PingIntelligence API discovery is a process to discover, and report APIs from your API environment. The discovered APIs are reported in PingIntelligence Dashboard. Complete the following two steps to automatically capture API definitions from PingAccess:
  • Configure API discovery in PingIntelligence Dashboard
  • Configure API discovery in PingAccess

Configure API discovery in PingIntelligence Dashboard

Configure the discovery parameters in the Dashboard as explained in Configure API discovery.
Note: Make sure that the ASE mode is configured to sideband in webgui.properties, and it matches the configuration in /pingidentity/ase/config/ase.conf file in ASE.

Ensure the following configurations specific to PingAccess are set:

Set Discovery source - Dashboard can discover APIs from three sources, ABS AI engine, PingAccess, and Axway API gateway. The discovery source is configured in the /pingidentity/webgui/config/webgui.properties file. Set the pi.webgui.discovery.source to pingaccess. Following is a snippet of the webgui.properties file for configuring the discovery source.
### api discovery properties
# discovery source
# valid values: abs, axway and pingaccess
# for axway and pingaccess, see config/discovery.properties
pi.webgui.discovery.source=pingaccess

Set Credentials - When the API discovery source is PingAccess, configure the gateway management URL and credentials in the /pingidentity/webgui/config/discovery.properties file. Following is a snippet of the discovery.properties file for configuring the credentials.

### PingAccess config. Only valid if pi.webgui.discovery.source=pingaccess
# Admin URL
pingaccess.management.url=https://127.0.0.1:9000/
# Admin username
pingaccess.management.username=Username
# Admin password
pingaccess.management.password=Password

Configure API discovery in PingAccess

For PingIntelligence Dashboard to automatically discover the APIs, include the following parameters in the DESCRIPTION section of an existing Application or while you add a new Application in PingAccess. The Application Type must be API.
{
"ping_ai": true,
"ping_host": "",
"ping_url": "",
"ping_login": "",
"ping_cookie": "JSESSIONIDTEST",
"apikey_qs": "X-API-KEY",
"apikey_header": "",
"ping_decoy": false,
"oauth2_access_token": false,
"ping_blocking": true
}
The following table describes the parameters captured when PingIntelligence Dashboard fetches the API definition from PingAccess and adds it to ASE.
Parameter Description
ping_ai When true, PingIntelligence processing is applied to this API. Set to false for no PingIntelligence processing. Default value is true.
ping_host Hostname of the API. You can configure * as hostname to support any hostname.
ping_url The base URL of the managed API, for example, /shopping. This field cannot be empty.
ping_login Login URL for the API. The field can be empty.
ping_cookie Cookie name for the API. The field can be empty.
apikey_qs When API Key is sent in the query string, ASE uses the specified parameter name to capture the API key value. This field can be empty.
apikey_header When API Key is part of the header field, ASE uses the specified parameter name to capture the API key value. This field can be empty.
ping_decoy When true, API is a decoy API. The values can be true or false.
oauth2_access_token When true, PingIntelligence expects an OAuth token. The values can be true or false.
ping_blocking When true, enable PingIntelligence blocking when attack are detected on the API. The default value is true. To disable blocking for the API, set to false.

Related links