Prerequisites

Before configuring your PingAccess deployment to protect an API:

Steps

After you have completed the following steps, your API is protected.

  1. Configure a virtual host – A virtual host represents the external face of the API you will protect.
  2. Configure a site – A site contains the internal details of the API you will protect, including its actual location.
  3. Configure a rule – Rules control who can access what content under what circumstances.
  4. Configure an identity mapping – An identity mapping lets you share identity information with the protected API as headers.
  5. Configure an application – An application joins the other pieces together, giving users access to the API according to the configured rules.
  6. Configure a resource – A resource specifies an API endpoint and the methods that can be used to access it.