PingIntelligence

Configure API JSON files

This topic discusses what API JSON files are, and how they are configured to secure the APIs in your environment.

API JSON files are used to configure the behavior and properties of your APIs in ASE. The parameters in API JSON files help ASE to uniquely identify the APIs in your environment. Each API has a unique API JSON file in ASE. ASE ships with sample JSON files located in the /config/api directory.

The parameters configured in an API JSON file help ASE extract metadata from API traffic, set decoys to trap intruding attacks, perform health checks on backend servers, and so on. The API JSON parameters also help the ABS AI Engine to build AI models to detect any Indicators of Attacks (IoAs) on APIs. For more information on the parameters in API JSON files, see the following:

Adding API JSON file to ASE

You can manually configure the JSON file with the required parameters and add them to ASE.

The sample JSON file has an extension of .example. If you are customizing the example file, then save the file as a .json file.

Manually add API JSON to ASE

After configuring an API JSON file, add it to ASE to activate ASE processing. To add an API, execute the following CLI command.

/<ASE_Installation path>/pingidentity/ase/bin/cli.sh –u admin -p admin add_api {file_path/api_name}

You can also use the Create API in ASE Admin APIs to add an API JSON file to ASE. Here is a sample curl command for it.

curl --location --request POST '{{API}}=<API Name>' \
--header '{{Access_Key_Header}}: {{Access_Key}}' \
--header '{{Secret_Key_Header}}: {{Secret_key}}' \
--header 'Content-Type: application/json' \
--data-raw '{
    "api_metadata": {
        "protocol": "https",
        "url": "/patmapp",
        "hostname": "*",
        "oauth2_access_token": false,
        "apikey_qs": "",
        <<Request body continues...>>

List API JSON files

You can check the addition of an API JSON file to ASE by executing the following CLI command.

/<ASE_Installation path>/pingidentity/ase/bin/cli.sh –u admin -p admin list_api

You can also use List API in ASE Admin APIs to verify. Here is a samplencurl command for it.

curl --location --request GET '{{List_API}}' \
--header '{{Access_Key_Header}}: {{Access_Key}}' \
--header '{{Secret_Key_Header}}: {{Secret_key}}'

Update API JSON files

After activation, an API JSON definition can be updated in real time. Edit the API JSON file located in the /config/api directory and make the desired changes. Save the edited API JSON file and execute the following CLI command.

/<ASE_Installation path>/pingidentity/ase/bin/cli.sh –u admin -p admin update_api <api_name>

For example:

/opt/pingidentity/ase/bin/cli.sh –u admin -p admin update_api shop
api shop updated successfully

You can also use Update API in ASE Admin APIs to update the JSON. Here is a sample curl command for it.

curl --location --request PUT '{{API}}=<API Name>' \
--header '{{Access_Key_Header}}: {{Access_Key}}' \
--header '{{Secret_Key_Header}}: {{Secret_key}}' \
--header 'Content-Type: application/json' \
--data-raw '{
    "api_metadata": {
        "protocol": "https",
        "url": "/pubatmapp",
        "hostname": "*",
        "oauth2_access_token": false,
         <<Request body continues...>>