1. Add a Flow Callout policy:
    1. In Develop > API Proxies, go to one of your APIs and click the Develop tab. Make sure that you are on the latest revision of the proxy.
    2. In the Policies section of the Navigator, click + to add a policy.
    3. Add a Flow Callout Policy, and in the Shared Flow list, select PingAuth.
    4. Click Save.
    This screen capture shows the completed Flow Callout Policy on the Flow Callout tab of the Add Policy window.
  2. Attach the Flow Callout Policy to Flows.
    Note:

    When PingAccess is integrated as the external authorization policy runtime service for Apigee, it should be integrated in the preflow of the request to the proxy endpoint, because the authentication and authorization function provided by PingAccess should occur before most other policies execute.

    You can consider other ways to integrate PingAccess by reading about flows at https://cloud.google.com/apigee/docs/api-platform/fundamentals/what-are-flows.

    1. In the Proxy Endpoint section of the Navigator, click PreFlow, then click +Step to add a flow step to the request.
      This screen capture shows the included PreFlow step. PreFlow is highlighted.
    2. On the Existing tab, select the flow callout policy that you created, then click Add.
      This screen capture shows the Add Step window for the Flow Callout Policy.
    3. In the Target Endpoint section of the Navigator, select PreFlow, then add the flow callout policy as a Step to the Response flow.

      This gives PingAccess an early opportunity to process the API response from the target API before it is processed by Apigee.

      This screen capture shows the completed PingAuth policy.
  3. Save and deploy the updated proxy.