PingAuthorize

Gateway configuration basics

You can configure the application programming interface (API) gateway architecture by creating and modifying its components.

The API security gateway consists of the following components:

  • One or more gateway HTTP servlet extensions

  • One or more gateway API endpoint

  • One or more API external servers

An API external server represents the upstream API server and contains the configuration for the server’s protocol scheme, host name, port, and connection security. You can create the server in the PingAuthorize administrative console, or with the following example command.

{pingauthorize}/bin/dsconfig create-external-server \
  --server-name "API Server" \
  --type api \
  --set base-url:https://api-service.example.com:1443

A gateway API endpoint represents a public path prefix that PingAuthorize Server accepts for handling proxied requests. A gateway API endpoint configuration defines the base path for receiving requests (inbound-base-path) as well as the base path for forwarding the request to the API server (outbound-base-path). It also defines the associated API external server and other properties that relate to policy processing, such as service, which targets the policy requests generated for the gateway API endpoint to specific policies.

The following example commands use the API external server from the previous example to create a pair of gateway API endpoints.

{pingauthorize}/bin/dsconfig create-gateway-api-endpoint \
  --endpoint-name "Consent Definitions" \
  --set inbound-base-path:/c/definitions \
  --set outbound-base-path:/consent/v1/definitions \
  --set "api-server:API Server" \
  --set service:Consent

{pingauthorize}/bin/dsconfig create-gateway-api-endpoint \
  --endpoint-name "Consent Records" \
  --set inbound-base-path:/c/consents \
  --set outbound-base-path:/consent/v1/consents \
  --set "api-server:API Server" \
  --set service:Consent

The gateway HTTP servlet extension is the server component that represents the API security gateway itself. In most cases, you do not need to configure this component.

Changes to these components do not typically require a server restart to take effect. For more information about configuration options, see the Configuration Reference, located in the server’s docs/config-guide directory.