Pressure from an expanding mobile device and APIapplication programming interface (API) A specification of interactions available for building software to access an application or service. economy can lead developers to hastily design and expose APIs outside the network perimeter. Standardized API access management leads to a more consistent, centrally-controlled model that ensures existing infrastructure and security policies are followed, thereby safeguarding an organization’s assets.

PingAccess Gateway sits at the perimeter of a protected network between mobile, in-browser, or server-based client applications and protected APIs and performs the following actions:

  • Receives inbound API calls requesting protected applications

    OAuthOAuth A standard framework that enables an application (OAuth client) to obtain access tokens from an OAuth authorization server for the purpose of retrieving protected resources on a resource server.-protected API calls contain previously-obtained access tokens retrieved from PingFederate acting as an OAuth authorization server.

  • Evaluates application and resource-level policies and validates access tokens in conjunction with PingFederate
  • Acquires the appropriate target site security token (site authenticators) from the PingFederate Security Token Service (STS)Security Token Service (STS)STS An entity responsible for responding to WS-Trust requests for validation and issuance of security tokens used for SSO authentication to web services. or from a cache, including attributes and authorized scopes, should an API require identity mediation
  • Makes authorized requests to the APIs and responses are received and processed
  • Relays the responses on to the clients

The following sections describe sample proof of concept and production architectures for an API access management use case deployment: