PingAuthorize

Sideband API configuration basics

The sideband API provides fine-grained access control to supported third-party API gateways through an API integration.

The sideband API consists of the following components.

Sideband API Shared Secrets

Defines the authentication credential that the sideband API might require an API gateway adapter to present. For more information, see Authenticating to the Sideband API.

Sideband API HTTP Servlet Extension

Represents the sideband API itself. If you require shared secrets, you might need to configure this component. For more information, see Authenticating to the Sideband API.

Sideband API Endpoints

Represents a public path prefix that the sideband API accepts for handling proxied requests. A sideband API endpoint configuration defines the following items:

  • The base path (base-path) for requests that the sideband API accepts

  • Properties that relate to policy processing, such as service, which targets the policy requests that are generated for the sideband API endpoint to specific policies

PingAuthorize Server’s default configuration includes a default sideband API endpoint that accepts all API requests and generates policy requests for the service Default. To customize policy requests further, an administrator can create additional sideband API endpoints. For more information about using the sideband API endpoint configuration to customize policy requests, see Sideband API policy requests.

Changes to these components do not typically require a server restart to take effect. For more information, see the Configuration Reference, located in the server’s docs/config-guide directory.

Example

The following example commands create a pair of sideband API endpoints that target specific requests to a consent service.

{pingauthorize}/bin/dsconfig create-sideband-api-endpoint \
  --endpoint-name "Consent Definitions" \
  --set base-path:/c/definitions \
  --set service:Consent

{pingauthorize}/bin/dsconfig create-sideband-api-endpoint \
  --endpoint-name "Consent Records" \
  --set base-path:/c/consents \
  --set service:Consent