With growing numbers of internal and external users, and more enterprise resources available online, ensure that qualified users can access only those applications to which they have permission. An APIapplication programming interface (API) A specification of interactions available for building software to access an application or service. access environment provides authentication and policy-based access management while integrating with existing infrastructure.

The PingAccess sideband plugin is installed on the API gateway serving the protected API applications and configured to communicate with PingAccess server also deployed on the network. When the API gateway intercepts a client request to a protected API resource, it performs the following actions:

  • Intercepts inbound requests to API applications
  • Sends requests to the PingAccess sideband API endpoint, sending along relevant request information needed by policy server
  • Receives responses from policy server and follows the instructions from policy server, modifies the request as specified, and allows the request to proceed to the target resource
  • Intercepts responses from the application
  • Sends requests to the PingAccess sideband API endpointendpoint One end in a communication channel, typically a URI., sending along relevant response information needed by the policy server.
  • Applies modifications from the policy server and relays response

The PingAccess policy server listens for agent requests and performs the following actions:

  • Evaluates application and resource-level policies and validates the tokens in conjunction with an OpenID Connect (OIDC)OpenID Connect (OIDC)OIDC An authentication protocol built on top of OAuth that authenticates users and enables clients (relying parties) of all types to request and receive information about authenticated sessions and users. OIDC is extensible, allowing clients to use optional features such as encryption of identity data, discovery of OpenID Providers (OAuth authorization servers), and session management. Policy configured within PingFederate
  • Acquires the appropriate HTTP request header configuration from the associated identity mappings
  • Sends a response with instructions on whether to allow the request and how to modify the client request headers