You can configure the API security gateway by creating and modifying its components.
The API security gateway consists of the following components:
- One or more gateway HTTP servlet extensions
- One or more Gateway API Endpoints
- One or more API external servers
An API external server represents the upstream API server and contains the configuration for the server's protocol scheme, host name, port, and connection security. You can create the server in the PingDataGovernance Administrative Console, or with the following example command.
PingDataGovernance/bin/dsconfig create-external-server \ --server-name "API Server" \ --type api \ --set base-url:https://api-service.example.com:1443
A Gateway API Endpoint represents a public path prefix that PingDataGovernance Server accepts for handling proxied requests. A Gateway API
Endpoint configuration defines the base path for receiving requests
inbound-base-path) as well as the base path for forwarding the request
to the API server (
outbound-base-path). It also defines the associated API
external server and other properties that relate to policy processing, such as service,
which targets the policy requests generated for the Gateway API Endpoint to specific
The following example commands use the API external server from the previous example to create a pair of Gateway API Endpoints.
PingDataGovernance/bin/dsconfig create-gateway-api-endpoint \ --endpoint-name "Consent Definitions" \ --set inbound-base-path:/c/definitions \ --set outbound-base-path:/consent/v1/definitions \ --set "api-server:API Server" \ --set service:Consent PingDataGovernance/bin/dsconfig create-gateway-api-endpoint \ --endpoint-name "Consent Records" \ --set inbound-base-path:/c/consents \ --set outbound-base-path:/consent/v1/consents \ --set "api-server:API Server" \ --set service:Consent
The gateway HTTP servlet extension is the server component that represents the API security gateway itself. In most cases, you do not need to configure this component.
Changes to these components do not typically require a server restart to take effect. For more information about configuration options, see the Configuration Reference, located in the server's docs/config-guide directory.