Learn how to add API service operations in PingOne and use rules to control access to operations.
Define an API service operation to match the API requests used to get another user’s submitted memes. Then, create a rule to give only members of the Meme Game Admins group permission to perform the operation.
-
Define a method and path combination that matches a client request to the
API:
-
Click Methods, and then select the
GET method. Click outside the list of methods to
close it.
-
For Name, enter Get memes of another
user.
-
Click Methods, and then select the
GET method. Click outside the list of methods to
close it.
-
Define a basic rule that allows administrators to perform this operation:
Basic rules grant access to protected operations based on group membership and authorized scopes.
Note:In the next tutorial, you'll define a more advanced custom rule for an operation. For more information about basic and custom rules, see Defining operations for protected actions.
-
Click Groups, and then select the
Meme Game Admins group. Click outside the
list of groups to close it.
-
Click Save.
Now, only members of the Meme Game Admins group can call the Get memes of another user operation. This is what the operation looks like.
-
Click Groups, and then select the
Meme Game Admins group. Click outside the
list of groups to close it.
You added an API service operation that controls access to an action and you gave members of the administrator group access to perform the action.
Demonstrate how the API service enforces access control by allowing a request from administrators to review submitted memes and rejecting the request from players.