PingIntelligence API discovery is a process to discover, and report APIs from your API environment. The discovered APIs are reported in PingIntelligence Dashboard. Complete the following two steps to automatically capture API definitions from PingAccess:
- Configure API discovery in PingIntelligence Dashboard
- Configure API discovery in PingAccess
Configure API discovery in PingIntelligence Dashboard
Configure the discovery parameters in the Dashboard as explained in Configure API discovery.
Make sure that the ASE mode is configured to sideband in webgui.properties, and it matches the configuration in /pingidentity/ase/config/ase.conf file in ASE.
Ensure the following configurations specific to PingAccess are set:
Set Discovery source - Dashboard can discover APIs from three sources, ABS AI engine, PingAccess, and Axway API gateway. The discovery source is configured in the /pingidentity/webgui/config/webgui.properties file. Set the pi.webgui.discovery.source to pingaccess. Following is a snippet of the webgui.properties file for configuring the discovery source.
### api discovery properties
# discovery source
# valid values: abs, axway and pingaccess
# for axway and pingaccess, see config/discovery.properties
pi.webgui.discovery.source=pingaccess
Set Credentials - When the API discovery source is PingAccess, configure the gateway management URL and credentials in the /pingidentity/webgui/config/discovery.properties file. Following is a snippet of the discovery.properties file for configuring the credentials.
### PingAccess config. Only valid if pi.webgui.discovery.source=pingaccess
# Admin URL
pingaccess.management.url=https://127.0.0.1:9000/
# Admin username
pingaccess.management.username=Username
# Admin password
pingaccess.management.password=Password
Configure API discovery in PingAccess
For PingIntelligence Dashboard to automatically discover the APIs, include the following parameters in the DESCRIPTION section of an existing Application or while you add a new Application in PingAccess. The Application Type must be API.
{
"ping_ai": true,
"ping_host": "",
"ping_url": "",
"ping_login": "",
"ping_cookie": "JSESSIONIDTEST",
"apikey_qs": "X-API-KEY",
"apikey_header": "",
"ping_decoy": false,
"oauth2_access_token": false,
"ping_blocking": true
}
The following table describes the parameters captured when PingIntelligence Dashboard fetches the API definition from PingAccess and adds it to ASE.
Parameter | Description |
ping_ai
|
When true , PingIntelligence processing is applied to
this API. Set to false for no PingIntelligence processing.
Default value is true . |
ping_host
|
Hostname of the API. You can configure * as
hostname to support any hostname. |
ping_url
|
The base URL of the managed API, for example,
/shopping . This field cannot be empty. |
ping_login
|
Login URL for the API. The field can be empty. |
ping_cookie
|
Cookie name for the API. The field can be empty. |
apikey_qs
|
When API Key is sent in the query string, ASE uses the specified parameter name to capture the API key value. This field can be empty. |
apikey_header
|
When API Key is part of the header field, ASE uses the specified parameter name to capture the API key value. This field can be empty. |
ping_decoy
|
When true , API is a decoy API. The values can be
true or false . |
oauth2_access_token
|
When true , PingIntelligence expects an OAuth token. The
values can be true or false. |
ping_blocking
|
When true , enable PingIntelligence blocking when attack
are detected on the API. The default value is true . To
disable blocking for the API, set to false . |