Configuring API discovery

PingIntelligence API discovery is a process to discover and report APIs from your API environment.

About this task

The discovered APIs are reported in the PingIntelligence Dashboard.

To automatically capture API definitions from PingAccess:

Steps

Configure API discovery in the PingIntelligence Dashboard.
1. Configure the discovery parameters in the Dashboard as outlined in Configure API discovery.
  
  Make sure that the ASE mode is configured to sideband in webgui.properties, and it matches the configuration in /pingidentity/ase/config/ase.conf file in ASE.
2. Ensure the following configurations specific to PingAccess are set:
  1. Set Discovery source - The Dashboard can discover APIs from three sources, ABS AI engine, PingAccess, and Axway API gateway. The discovery source is configured in the /pingidentity/webgui/config/webgui.properties file. Set the pi.webgui.discovery.source to pingaccess.
    
    The following is a snippet of the webgui.properties file for configuring the discovery source:
    
    # api discovery properties # discovery source # valid values: abs, axway and pingaccess # for axway and pingaccess, see config/discovery.properties pi.webgui.discovery.source=pingaccess
  2. Set Credentials - When the API discovery source is PingAccess, configure the gateway management URL and credentials in the /pingidentity/webgui/config/discovery.properties file.
    
    The following is a snippet of the discovery.properties file for configuring the credentials:
    
    # PingAccess config. Only valid if pi.webgui.discovery.source=pingaccess # Admin URL pingaccess.management.url=https://127.0.0.1:9000/ # Admin username pingaccess.management.username=Username # Admin password pingaccess.management.password=Password

Configure API discovery in PingAccess:

For the PingIntelligence Dashboard to automatically discover the APIs, include the following parameters in the DESCRIPTION section of an existing application or while you add a new application in PingAccess.

The application type must be API.
```
{
"ping_ai": true,
"ping_host": "",
"ping_url": "",
"ping_login": "",
"ping_cookie": "JSESSIONIDTEST",
"apikey_qs": "X-API-KEY",
"apikey_header": "",
"ping_decoy": false,
"oauth2_access_token": false,
"ping_blocking": true
}
```
The following table describes the parameters captured when the PingIntelligence Dashboard fetches the API definition from PingAccess and adds it to ASE.

Parameter

Description

ping_ai

When true, PingIntelligence processing is applied to this API. Set to false for no PingIntelligence processing. The default value is true.

ping_host

Hostname of the API. You can configure * as hostname to support any hostname.

ping_url

The base URL of the managed API, for example, /shopping. This field cannot be empty.

ping_login/>

Sign-on URL for the API. The field can be empty.

ping_cookie/>

Cookie name for the API. The field can be empty.

apikey_qs

When API Key is sent in the query string, ASE uses the specified parameter name to capture the API key value. This field can be empty.

apikey_header

When API Key is part of the header field, ASE uses the specified parameter name to capture the API key value. This field can be empty.

ping_decoy

When true, API is a decoy API. The values can be true or false.

oauth2_access_token

When true, PingIntelligence expects an OAuth token. The values can be true or false.

ping_blocking

When true, enable PingIntelligence blocking when attack are detected on the API. The default value is true. To disable blocking for the API, set to false.

Next steps

For more information, refer to: