---
title: In-context decoy API
description: In-context decoy application programming interface (API)s consist of decoy paths within existing APIs supporting legitimate traffic to backend servers.
component: pingintelligence
version: 5.2
page_id: pingintelligence:pingintelligence_reference_guide:pingintelligence_in_context_decoy_api
canonical_url: https://docs.pingidentity.com/pingintelligence/5.2/pingintelligence_reference_guide/pingintelligence_in_context_decoy_api.html
revdate: April 3, 2024
---

# In-context decoy API

In-context decoy application programming interface (API) *(tooltip: \<div class="paragraph">
\<p>A specification of interactions available for building software to access an application or service.\</p>
\</div>)*s consist of decoy paths within existing APIs supporting legitimate traffic to backend servers.

Any traffic accessing a decoy path receives a preconfigured response. For example, in the `shopping` API, `/root` and `/admin `are decoy APIs`;` and `/shoes` is a legitimate API path. Traffic accessing `/shoes` is redirected to the backend API server, while the traffic that accesses `/root` or `/admin` receives a preconfigured response.

![Diagram showing legitimate traffic from browser and attackers deflected by decoy APIs](../_images/rse1564008990087.png)

The following snippet of an API JavaScript Object Notation (JSON) *(tooltip: \<div class="paragraph">
\<p>An open, lightweight data-interchange format that uses human-readable text to store and transmit data.\</p>
\</div>)* file shows an in-context decoy API:

```json
{
 "api_metadata": {
 "protocol": "http",
 "url": "/shop",
 "hostname": "*",
 "cookie": "",
 "cookie_idle_timeout": "200m",
 "logout_api_enabled": false,
 "cookie_persistence_enabled": false,
 "login_url": "",
 "api_mapping": {
 "internal_url": ""
 },
;
; Note – other configuration parameters removed
;
 "decoy_config":
 {
 "decoy_enabled": true,
 "response_code" : 200, decoy API Configuration
 "response_def" : "OK",
 "response_message" : "OK",
 "decoy_subpaths": [
 "/shop/root",
 "/shop/admin"
 ]
 }
 }
}
```

The API JSON file defines normal API paths consisting of the path `/shop`. The decoy configuration is enabled for `/shop/root` and `/shop/admin` with the following parameters:

* `decoy_enabled` parameter is set to `true`. If set to `false`, no decoy paths are configured.

* `response_code` is set to `200`. When a decoy sub-path is accessed, return a `200` response.

* `response_def` is set to `OK`. When a decoy sub-path is accessed, return `OK` as the response.

An in-context decoy API can have a maximum of 32 sub-paths configured for an API.

|   |                                                                                                                                                                                             |
| - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|   | When configuring in-context decoy APIs, do not leave empty sub-paths which makes your business API into an out-of-context API. No traffic will be forwarded to backend application servers. |