---
title: Troubleshooting the Apigee integration
description: Troubleshoot the most common issues with the Apigee gateway integration with PingAuthorize.
component: pingauthorize
version: 11.0
page_id: pingauthorize:pingauthorize_integrations:paz_apigee_integration_troubleshooting
canonical_url: https://docs.pingidentity.com/pingauthorize/11.0/pingauthorize_integrations/paz_apigee_integration_troubleshooting.html
revdate: April 28, 2025
section_ids:
  troubleshooting-api-client-http-5xx-errors: Troubleshooting API client HTTP 5xx errors
  steps: Steps
  troubleshooting-api-client-http-4xx-errors: Troubleshooting API client HTTP 4xx errors
  setting-up-error-response-handling-in-the-target-server: Setting up error response handling in the target server
  steps-2: Steps
  apigee_logging: Enable logging in Apigee
---

# Troubleshooting the Apigee integration

Troubleshoot the most common issues with the Apigee gateway integration with PingAuthorize.

## Troubleshooting API client HTTP 5xx errors

Apigee might return `HTTP 502` when there is misconfiguration or miscommunication between the PingAuth shared flow for Apigee and PingAuthorize Server.

To address 5xx errors, make adjustments to the **Load KVM Config** policy assigned to **PingAuth** in Apigee X or the key value map that you created for the PingAuth Shared Flow in Apigee Edge or Apigee Private Cloud.

The PingAuth Shared Flow for Apigee logs warning messages to the Apigee error log when it encounters problems communicating with PingAuthorize. Learn more in [Enable logging in Apigee](#apigee_logging).

### Steps

* Check the PingAuth Shared Flow `service_host_port` value.

  If the Apigee `service_host_port` value does not match your PingAuthorize server environment, the Apigee error log message might indicate that the plugin received an invalid response from the server.

  1. Confirm that the value entered for `service_host_port` matches the host name of your PingAuthorize server and the port of the HTTPS connection handler.

     You can find this port number on the **Configuration** page of the PingAuthorize administration console by going to **System → Connection Handlers**.

  2. If necessary, update the `service_host_port` value to match your PingAuthorize server.

* Check the PingAuth Shared Flow shared secret.

  If the shared secret doesn't match the API gateway credential in PingAuthorize, the Apigee error log message might indicate that the plugin received an `HTTP 401` error from PingAuthorize, which gets translated to a 5xx error and then sent to the API client.

  1. Confirm that the value of the **shared\_secret** key that you created in Apigee matches the shared secret value that you created for PingAuthorize.

  2. If necessary, on the **Configuration** page of the PingAuthorize administration console, go to **Web Services and Applications > HTTP Servlet Extensions > Sideband API** and update the value of the shared secret.

  3. Copy the new value of the shared secret and update the value of the Apigee **shared\_secret** key.

## Troubleshooting API client HTTP 4xx errors

The Apigee API gateway might return a 4xx error to the API client if the API client's request can't be authenticated by the PingAuthorize sideband API endpoint.

To troubleshoot 4xx errors caused by authentication issues against the PingAuthorize sideband API, refer to [Sideband API authentication](../pingauthorize_server_administration_guide/paz_authn_sideband_api.html).

## Setting up error response handling in the target server

You should have an Apigee policy that handles errors returned by the target server.

If you don't configure error handling using a policy, the API proxy goes into an error state in the `<TargetEndpoint>` response, and the normal API proxy flow won't continue to the `<ProxyEndpoint>`.

### Steps

1. Go to **API Proxies > httpbin\_bad\_response > Develop** and create a new **ReturnGenericError** policy of type **AssignMessage**. Configure the policy as desired.

   ![Screen capture of the ReturnGenericError policy creation within Apigee](_images/rzw1673906971414.png)

2. Select the **PreFlow** option in the **Target Endpoints** for your API proxy. Add the error policy you just created as a `<Step>` in the `<DefaultFaultRule>`.

   |   |                                                                  |
   | - | ---------------------------------------------------------------- |
   |   | There are multiple methods for adding the error handling policy. |

   ![Screen capture of adding the ReturnGenericError policy as a step within the DefaultFaultRule for the API proxy in Apigee](_images/zys1673907502466.png)

## Enable logging in Apigee

To view error log messages, configure Apigee error logging. Learn more in the [View message data with Trace](https://docs.apigee.com/api-platform/tutorials/view-with-trace) in the Apigee documentation.

Apigee also provides debug logging for further troubleshooting. Learn more in [Enabling debug logging](https://docs.apigee.com/private-cloud/v4.18.05/enabling-debug-logging) in the Apigee documentation.