PingIntelligence

Enabling per API blocking

You can configure the API Security Enforcer (ASE) to selectively block on a per application programming interface (API) basis by configuring an API JavaScript Object Notation (JSON) file parameter.

About this task

To enable per API blocking for each API:

Steps

  • Set the enable_blocking parameter to true in the API JSON file.

    Example:

    api_metadata": {
     "protocol": "http",
     "url": "/",
     "hostname": "*",
     "cookie": "",
     "cookie_idle_timeout": "200m",
     "logout_api_enabled": false,
     "cookie_persistence_enabled": false,
     "oauth2_access_token": false,
     "apikey_qs": "",
     "apikey_header": "",
     "enable_blocking": true,
     "login_url": "",
     "api_mapping": {
     "internal_url": ""
     },

    If per API blocking is disabled, API Behavioral Security (ABS) still detects attacks for that specific API. ASE does not block them. ASE continues to block attacks on other APIs with the enable_blocking parameter set to true.