API environment integration with on-premise ASE

When deployed in sideband mode, ASE receives API calls from an API gateway, which passes API traffic information for artificial intelligence (AI) processing. ASE requires no changes to clients or backend API servers. In sideband deployment, ASE works along with the API gateway to protect your API environment. A custom sideband policy is provided, which is deployed in the gateway to route the API traffic. The following diagram shows ASE in sideband deployment mode.

To configure ASE for a sideband environment, see #/section_hrs_jnh_vqb.

PingIntelligence provides custom sideband policies for API gateways, routers, and other API platforms to support integration with your API environments. See API gateway integrations supported by PingIntelligence for a list of gateway integrations supported along with the deployment instructions. The sideband policy is deployed in your API gateway, and it sends the request and response API metadata to ASE for processing. Follow the instructions in the integration guides to deploy a sideband policy in your environment.

After you determine which API gateways to integrate, set the deployment mode in the ase.conf file located in the /<ASE installation path>/pingidentity/ase/config/ directory.

When deployed in inline mode, ASE is a reverse proxy deployed between the API clients and servers. It is typically deployed behind load balancers, such as AWS Elastic Load Balancing (ELB), to distribute traffic across an ASE cluster for high availability. ASE terminates SSL connections from API clients and then routes the requests to the destination APIs on an API gateway or app servers, such as Node.js, WebLogic, or Tomcat. The following diagram shows an inline deployment.