---
title: Configuring Apigee for PingOne Authorize integration
description: Install the PingAuth shared flow bundle in Apigee and configure it to integrate with PingOne Authorize.
component: pingone
page_id: pingone:authorization_using_pingone_authorize:p1az_configuring_apigee_for_p1az_integration
canonical_url: https://docs.pingidentity.com/pingone/authorization_using_pingone_authorize/p1az_configuring_apigee_for_p1az_integration.html
revdate: July 15, 2025
section_ids:
  before-you-begin: Before you begin
  steps: Steps
---

# Configuring Apigee for PingOne Authorize integration

Install the PingAuth shared flow bundle in Apigee and configure it to integrate with PingOne Authorize.

## Before you begin

Ensure you have:

* A supported Apigee environment. The Ping Identity shared flow for Apigee supports Apigee Edge, Apigee Private Cloud, and Apigee X.

* The PingAuth Shared Flow Bundle `.zip` archive. Download the integration kit for Apigee from the [Ping Identity Marketplace](https://marketplace.pingone.com/item/external-authorization-for-apigee-api-management).

## Steps

1. Upload the shared flow bundle:

   1. In Apigee, go to **Develop > Shared Flows** and do one of the following:

      * In Apigee X, click **Upload Bundle**.

      * In Apigee Edge or Apigee Private Cloud, click **+Shared Flow**, and then click **Upload Bundle**.

   2. For the shared flow **Name**, enter `PingAuth`.

   3. In **File Picker**, browse to the PingAuth shared flow bundle zip file and select it.

      ![Screen capture of the Create a Shared Flow window in Apigee.](_images/ote1650922493188.png)

   4. Click **Create**.

2. In Apigee X, configure the connection to PingOne Authorize.

   |   |                                                                                                                                                                                                                                                                                                                                                                                                     |
   | - | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
   |   | Skip this step if you are using Apigee Edge or Apigee Private Cloud.Apigee X doesn't currently support managing the configuration values stored in key value maps in the Apigee interface. You must add these configuration values to the key value map policy. The key value map is created and the configuration values are added the first time the PingAuth shared flow is executed at runtime. |

   1. To access the PingAuth shared flow, go to **Develop > Shared Flows > PingAuth**.

   2. Click the **Develop** tab and examine **Revisions** to make sure you are on the latest revision.

   3. In the **Policies** panel on the left, click the **Load KVM Config** policy.

   4. In the policy editor panel, remove the comment lines above and below the `InitialEntries` element.

   5. Edit values for `service_host_port` and `service_base_path` to match the Service URL from the API Gateway you added in PingOne Authorize.

      For example, for Service URL:

      ```
      https://http-access-api.pingone.com/v1/environments/78b2c5b5-dead-f00d-beef-9f0ca3ae4486
      ```

      The `service_host_port` is `http-access-api.pingone.com`.

      The `service_base_path` is `/v1/environments/78b2c5b5-dead-f00d-beef-9f0ca3ae4486`.

   6. Edit the value for `shared_secret` to match the API Gateway credential you created in PingOne Authorize.

   7. Click **Save**.

      ![Screen capture of the PingAuth Shared Flow in Apigee X.](_images/p1az-aam-apigee-x-config.png)

3. In Apigee Edge or Apigee Private Cloud, configure the connection to PingOne Authorize.

   Apigee Edge stores environment-specific configuration values in key value maps. This allows you to use the same policies across multiple deployment environments without any changes to the policies.

   1. Go to **Environment > Key Value Maps** and click **+Key Value Map**.

   2. Edit the key value map and click **Add Entry**.

   3. Add values using the key names `service_host_port` and `service_base_path` that match the Service URL from the API Gateway you added in PingOne Authorize.

      For example, for Service URL:

      ```
      https://http-access-api.pingone.com/v1/environments/78b2c5b5-dead-f00d-beef-9f0ca3ae4486
      ```

      The `service_host_port` is `http-access-api.pingone.com`.

      The `service_base_path` is `/v1/environments/78b2c5b5-dead-f00d-beef-9f0ca3ae4486`.

   4. Add a value using the key name `shared_secret` that matches the API Gateway credential you created in PingOne Authorize.

   5. Click **Save**.

      ![Screen capture of the Key Value Maps tab in Apigee Edge environment configuration.](_images/p1az-aam-apigee-edge-config.png)

4. Deploy the shared flow:

   1. To access the PingAuth shared flow, go to **Develop > Shared Flows > PingAuth**.

   2. Deploy the most recent revision of the shared flow to your environment.