--- title: Configuring Axway API Manager for PingIntelligence Dashboard description: The PingIntelligence Dashboard pulls the API definition from Axway API Manager and converts it to a JavaScript Object Notation (JSON) format compatible with ASE. component: pingintelligence version: 5.2 page_id: pingintelligence:pingintelligence_integrations:pingintelligence_configure_axway_dashboard canonical_url: https://docs.pingidentity.com/pingintelligence/5.2/pingintelligence_integrations/pingintelligence_configure_axway_dashboard.html revdate: April 3, 2024 section_ids: about-this-task: About this task configuring-tags-in-api-manager: Configuring tags in API Manager about-this-task-2: About this task steps: Steps configuring-tags-for-decoy-apis: Configuring tags for decoy APIs about-this-task-3: About this task steps-2: Steps example: Example: configuring-axway-xff-policies-for-decoy-apis: Configuring Axway XFF policies for decoy APIs about-this-task-4: About this task steps-3: Steps --- # Configuring Axway API Manager for PingIntelligence Dashboard The PingIntelligence Dashboard pulls the API definition from Axway API Manager and converts it to a JavaScript Object Notation (JSON) *(tooltip: \
\

An open, lightweight data-interchange format that uses human-readable text to store and transmit data.\

\
)* format compatible with ASE. ## About this task The Dashboard needs certain tags to be configured in Axway API Manager for it to import the normal and decoy API definitions. To configure tags in Axway API Manager and tags for the decoy API: * API Manager * Decoy APIs ## Configuring tags in API Manager ### About this task Tags are a medium to let ASE know which APIs from the API ecosystem need to be processed for monitoring and attack detection. Tags are also required for cookie and login Uniform Resource Locator (URL) *(tooltip: \
\

Identifies a resource according to its internet location.\

\
)* parameters to be captured by the PingIntelligence Dashboard for adding to the ASE API JSON *(tooltip: \
\

An open, lightweight data-interchange format that uses human-readable text to store and transmit data.\

\
)* definition. To tag APIs for artificial intelligence (AI) processing: ### Steps 1. Configure the `ping_ai` tag for all the APIs for which you want the traffic to be processed using the AI engine. For example, if you have 10 APIs in your ecosystem and you want only traffic for 5 APIs to be processed using the AI engine, then apply the `ping_ai` tag on those 5 APIs. 1. In the Axway API Manager, click **Frontend API → API** tab. In the **API** tab, navigate to the **Tags** section and add the following tag and value: * `ping_ai` – Set it to `true` if you want the traffic for API to be processed by PingIntelligence * `ping_blocking` – This parameter defines whether `enable_blocking` in the ASE API JSON is set to `true` or `false` when the PingIntelligence Dashboard fetches the API definition from Axway. The default value is `true`. If you want to disable blocking in ASE, set it to `false`. 2. If your APIs use a cookie or login URL, then configure the following two tags and values for a cookie and login URL. 1. In the Axway API Manager, go to **Frontend API → API** tab. In the **API** tab, navigate to **Tags** section and add the following tag and value: * `ping_cookie` – JSESSIONID * `ping_login` – yourAPI/login | | | | - | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | If the API has API Key or OAuth2 token configured, the PingIntelligence Dashboard automatically learns it and adds it to the API JSON definition. You do not need to configure any tags for API Key and OAuth2 token. | ![A screen capture of the API tab on the Viewing API page in Axway API Manager.](../_images/wsy1564009215867.png) ## Configuring tags for decoy APIs ### About this task You can configure decoy APIs in Axway API Manager. A decoy API is an API for which the traffic does not reach the backend API servers. The decoy API is deployed to gather information about potential threats that your API ecosystem may face. Traffic directed to a decoy API configured in Axway API Gateway is redirected to ASE, which functions as the backend server. ASE sends a preconfigured response, such as `200 OK`, for requests sent to a decoy API. You need to configure the following **TAGS** and **VALUES** in the **API** tab for **\***\* in Axway API Manager: ### Steps 1. In Axway API Manager, go to **Frontend API → API** tab. 2. Configure the following tags and values: ``` ping_ai – true ``` ``` ping_decoy – true ``` ![A screenshot of the Frontend API page on the API tab in Axway API Manager. The tags field have a green square around them.](../_images/wgi1564009217950.png) #### Example: The converted API JSON *(tooltip: \
\

An open, lightweight data-interchange format that uses human-readable text to store and transmit data.\

\
)* will have the decoy section configured as highlighted in the following JSON file: ```json { "api_metadata": { "protocol": "https", "url": "/decoy", "hostname": "*", "cookie": "", "cookie_idle_timeout": "", "logout_api_enabled": false, "cookie_persistence_enabled": false, "oauth2_access_token": false, "apikey_qs": "", "apikey_header": "", "enable_blocking": true, "login_url": "", "api_mapping": { "internal_url": "" }, "api_pattern_enforcement": { "protocol_allowed": "", "http_redirect": { "response_code": "", "response_def": "", "https_url": "" }, "methods_allowed": [], "content_type_allowed": "", "error_code": "", "error_def": "", "error_message_body": "" }, "flow_control": { "client_spike_threshold": "0/second", "server_connection_queueing": false }, "api_memory_size": "64mb", "health_check": false, "health_check_interval": 60, "health_retry_count": 4, "health_url": "/", "server_ssl": false "servers": [], "decoy_config": \{ "decoy_enabled":true, "response_code": 200, "response_def": "OK", "response_message": "OK", "decoy_subpaths": [] } } } ``` ## Configuring Axway XFF policies for decoy APIs PingIntelligence provides an X-Forwarded-For (XFF) policy for your decoy APIs. ### About this task The XFF policy adds an `X-Forwarded-For` to the backend only if it is not present in the original incoming request. If the `X-Forwarded-For` header is already present in the incoming request, the policy takes no action ### Steps 1. Launch Axway Policy Studio and click **New Project from an API Gateway instance**. ![A screen capture of the Welcome to Policy Studio page with a green box around the New Project from an API Gateway instance link.](../_images/obp1564009198925.png) 2. In the **New Project** pop-up window, enter the details and click **Next >**. ![A screen capture of the New Project > Project Details with the Use default location option and Next button highlighted in orange.](../_images/rfg1564009199536.png) 3. Enter **Host** details, **Username**, and **Password** of the API Gateway to connect, and click **Next >**. ![A screen capture of New Project > Open connection page. Values are entered in the Host, Username, and Password fields.](../_images/ubm1564009200123.png) 4. From the top menu, go to **File → Import → Import Configuration Fragment**. ![A screen capture of the File menu with Import > Import Configuration Fragment selected.](../_images/ivq1564009200861.png) 5. From the pop-up window, import the Axway policy from the directory where it was saved. Select the policy and click **OK**. ![A screen capture of the policy selection page with the policy and OK button highlighted in orange.](../_images/ddp1564009202060.png) 6. After importing the Axway policy, deploy the XFF policy ![A screen capture of the Enable-xff policy.](../_images/gtb1564009220536.png)