Configuring API discovery - PingIntelligence for APIs

Configuring API discovery - PingIntelligence for APIs - 5.2

PingIntelligence

bundle

pingintelligence-52

ft:publication_title

PingIntelligence

Product_Version_ce

PingIntelligence for APIs 5.2 (Latest)

category

APISecurity

AdvancedAPICybersecurity

Capability

Environment

Product

apisecurity

capability

linux

pi-52

pingintelligence

private

ContentType_ce

PingIntelligence API discovery is a process to discover and report APIs from your API environment.

The discovered APIs are reported in the PingIntelligence Dashboard.

To automatically capture API definitions from PingAccess:

Configure API discovery in the PingIntelligence Dashboard.
1. Configure the discovery parameters in the Dashboard as outlined in Configure API discovery.
  
  Note:
  Make sure that the ASE mode is configured to sideband in webgui.properties, and it matches the configuration in /pingidentity/ase/config/ase.conf file in ASE.
2. Ensure the following configurations specific to PingAccess are set:
  1. Set Discovery source - The Dashboard can discover APIs from three sources, ABS AI engine, PingAccess, and Axway API gateway. The discovery source is configured in the /pingidentity/webgui/config/webgui.properties file. Set the pi.webgui.discovery.source to pingaccess.
    The following is a snippet of the webgui.properties file for configuring the discovery source:
```
### api discovery properties
# discovery source
# valid values: abs, axway and pingaccess
# for axway and pingaccess, see config/discovery.properties
pi.webgui.discovery.source=pingaccess
```
  2. Set Credentials - When the API discovery source is PingAccess, configure the gateway management URL and credentials in the /pingidentity/webgui/config/discovery.properties file.
    The following is a snippet of the discovery.properties file for configuring the credentials:
```
### PingAccess config. Only valid if pi.webgui.discovery.source=pingaccess
# Admin URL
pingaccess.management.url=https://127.0.0.1:9000/
# Admin username
pingaccess.management.username=Username
# Admin password
pingaccess.management.password=Password
```

Configure API discovery in PingAccess:

For the PingIntelligence Dashboard to automatically discover the APIs, include the following parameters in the DESCRIPTION section of an existing application or while you add a new application in PingAccess.

The application type must be API.

{
"ping_ai": true,
"ping_host": "",
"ping_url": "",
"ping_login": "",
"ping_cookie": "JSESSIONIDTEST",
"apikey_qs": "X-API-KEY",
"apikey_header": "",
"ping_decoy": false,
"oauth2_access_token": false,
"ping_blocking": true
}

The following table describes the parameters captured when the PingIntelligence Dashboard fetches the API definition from PingAccess and adds it to ASE.

Parameter	Description
ping_ai	When `true`, PingIntelligence processing is applied to this API. Set to false for no PingIntelligence processing. The default value is true.
ping_host	Hostname of the API. You can configure `*` as `hostname` to support any hostname.
ping_url	The base URL of the managed API, for example, `/shopping`. This field cannot be empty.
ping_login/>	Sign-on URL for the API. The field can be empty.
ping_cookie/>	Cookie name for the API. The field can be empty.
apikey_qs	When API Key is sent in the query string, ASE uses the specified parameter name to capture the API key value. This field can be empty.
apikey_header	When API Key is part of the header field, ASE uses the specified parameter name to capture the API key value. This field can be empty.
ping_decoy	When true, API is a decoy API. The values can be true or false.
oauth2_access_token	When true, PingIntelligence expects an OAuth token. The values can be true or false.
ping_blocking	When true, enable PingIntelligence blocking when attack are detected on the API. The default value is true. To disable blocking for the API, set to false.

For more information, refer to: