Learn how to add API service operations in PingOne and use rules to control access to operations.
Define an API service operation to match the API requests used to get another user’s submitted memes. Then, create a rule to give only members of the Meme Game Admins group permission to perform the operation.
- In PingOne, go to .
- Click the Meme Game API service, and then click the Operations tab.
- Click Define Operation to create a new operation.
Define a method and path combination that matches a client request to the
Click Methods, and then select the
GET method. Click outside the list of methods to
For Paths, enter the following:
This is the API path for getting a user’s memes. The path must start with a slash (/). The asterisk (*) is a wildcard that represents any answers.
For Name, enter Get memes of another
- Click Next.
- Click Methods, and then select the GET method. Click outside the list of methods to close it.
Define a basic rule that allows administrators to perform this operation:
Basic rules grant access to protected operations based on group membership and authorized scopes.Note:
In the next tutorial, you'll define a more advanced custom rule for an operation. For more information about basic and custom rules, see Defining operations for protected actions.
- Select the The user must be a member of any of these groups check box.
Click Groups, and then select the
Meme Game Admins group. Click outside the
list of groups to close it.
Now, only members of the Meme Game Admins group can call the Get memes of another user operation. This is what the operation looks like.
- Click Deploy to deploy the new API service operation.
You added an API service operation that controls access to an action and you gave members of the administrator group access to perform the action.
Demonstrate how the API service enforces access control by allowing a request from administrators to review submitted memes and rejecting the request from players.