PingIntelligence

Configuring Axway API Manager for PingIntelligence Dashboard

The PingIntelligence Dashboard pulls the API definition from Axway API Manager and converts it to a format compatible with ASE.

About this task

The Dashboard needs certain tags to be configured in Axway API Manager for it to import the normal and decoy API definitions.

To configure tags in Axway API Manager and tags for the decoy API:

Configuring tags in API Manager

About this task

Tags are a medium to let ASE know which APIs from the API ecosystem need to be processed for monitoring and attack detection. Tags are also required for cookie and login parameters to be captured by the PingIntelligence Dashboard for adding to the ASE API definition.

To tag APIs for artificial intelligence (AI) processing:

Steps

  1. Configure the ping_ai tag for all the APIs for which you want the traffic to be processed using the AI engine.

    For example, if you have 10 APIs in your ecosystem and you want only traffic for 5 APIs to be processed using the AI engine, then apply the ping_ai tag on those 5 APIs.

    1. In the Axway API Manager, click Frontend API → API tab. In the API tab, navigate to the Tags section and add the following tag and value:

      • ping_ai – Set it to true if you want the traffic for API to be processed by PingIntelligence

      • ping_blocking – This parameter defines whether enable_blocking in the ASE API JSON is set to true or false when the PingIntelligence Dashboard fetches the API definition from Axway. The default value is true. If you want to disable blocking in ASE, set it to false.

  2. If your APIs use a cookie or login URL, then configure the following two tags and values for a cookie and login URL.

    1. In the Axway API Manager, go to Frontend API → API tab. In the API tab, navigate to Tags section and add the following tag and value:

      • ping_cookie – JSESSIONID

      • ping_login – yourAPI/login

        If the API has API Key or OAuth2 token configured, the PingIntelligence Dashboard automatically learns it and adds it to the API JSON definition. You do not need to configure any tags for API Key and OAuth2 token.

    A screen capture of the API tab on the Viewing API page in Axway API Manager.

Configuring Axway XFF policies for decoy APIs

PingIntelligence provides an X-Forwarded-For (XFF) policy for your decoy APIs.

About this task

The XFF policy adds an X-Forwarded-For to the backend only if it is not present in the original incoming request. If the X-Forwarded-For header is already present in the incoming request, the policy takes no action

Steps

  1. Launch Axway Policy Studio and click New Project from an API Gateway instance.

    A screen capture of the Welcome to Policy Studio page with a green box around the New Project from an API Gateway instance link.
  2. In the New Project pop-up window, enter the details and click Next >.

    A screen capture of the New Project > Project Details with the Use default location option and Next button highlighted in orange.
  3. Enter Host details, Username, and Password of the API Gateway to connect, and click Next >.

    A screen capture of New Project > Open connection page. Values are entered in the Host, Username, and Password fields.
  4. From the top menu, go to File → Import → Import Configuration Fragment.

    A screen capture of the File menu with Import > Import Configuration Fragment selected.
  5. From the pop-up window, import the Axway policy from the directory where it was saved. Select the policy and click OK.

    A screen capture of the policy selection page with the policy and OK button highlighted in orange.
  6. After importing the Axway policy, deploy the XFF policy

    A screen capture of the Enable-xff policy.