PingOne

Tutorial 2: Controlling access to specific API operations

Learn how to configure API Access Management in PingOne Authorize to provide protection and access control for specific API operations.

Suppose there are two kinds of users in the Meme Game and they have different permissions:

  • Game players compete with their friends to craft the funniest meme.

  • Game administrators can review memes submitted by any user when they’re flagged as inappropriate.

You need to allow administrators to review memes, but not allow players to review them. To do this, you’ll configure users in PingOne, then define an API service operation to control permissions, and finally sign on as different users to demonstrate controlled access.

Before you begin, make sure you complete Tutorial 1: Controlling access to APIs managed by an API service to set up the environment you need for this tutorial.

What you’ll learn

You’ll learn how to:

  • Configure users and groups in PingOne

  • Protect API operations and control user permissions for privileged actions

  • Demonstrate that only authorized users can perform protected actions

What you’ll do

Follow these steps to complete the tutorial: