Connecting an HTTP service
Configure HTTP settings to connect PingOne Authorize to an HTTP service.
Before you connect to an HTTP service, you can add attributes that store values for service settings, such as the endpoint URL for an HTTP request. Storing settings as attributes is useful if the values are dynamic or if you want to use different values during testing. For example, during testing, you can override a production REST API used in an HTTP service with a test API.
If the service requires OAuth 2.0 Client Credentials authentication, you must add an attribute that stores the external service’s client secret before you configure service settings. You can also add attributes that store other client credentials, such as the client ID and token endpoint. |
After you finish configuring the service, test the service connection. To make the service response available in policies, add attributes that resolve against the service and process the response to extract required values.
Add a service, configure the following service settings, and then configure general settings to finish the service connection.
HTTP Settings
HTTP service requests can send and receive text, JSON, and XML content.
Setting | Description | ||
---|---|---|---|
URL |
The URL for the REST endpoint that the decision point accesses in the HTTP request. To include an attribute anywhere in the URL, wrap the full name of the attribute in double curly brackets.
|
||
HTTP Method |
The action performed in the HTTP request. Options are GET, POST, PUT, DELETE, and HEAD. |
||
Content Type |
The media type of the content in the HTTP request. Options are application/json, application/xml, text/html, and text. |
||
Body |
The body to send with the HTTP request. You can include attributes anywhere in the body, with no escaping, by wrapping the full name of the attribute in double curly brackets. |
||
Authentication |
The HTTP authentication method for the authorization header sent with the HTTP request. HTTP authentication methods are described in detail below.
|
HTTP authentication methods
To authenticate HTTP service requests, you can use no authentication, basic authentication with a username and password, a bearer token, or the OAuth 2.0 Client Credentials flow.
None
With this method, no authorization header is sent with the HTTP request. This is the default option.
Bearer Token
For bearer authentication with a static token, select an attribute that stores the authorization token to send with the HTTP request.
OAuth 2.0 (Client Credentials)
For authentication with the OAuth 2.0 Client Credentials flow, configure client credentials to exchange for an access token.
PingOne Authorize manages the authentication process as follows:
-
PingOne Authorize requests an access token for the external service by sending client credentials, including any scopes, in a POST request to the authorization server’s token endpoint. Credentials are sent in the request body.
-
The authorization server validates the client credentials and provides an access token, which PingOne Authorize caches. When the external service no longer accepts this token, PingOne Authorize reuses the client credentials to obtain a new one.
-
In an HTTP service request, PingOne Authorize provides the access token in the authorization header, authenticates with the HTTP service, and retrieves requested information from the service.
Before you configure the following settings, add an attribute that stores the client secret. You can also add attributes that store other client credentials.
-
Token Endpoint: The token endpoint URL for the authorization server that grants an access token. For example, https://{domain}/oauth*/token.
-
Scope: The scopes to request in the access token. Scopes are optional and can be used to limit the permissions of a token in the connected service. Separate scopes with commas and no spaces.
-
Client Id: Enter the external service’s unique client identifier, or select an attribute that stores this value.
-
Client Secret: Select an attribute that stores the external service’s client secret.
Headers
You can send any number of custom header key-value pairs with a request. To make the header dynamic, select an attribute for the header value.
To add a header:
-
Click Header.
-
Enter the header Key.
The key is a fixed string.
-
For the header Value, enter a constant value or click to select an attribute.
SSL/TLS Certificate Settings
Certificate validation in PingOne Authorize allows you to enable or disable SSL and TLS certificates when connecting to SSL or TLS-based services.
SSL and TLS certificate settings apply when validating the certificate or certificate chain sent from the server. The following Certificate Validation options are available:
-
On: Performs TLS validation when connecting to the service. Select this option when you connect to a service that has a certificate issued from a valid certificate authority. This setting is enabled by default.
-
Off: Skips server certificate validation and allows initiation of the connection without validation.
Value processors
You can define value processors to transform data returned by the HTTP service. For more information, see Processors.