---
title: Preparing to deploy the PingIntelligence shared flow
description: Confirm that the following prerequisites are met before using the PingIntelligence Apigee tool.
component: pingintelligence
version: 5.2
page_id: pingintelligence:pingintelligence_integrations:pingintelligence_prepare_apigee
canonical_url: https://docs.pingidentity.com/pingintelligence/5.2/pingintelligence_integrations/pingintelligence_prepare_apigee.html
revdate: April 3, 2024
section_ids:
  about-this-task: About this task
  steps: Steps
  result: Result:
  troubleshooting: Troubleshooting:
---

# Preparing to deploy the PingIntelligence shared flow

Confirm that the following prerequisites are met before using the PingIntelligence Apigee tool.

## About this task

Before using the PingIntelligence Apigee tool:

## Steps

1. Confirm Apigee version.

   PingIntelligence supports Apigee API gateways supporting shared flows.

2. Confirm one of the OpenJDK versions between 11.0.2 to 11.0.6 is on the machine where the PingIntelligence Apigee deployment tool is installed.

3. Install and configure PingIntelligence software 4.0 or higher.

   For information on installing PingIntelligencesoftware, see [PingIntelligence automated deployment for virtual machines and servers](../installing_pingintelligence_for_apis/pingintelligence_automated_deployment.html).

4. Verify API Security Enforcer (ASE) is in `sideband` mode by running the following command in the ASE command line:

   ```
   /opt/pingidentity/ase/bin/cli.sh status
   ```

   ### Result:

   ```
   API Security Enforcer
   status                  : started
    mode : sideband
   http/ws                 : port 80
   https/wss               : port 443
   firewall                : enabled
   abs                     : enabled, ssl: enabled
   abs attack              : disabled
   audit                   : enabled
   sideband authentication : disabled
   ase detected attack     : disabled
   attack list memory      : configured 128.00 MB, used 25.60 MB, free 102.40 MB
   ```

   ### Troubleshooting:

   If ASE is not in `sideband` mode, then stop ASE and change the mode by editing the `/opt/pingidentity/ase/config/ase.conf` file. Set `mode` as `sideband` and start ASE.

5. For a secure communication between Apigee Edge and ASE, enable sideband authentication by entering the following command in the ASE command line:

   ```
   # ./bin/cli.sh enable_sideband_authentication -u admin –p
   ```

6. To generate a sideband authentication token in ASE, enter the following command in the ASE command line and save the generated authentication token for further use.

   A token is required for Apigee Edge to authenticate with ASE. This token is generated in ASE and configured in the `apigee.properties` file of the PingIntelligence automated policy tool.

   ```
   # ./bin/cli.sh -u admin -p admin create_sideband_token
   ```

7. Verify the certificate in `ase.pem` when using self-signed certificates.

   1. Make sure that the certificate applied for the ASE data port matches with the certificate present in the `ase.pem` certificate file to prevent SSL issues after policy deployment.

   2. Run the following command to obtain the certificate used in the ASE data port. If the certificates do not match, paste the correct certificate in the `/opt/pingidentity/pi/apigee/certs/ase.pem` file.

      ```
      # openssl s_client -showcerts -connect  <ASE IP address>:<port no>  </dev/null 2>/dev/null | openssl x509 -outform PEM > ase.pem
      ```