to quickly set up an environment that provides a secure method of managing access rights to API-based applications while integrating with existing identity management infrastructure and minimal network configuration changes.
With growing numbers of internal and external users, and more enterprise resources available online, ensure that qualified users can access only those applications to which they have permission. An application programming interface (API) access environment provides authentication and policy-based access management while integrating with existing infrastructure.
The PingAccess sideband plugin is installed on the API gateway serving the protected API applications and configured to communicate with PingAccess server also deployed on the network. When the API gateway intercepts a client request to a protected API resource, it performs the following actions:
-
Intercepts inbound requests to API applications
-
Sends requests to the PingAccess sideband API endpoint, sending along relevant request information needed by policy server
-
Receives responses from policy server and follows the instructions from policy server, modifies the request as specified, and allows the request to proceed to the target resource
-
Intercepts responses from the application
-
Sends requests to the PingAccess sideband API endpoint, sending along relevant response information needed by the policy server.
-
Applies modifications from the policy server and relays response
The PingAccess policy server listens for agent requests and performs the following actions:
-
Evaluates application and resource-level policies and validates the tokens in conjunction with an OpenID Connect (OIDC) Policy configured within PingFederate
-
Acquires the appropriate HTTP request header configuration from the associated identity mappings
-
Sends a response with instructions on whether to allow the request and how to modify the client request headers