PingIntelligence provides a shared flow to integrate Apigee Edge with PingIntelligence for APIs platform.
The two mechanisms of calling shared flows are flow hook and flow callout policies. A flow hook in Apigee Edge applies the PingIntelligence shared flow globally to all APIs in an environment in an organization. The FlowCallout policy in Apigee Edge applies the PingIntelligence shared flow on a per API basis in an environment in an organization.
PingIntelligence provides an automated tool to deploy both flow hook and flow callout polices.
The following diagram shows the logical setup of PingIntelligence API Security Enforcer (ASE) and Apigee Edge.
Traffic flows through the Apigee Edge andPingIntelligence for APIs components as follows:
- Incoming request to Apigee Edge from a client.
- Apigee Edge makes an API call to send the request information to ASE.
- ASE checks the request against a registered set of APIs and checks the origin IP, cookie, OAuth2 token or API key against the Blacklist. If all checks pass, ASE returns a 200-OK response to the Apigee Edge. If not, a different response code (403) is sent to Apigee Edge. The request information is also logged by ASE and sent to the ABS AI Engine for processing.
- If Apigee Edge receives a 200-OK response from ASE, then it forwards the request to the backend server. Otherwise, the gateway optionally blocks the client. In synchronous mode, the gateway waits for a response from ASE before forwarding the request to backend server. However, if asynchronous mode is enabled, the gateway forwards the request to the backend server without waiting for the response from ASE. The ASE passively logs the request and forwards it to ABS for attack analysis. It performs attack detection without blocking of attacks.
- Apigee Edge receives the response from the backend server.
- Apigee Edge makes a second API call to pass the response information to ASE, which sends the information to the AI engine for processing.
- ASE receives the response information and sends a 200-OK to Apigee Edge.
- Apigee Edge sends the response received from the backend server to the client.