PingOne

Tutorial 1: Controlling access to APIs managed by an API service

Learn how to set up API Access Management in PingOne Authorize to provide protection and access control for APIs managed by an API service.

Imagine you’re the publisher of Meme Game, an online game in which players compete with their friends to craft the funniest meme. You need to protect the APIs that compose the game so that only your browser-based client or mobile game client can access the APIs and other clients don’t have access.

To do this, you’ll configure applications and access control rules in PingOne and an authorization plugin for Kong Gateway. The plugin works with PingOne to handle the complexities of the OAuth and OpenID Connect protocols, making it easier for you to manage API access control across these systems.

What you’ll learn

You’ll learn how to:

  • Configure the authorization plugin for Kong Gateway to connect the gateway to PingOne

  • Create applications and managed API services in PingOne

  • Configure which applications are authorized to connect to managed API services

  • Demonstrate that only authorized clients are able to access the Meme Game APIs

What you’ll do

Follow these steps to complete the tutorial: