This guide describes the deployment of PingIntelligence for APIs in a sideband configuration with F5 BIG-IP. A PingIntelligence policy is installed in F5 BIG-IP and passes API metadata to PingIntelligence for detailed API activity reporting and attack detection with optional client blocking. PingIntelligence software includes support for reporting and attack detection based on usernames captured from JSON Web Token (JWT).

This diagram depicts the architecture of PingIntelligence for APIs components along with F5 BIG-IP:

Following is an description of the traffic flow through F5 BIG-IP and PingIntelligence ASE:

  1. Client sends an incoming request to F5 BIG-IP
  2. F5 BIG-IP makes an API call to send the request metadata to ASE
  3. ASE checks the request against a registered set of APIs and looks for the origin IP, cookie, OAuth2 token or API key in PingIntelligence AI engine generated Blacklist. If all checks pass, ASE returns a 200-OK response to the F5 BIG-IP. If not, a different response code is sent to F5 BIG-IP. The request information is also logged by ASE and sent to the AI Engine for processing.
  4. F5 BIG-IP receives a 200-OK response from ASE, then it forwards the request to the backend server. A request is blocked only when ASE sends a 403 error code.
  5. The response from the backend server is received by F5 BIG-IP.
  6. F5 BIG-IP makes a second API call to pass the response information to ASE which sends the information to the AI engine for processing.
  7. ASE receives the response information and sends a 200-OK to F5 BIG-IP.
  8. F5 BIG-IP sends the response received from the backend server to the client.