---
title: Configuring PingAccess for Apigee integration
description: Before Apigee can use PingAccess as an external authorization policy runtime service, you must prepare PingAccess to receive authorization requests from Apigee.
component: pingaccess
version: 9.0
page_id: pingaccess:agents_and_integrations:pa_configuring_pa_for_apigee_integration
canonical_url: https://docs.pingidentity.com/pingaccess/9.0/agents_and_integrations/pa_configuring_pa_for_apigee_integration.html
revdate: August 8, 2025
section_ids:
  steps: Steps
---

# Configuring PingAccess for Apigee integration

Before Apigee can use PingAccess as an external authorization policy runtime service, you must prepare PingAccess to receive authorization requests from Apigee.

## Steps

1. Enable the Sideband service:

   1. Edit the `<PA Home>/conf/run.properties` file and set `sideband.http.enabled=true`.

   2. (Optional) By default, PingAccess listens for sideband clients on port 3020. You can choose a different port by editing the value of the `sideband.http.port` property.

      Learn more in [PingAccess port requirements](../installing_and_uninstalling_pingaccess/pa_installation_requirements.html#port-reqs) and [Configuration file reference](../reference_guides/pa_config_file_ref.html).

   3. Restart PingAccess.

2. Add a sideband client for Apigee:

   1. Go to **Applications > Sideband Clients** and click **[icon: plus, set=fa]Add Sideband Client**.

   2. Give the client a name that helps you identify the Apigee environment, such as `Apigee-dev`.

   3. Click **[icon: plus, set=fa]Add Secret**.

   4. Keep the header name of `CLIENT-TOKEN` unchanged, and copy the shared secret value.

      |   |                                                                      |
      | - | -------------------------------------------------------------------- |
      |   | You'll need the shared secret value during the Apigee configuration. |

   5. Click **Save**.

3. (Optional) Download the sideband listener HTTPS certificate.

   By default, the PingAuth shared flow is configured to trust the PingAccess Sideband Listener HTTPS certificates only if they're issued from a well-known certificate authority (CA) *(tooltip: \<div class="paragraph">
   \<p>An entity that issues digital certificates.\</p>
   \</div>)*. To trust specific HTTPS certificates for PingAccess servers:

   1. Go to **Security > Key Pairs**.

   2. Click the **Pencil** icon next to the key pair labeled **SIDEBAND**.

   3. Click **Download Certificate** and save the public key certificate.

      |   |                                                                         |
      | - | ----------------------------------------------------------------------- |
      |   | You'll need the public key certificate during the Apigee configuration. |