You can protect an API from unwanted access using
PingAccess.
Prerequisites
Before configuring your PingAccess deployment to protect an API:
- PingAccess must be installed and running. See Installing and Uninstalling PingAccess for the full procedure.
- You must have a configured token provider. The procedures vary depending on the token provider. For more information, see:
- You must have installed an agent on the web server or servers that host the API you want to protect. For more information, see:
Steps
After you have completed the following steps, your API is protected.
- Configure a virtual host – A virtual host represents the API you will protect and contains information about its location.
- Configure a rule – Rules control who can access what content under what circumstances.
- Configure an identity mapping – An identity mapping lets you share identity information with the protected API as headers.
- Configure an application – An application joins the other pieces together, giving users access to the API according to the configured rules.
- Configure a resource – A resource specifies an API endpoint and the methods that can be used to access it.