API gateway request and response flow - PingAuthorize

API gateway request and response flow - PingAuthorize - 9.3

PingAuthorize 9.3

bundle

pingauthorize-93

ft:publication_title

PingAuthorize 9.3

Product_Version_ce

PingAuthorize 9.3 (Latest)

category

ContentType

Product

Productdocumentation

paz-93

pingauthorize

ContentType_ce

Product documentation

Using the APIapplication programming interface (API) A specification of interactions available for building software to access an application or service. gateway pattern, PingAuthorize processes JSONJSON (JavaScript Object Notation) An open, lightweight data-interchange format that uses human-readable text to store and transmit data. requests and responses in two distinct phases according to a defined sequence.

The gateway handles proxied requests in the following phases:

Inbound phase – When a client submits an API request to PingAuthorize Server, the gateway forms a policy request based on the API request and submits it to the policy decision point (PDP) for evaluation. If the policy result allows it, PingAuthorize Server forwards the inboundinbound A direction of message flow coming into a service. The type of message depends service's identity access management role. request to the API server.
Outbound phase – After PingAuthorize Server receives the upstream API server's response, the gateway again forms a policy request, this time based on the API server response, and submits it to the PDP. If the policy result is positive, PingAuthorize Server forwards the outboundoutbound The direction of transaction flow from a service or server. response to the client.

Sequence diagram of the PingAuthorize API security gateway inbound and outbound data flow involving the client, PingAuthorize, the PDP, and the REST API

The API gateway supports only JSONJSON (JavaScript Object Notation) An open, lightweight data-interchange format that uses human-readable text to store and transmit data. requests and responses.