Configure the PingAuth shared flow on the API proxies where you want to use PingAccess as the external authorization policy runtime service.
Add a Flow Callout policy:
- In Develop tab. Make sure that you are on the latest revision of the proxy. , go to one of your APIs and click the
- In the Policies section of the Navigator, click + to add a policy.
- Add a Flow Callout Policy, and in the Shared Flow list, select PingAuth.
- Click Save.
Attach the Flow Callout Policy to
When PingAccess is integrated as the external authorization policy runtime service for Apigee, it should be integrated in the preflow of the request to the proxy endpoint, because the authentication and authorization function provided by PingAccess should occur before most other policies execute.
You can consider other ways to integrate PingAccess by reading about flows at https://cloud.google.com/apigee/docs/api-platform/fundamentals/what-are-flows.
In the Proxy Endpoint section of the
PreFlow, then click
+Step to add a flow step to the
On the Existing tab, select the flow callout
policy that you created, then click Add.
In the Target Endpoint section of the
PreFlow, then add the flow callout policy as
a Step to the Response
This gives PingAccess an early opportunity to process the API response from the target API before it is processed by Apigee.
- In the Proxy Endpoint section of the Navigator, click PreFlow, then click +Step to add a flow step to the request.
- Save and deploy the updated proxy.