Custom authorization policies in PingOne Authorize enable you to add more advanced API access rules that might require several iterations of configuration and testing before deployment. Custom policy authoring supports fine-grained logic and an iterative workflow.

When you added the Meme Game API service in Tutorial 1: Adding a managed API service for the Meme Game in PingOne, you enabled custom policies for the API service. In this task, you'll create an API operation for the Meme Game API service that matches the API request used to start a new game. You’ll create the custom policy in a later task.

  1. In PingOne, go to Authorization > API Services.
  2. Click the Meme Game API service, and then click the Operations tab.
  3. Click Define Operation to create a new operation.

    First, define the operation by configuring a method and path combination that matches a client request to the API.

  4. Click Methods, and then select the POST method. Press tab or click outside the list of methods to close it.
    Screen capture showing the expanded Methods list in the Define Operation window.
  5. For Paths, enter the following:


    This is the API path for starting a new game. The path must start with a slash (/).

  6. For Name, enter Start a new game.
    Screen capture of the Create Operation window showing Method, Path, and Name settings.
  7. Click Next, and then click Save.

You’ve defined an API operation that matches the API request used to start a new game.

Next, you’ll add attributes in the Trust Framework for your policy logic.