Monitoring Authorize gateway instance health
Monitor the health and status of Authorize gateway instances running in your organization’s infrastructure to ensure they’re working correctly and ready to evaluate decision requests.
Actuator endpoints
Use Spring Boot Actuator endpoints to monitor gateway instance health, state, liveness, and readiness, and also access gateway instance metrics. Learn more about these endpoints in Actuator endpoints and Actuator REST API in the Spring Boot documentation.
| Endpoint | Method | Authentication available | Description |
|---|---|---|---|
|
GET |
No |
Lists available Spring Boot Actuator web endpoints. |
|
GET |
No |
Provides a summary of the gateway instance’s health status. |
|
GET |
No |
Indicates the operational status of the gateway instance (up or down). |
|
GET |
No |
Indicates whether the gateway instance is ready to accept and process decision requests. |
|
GET |
Yes |
Provides operational state and configuration details for the gateway instance. |
|
GET |
Yes |
Provides a list of available metrics for the gateway instance. |
|
GET |
Yes |
Retrieves a specific metric. |
Sending requests to Actuator endpoints
Monitor the health of gateway instances by periodically sending HTTP GET requests to Actuator endpoints. The endpoints use the following URL pattern:
http://<gateway-host>:<port>/<endpoint>
The default port for these endpoints is 8080, but you can configure the port when you start a gateway instance.
For example, the following cURL commands check the liveness and readiness of a gateway instance:
curl --location http://localhost:8080/health/liveness
curl --location http://localhost:8080/health/readinessIf authentication is available for an endpoint, you can configure a shared secret and include it in the Authorization header of your GET requests. Learn more in Authentication for Authorize gateway endpoints.
You can find details about API requests for gateway management and decision evaluation in the PingOne and PingOne Authorize API Reference documentation.
Example responses
Actuator endpoint
GET /actuator
The discovery endpoint for Spring Boot Actuator web endpoints.
200 response:
{
"_links": {
"self": {
"href": "http://localhost:8080/actuator",
"templated": false
},
"state": {
"href": "http://localhost:8080/actuator/state",
"templated": false
},
"health-path": {
"href": "http://localhost:8080/actuator/health/<path>",
"templated": true
},
"health": {
"href": "http://localhost:8080/actuator/health",
"templated": false
},
"metrics": {
"href": "http://localhost:8080/actuator/metrics",
"templated": false
},
"metrics-requiredMetricName": {
"href": "http://localhost:8080/actuator/metrics/<requiredMetricName>",
"templated": true
}
}
}Health endpoint
GET /actuator/health
Provides a high-level view of the gateway instance’s operational health.
200 response:
{
"status": "UP",
"groups": [
"liveness",
"readiness"
]
}503 response:
{
"status": "DOWN",
"groups": [
"liveness",
"readiness"
]
}Liveness and readiness endpoints
GET /actuator/health/liveness
GET /actuator/health/readiness
These requests confirm the gateway instance is operational and ready to process requests.
200 response:
{
"status": "UP"
}503 response:
{
"status": "DOWN"
}State endpoint
GET /actuator/state
Returns the gateway instance’s configured authorization policy version, gateway instance version, deployment details, and PingOne connection status.
200 response:
{
"application": {
"version": "1.2.0"
},
"pingone": {
"connection": {
"status": "UP",
"checkedAt": "2025-10-02T15:58:22.179Z"
},
"configuration": {
"authorizationVersion": {
"id": "034dfc10-87xx-11f0-8543-853b57b380d9"
}
},
"gateway": {
"id": "ee99a9c5-05da-4579-92xx-acc23b557184",
"updatedAt": "2025-09-02T09:13:19.686Z"
}
},
"authorization": {
"deployment": {
"authorizationVersion": {
"id": "034dfc10-87xx-11f0-8543-853b57b380d9"
},
"deployedAt": "2025-10-02T15:57:24.078Z"
}
}
}Metrics endpoints
GET /actuator/metrics
Lists all available metric names exposed for the gateway instance.
200 response:
{
"names": [
"application.ready.time",
"application.started.time",
"disk.free",
"disk.total",
"executor.active",
"executor.completed",
"executor.pool.core",
"executor.pool.max",
"executor.pool.size",
"executor.queue.remaining",
"executor.queued",
"http.server.requests",
"http.server.requests.active",
"jvm.buffer.count",
"jvm.buffer.memory.used",
"jvm.buffer.total.capacity",
"jvm.classes.loaded",
"jvm.classes.unloaded",
"jvm.compilation.time",
"jvm.gc.live.data.size",
"jvm.gc.max.data.size",
"jvm.gc.memory.allocated",
"jvm.gc.memory.promoted",
"jvm.gc.overhead",
"jvm.gc.pause",
"jvm.info",
"jvm.memory.committed",
"jvm.memory.max",
"jvm.memory.usage.after.gc",
"jvm.memory.used",
"jvm.threads.daemon",
"jvm.threads.live",
"jvm.threads.peak",
"jvm.threads.started",
"jvm.threads.states",
"logback.events",
"process.cpu.time",
"process.cpu.usage",
"process.files.max",
"process.files.open",
"process.start.time",
"process.uptime",
"spring.security.filterchains",
"spring.security.filterchains.AuthenticationFilter.after",
"spring.security.filterchains.AuthenticationFilter.before",
"spring.security.filterchains.access.exceptions.after",
"spring.security.filterchains.access.exceptions.before",
"spring.security.filterchains.active",
"spring.security.filterchains.authentication.anonymous.after",
"spring.security.filterchains.authentication.anonymous.before",
"spring.security.filterchains.context.async.after",
"spring.security.filterchains.context.async.before",
"spring.security.filterchains.context.holder.after",
"spring.security.filterchains.context.holder.before",
"spring.security.filterchains.context.servlet.after",
"spring.security.filterchains.context.servlet.before",
"spring.security.filterchains.header.after",
"spring.security.filterchains.header.before",
"spring.security.filterchains.requestcache.after",
"spring.security.filterchains.requestcache.before",
"spring.security.filterchains.session.urlencoding.after",
"spring.security.filterchains.session.urlencoding.before",
"spring.security.http.secured.requests",
"spring.security.http.secured.requests.active",
"system.cpu.count",
"system.cpu.usage",
"system.load.average.1m",
"tasks.scheduled.execution",
"tasks.scheduled.execution.active"
]
}GET /actuator/metrics/*
Returns details for a specific metric, such as the amount of memory used. For example:
GET /actuator/metrics/jvm.memory.used
200 response:
{
"name": "jvm.memory.used",
"description": "The amount of used memory",
"baseUnit": "bytes",
"measurements": [
{
"statistic": "VALUE",
"value": 277562880
}
],
"availableTags": [
{
"tag": "area",
"values": [
"heap",
"nonheap"
]
},
{
"tag": "id",
"values": [
"CodeHeap 'profiled nmethods'",
"G1 Old Gen",
"CodeHeap 'non-profiled nmethods'",
"G1 Survivor Space",
"Compressed Class Space",
"Metaspace",
"G1 Eden Space",
"CodeHeap 'non-nmethods'"
]
}
]
}Integration with monitoring tools
Integrate the Actuator endpoints with your existing monitoring tools to automate health checks and receive alerts if a gateway instance becomes unhealthy. This helps you proactively manage the availability and performance of your Authorize gateway instances.
|
Set up periodic checks and alerting mechanisms to notify your organization when gateway instances fail health checks. |
Troubleshooting
If a gateway instance fails health checks, investigate the following common issues to restore the gateway instance’s health and ensure uninterrupted service:
-
Network connectivity problems between your monitoring tool and the gateway instance.
-
Resource constraints on the gateway instance host, such as CPU or memory usage.
-
Configuration issues that prevent the gateway instance from starting or processing requests.
Review gateway logs for error messages or warnings that can help identify the root cause of the issue. Learn more in Logging for Authorize gateway instances.