---
title: Deploy for gateway API access management
description: A PingAccess API access management deployment enables an organization to quickly set up an environment that provides a secure method of controlling access to APIs while integrating with existing identity management infrastructure.
component: pingaccess
version: 9.0
page_id: pingaccess:reference_guides:pa_deploy_for_gateway_api_access_management
canonical_url: https://docs.pingidentity.com/pingaccess/9.0/reference_guides/pa_deploy_for_gateway_api_access_management.html
revdate: February 6, 2023
---

# Deploy for gateway API access management

A PingAccess API access management deployment enables an organization to quickly set up an environment that provides a secure method of controlling access to APIs while integrating with existing identity management infrastructure.

Pressure from an expanding mobile device and application programming interface (API) *(tooltip: \<div class="paragraph">
\<p>A specification of interactions available for building software to access an application or service.\</p>
\</div>)* economy can lead developers to hastily design and expose APIs outside the network perimeter. Standardized API access management leads to a more consistent, centrally-controlled model that ensures existing infrastructure and security policies are followed, thereby safeguarding an organization's assets.

PingAccess Gateway sits at the perimeter of a protected network between mobile, in-browser, or server-based client applications and protected APIs and performs the following actions:

* Receives inbound API calls requesting protected applications

  OAuth *(tooltip: \<div class="paragraph">
  \<p>A standard framework that enables an application (OAuth client) to obtain access tokens from an OAuth authorization server for the purpose of retrieving protected resources on a resource server.\</p>
  \</div>)*-protected API calls contain previously-obtained access tokens retrieved from PingFederate acting as an OAuth authorization server.

* Evaluates application and resource-level policies and validates access tokens in conjunction with PingFederate

* Acquires the appropriate target site security token (site authenticators) from the PingFederate Security Token Service (STS) *(tooltip: \<div class="paragraph">
  \<p>An entity responsible for responding to WS-Trust requests for validation and issuance of security tokens used for SSO authentication to web services.\</p>
  \</div>)* or from a cache, including attributes and authorized scopes, should an API require identity mediation

* Makes authorized requests to the APIs and responses are received and processed

* Relays the responses on to the clients

The following sections describe sample proof of concept and production architectures for an API access management use case deployment:

* [API Access Management POC Deployment Architecture](pa_api_access_management_proof_of_concept_deployment_architecture.html)

* [API Access Management Production Deployment Architecture](pa_api_access_management_production_deployment_architecture.html)