Configure the PingAuth shared flow on the API proxies where you want to use PingAccess as the external authorization policy runtime service.
-
Add a Flow Callout policy:
- In Develop > API Proxies, go to one of your APIs and click the Develop tab. Make sure that you are on the latest revision of the proxy.
- In the Policies section of the Navigator, click + to add a policy.
- Add a Flow Callout Policy, and in the Shared Flow list, select PingAuth.
- Click Save.
-
Attach the Flow Callout Policy to
Flows.
Note:
When PingAccess is integrated as the external authorization policy runtime service for Apigee, it should be integrated in the preflow of the request to the proxy endpoint, because the authentication and authorization function provided by PingAccess should occur before most other policies execute.
You can consider other ways to integrate PingAccess by reading about flows at https://cloud.google.com/apigee/docs/api-platform/fundamentals/what-are-flows.
-
In the Proxy Endpoint section of the
Navigator, click
PreFlow, then click
+Step to add a flow step to the
request.
-
On the Existing tab, select the flow callout
policy that you created, then click Add.
-
In the Target Endpoint section of the
Navigator, select
PreFlow, then add the flow callout policy as
a Step to the Response
flow.
This gives PingAccess an early opportunity to process the API response from the target API before it is processed by Apigee.
-
In the Proxy Endpoint section of the
Navigator, click
PreFlow, then click
+Step to add a flow step to the
request.
- Save and deploy the updated proxy.