Attaching the PingAuth shared flow to API proxies in Apigee
Configure the PingAuth shared flow on the API proxies where you want to use PingAccess as the external authorization policy runtime service.
Steps
-
Add a Flow Callout policy:
-
In Develop → API Proxies, go to one of your APIs and click the Develop tab. Make sure that you are on the latest revision of the proxy.
-
In the Policies section of the Navigator, click to add a policy.
-
Add a Flow Callout Policy, and in the Shared Flow list, select PingAuth.
-
Click Save.
-
-
Attach the Flow Callout Policy to Flows.
When PingAccess is integrated as the external authorization policy runtime service for Apigee, it should be integrated in the preflow of the request to the proxy endpoint, because the authentication and authorization function provided by PingAccess should occur before most other policies execute.
You can consider other ways to integrate PingAccess by reading about flows at https://cloud.google.com/apigee/docs/api-platform/fundamentals/what-are-flows.
-
In the Proxy Endpoint section of the Navigator, click PreFlow, then click +Step to add a flow step to the request.
-
On the Existing tab, select the flow callout policy that you created, then click Add.
-
In the Target Endpoint section of the Navigator, select PreFlow, then add the flow callout policy as a Step to the Response flow.
This gives PingAccess an early opportunity to process the API response from the target API before it is processed by Apigee.
-
-
Save and deploy the updated proxy.