PingIntelligence

API discovery

PingIntelligence API discovery is a process to discover, and report APIs from your API environment. The discovered APIs are reported in PingIntelligence Dashboard. Complete the following two steps to automatically capture API definitions from PingAccess:

  • Configure API discovery in PingIntelligence Dashboard

  • Configure API discovery in PingAccess

Configure API discovery in PingIntelligence Dashboard

Configure the discovery parameters in the Dashboard as explained in Configure API discovery.

Make sure that the ASE mode is configured to sideband in webgui.properties, and it matches the configuration in /pingidentity/ase/config/ase.conf file in ASE.

Ensure the following configurations specific to PingAccess are set:

Set Discovery source - Dashboard can discover APIs from three sources, ABS AI engine, PingAccess, and Axway API gateway. The discovery source is configured in the /pingidentity/webgui/config/webgui.properties file. Set the pi.webgui.discovery.source to pingaccess. Following is a snippet of the webgui.properties file for configuring the discovery source.

# api discovery properties
# discovery source
# valid values: abs, axway and pingaccess
# for axway and pingaccess, see config/discovery.properties
 pi.webgui.discovery.source=pingaccess

Set Credentials - When the API discovery source is PingAccess, configure the gateway management URL and credentials in the /pingidentity/webgui/config/discovery.properties file. The following is a snippet of the discovery.properties file for configuring the credentials.

# PingAccess config. Only valid if pi.webgui.discovery.source=pingaccess
# Admin URL
pingaccess.management.url=https://127.0.0.1:9000/
# Admin username
pingaccess.management.username=Username
# Admin password
pingaccess.management.password=Password

Configure API discovery in PingAccess

For PingIntelligence Dashboard to automatically discover the APIs, include the following parameters in the DESCRIPTION section of an existing Application or while you add a new Application in PingAccess. The Application Type must be API.

{
"ping_ai": true,
"ping_host": "",
"ping_url": "",
"ping_login": "",
"ping_cookie": "JSESSIONIDTEST",
"apikey_qs": "X-API-KEY",
"apikey_header": "",
"ping_decoy": false,
"oauth2_access_token": false,
"ping_blocking": true
}

The following table describes the parameters captured when PingIntelligence Dashboard fetches the API definition from PingAccess and adds it to ASE.

Parameter Description

ping_ai

When true, PingIntelligence processing is applied to this API. Set to false for no PingIntelligence processing. The default value is true.

ping_host

Hostname of the API. You can configure * as hostname to support any hostname.

ping_url

The base URL of the managed API, for example, /shopping. This field cannot be empty.

ping_login

Login URL for the API. The field can be empty.

ping_cookie

Cookie name for the API. The field can be empty.

apikey_qs

When API Key is sent in the query string, ASE uses the specified parameter name to capture the API key value. This field can be empty.

apikey_header

When API Key is part of the header field, ASE uses the specified parameter name to capture the API key value. This field can be empty.

ping_decoy

When true, API is a decoy API. The values can be true or false.

oauth2_access_token

When true, PingIntelligence expects an OAuth token. The values can be true or false.

ping_blocking

When true, enable PingIntelligence blocking when attack are detected on the API. The default value is true. To disable blocking for the API, set to false.