This tutorial demonstrates how to use PingAuthorize to easily configure fine-grained access control for a JSON API.
API access control is often categorized in terms of granularity.
Access control granularity type | Description |
---|---|
Coarse-grained | Typically describes scenarios in which users or clients are entitled to all or none of particular applications or APIs. |
Medium-grained | Typically applies to URL-based scenarios in which users or clients are entitled to some pages or resources within applications or APIs. |
Fine-grained | When applied to the actions a user or client can take on an application page or an API resource, typically implies that action-specific conditions dictate whether the user or client is entitled to take the action. For example, a request to transfer bank funds might be denied if the amount exceeds the average of recent transfers by 20% or more. |
Scenario
For this tutorial, you are the producer of an online game in which players compete with friends to create the funniest meme. When starting a new game, the first player optionally invites other players by their email addresses. To prevent email spam, you must create a policy that blocks a user from starting a new game with other players if the user's email address comes from a generic mail domain.
Game activities are represented using an example Meme Game API.
Tasks
This tutorial teaches you how to configure two fine-grained API access control rules by walking you through the following tasks.
- Configure a reverse proxy for the Meme Game API.
- Test the reverse proxy.
- Add a policy for the Meme Game API's Create Game endpoint.
- Test the policy from the Policy Editor.
- Test the reverse proxy by making an HTTP request.
- Modify the rule for the Meme Game API's Create Game endpoint.
The following sections provide the details for completing these tasks.