You can protect an API from unwanted access using PingAccess.
Prerequisites
Before configuring your PingAccess deployment to protect an API:
- PingAccess must be installed and running. See Installing and Uninstalling PingAccess for the full procedure.
- You must have a configured token provider. The procedures vary depending on the token provider. For more information, see:
Steps
After you have completed the following steps, your API is protected.
- Configure a virtual host – A virtual host represents the external face of the API you will protect.
- Configure a site – A site contains the internal details of the API you will protect, including its actual location.
- Configure a rule – Rules control who can access what content under what circumstances.
- Configure an identity mapping – An identity mapping lets you share identity information with the protected API as headers.
- Configure an application – An application joins the other pieces together, giving users access to the API according to the configured rules.
- Configure a resource – A resource specifies an API endpoint and the methods that can be used to access it.