---
title: Extract user information from access tokens
description: PingIntelligence for APIs provides the OAuthPolicy.xml policy to capture user information from the requests sent to Apigee gateway.
component: pingintelligence
version: 5.2
page_id: pingintelligence:pingintelligence_integrations:pingintelligence_extract_user_info
canonical_url: https://docs.pingidentity.com/pingintelligence/5.2/pingintelligence_integrations/pingintelligence_extract_user_info.html
revdate: April 3, 2024
---

# Extract user information from access tokens

PingIntelligence for APIs provides the `OAuthPolicy.xml` policy to capture user information from the requests sent to Apigee gateway.

The policy verifies the access token from the bundled Apigee OAuth server and extracts details like username and client ID and other request metadata. It can verify access tokens provided as part of a request header or a query parameter.

The OAuthPolicy extracts request metadata tagged to an access token. The policy should be executed before the PingIntelligence policy that builds the ASE request message, which captures the username and client ID from the metadata extracted by OAuthPolicy.

The OAuthPolicy can be attached using a flow hook or a flow callout. For more information, see [Deploying the PingIntelligence policy for flow hook](pingintelligence_apigee_deploy_flow_hook.html) and [Deploying the PingIntelligence policy for flow callout](pingintelligence_apigee_deploy_flow_callout.html).

You should deploy `OAuthPolicy.xml` using a Flow CallOut policy to leverage the flexibility of applying on a per API basis. For more information, see [Configuring PingIntelligence flow callout in Apigee](pingintelligence_apigee_configure_flow_callout.html).

The following screen capture illustrates the PingIntelligence shared flow with OAuthPolicy.

![Screen capture of PingOne API Intelligence shared flow with OAuthPolicy](../_images/ims1586263860114.png)

|   |                                                                                                                                       |
| - | ------------------------------------------------------------------------------------------------------------------------------------- |
|   | At present, the OAuthPolicy supports extraction of user information from access tokens generated by Apigee bundled OAuth server only. |

**Configure `apigee.properties` file to capture the user information**

Additionally set the configuration properties in `apigee.properties` file to extract the user information using the PingIntelligence OAuthPolicy. For more information, see [Configure apigee.properties file to extract user information](pingintelligence_apigee_properties.html).

|   |                                                                                                                                                                 |
| - | --------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|   | If a custom OAuth policy is used in place of PingIntelligence OAuthPolicy, then configure the `enable_oauth_policy` variable in `apigee.properties` to `false`. |