PingOne

Defining an operation for a privileged action

Learn how to add API service operations in PingOne and use rules to control access to operations.

About this task

Define an API service operation to match the API requests used to get another user’s submitted memes. Then, create a rule to give only members of the Meme Game Admins group permission to perform the operation.

Steps

  1. In PingOne, go to Authorization > API Services.

  2. Click the Meme Game API service, and then click the Operations tab.

  3. Click Define Operation to create a new operation.

  4. Define a method and path combination that matches a client request to the API:

    1. Click Methods, and then select the GET method. Click outside the list of methods to close it.

      Screen capture showing the expanded Methods list in the Define Operation window.

    2. For Paths, enter the following:

      /api/v1/users/*/answers

      This is the API path for getting a user’s memes. The path must start with a slash (/). The asterisk (*) is a wildcard that represents any answers.

    3. For Name, enter Get memes of another user.

      Screen capture of the Define Operation window showing Method, Path, and Name settings.

    4. Click Next.

  5. Define a basic rule that allows administrators to perform this operation:

    Basic rules grant access to protected operations based on group membership and authorized scopes.

    In the next tutorial, you’ll define a more advanced custom rule for an operation. For more information about basic and custom rules, see Defining operations for protected actions.
    Screen capture of the Define Operation window showing Define Access Rules settings.

    1. Select the The user must be a member of any of these groups check box.

    2. Click Groups, and then select the Meme Game Admins group. Click outside the list of groups to close it.

      Screen capture showing the expanded Groups list in the Define Operation window.

    3. Click Save.

      Result:

      Now, only members of the Meme Game Admins group can call the Get memes of another user operation. This is what the operation looks like.

      Screen capture of the Operations tab in API Services showing the new operation.

  6. Click Deploy to deploy the new API service operation.

Result

You added an API service operation that controls access to an action and you gave members of the administrator group access to perform the action.

Next steps

Demonstrate how the API service enforces access control by allowing a request from administrators to review submitted memes and rejecting the request from players.