The Docker Compose project includes Kong Gateway, a PostgreSQL database for gateway configuration, and the Ping Identity authorization plugin for Kong. The plugin is already installed.

Kong is configured to proxy REST API requests to the Meme Game API. This simple API is flexible enough to demonstrate several authorization use cases.

  • This project uses the enterprise version of Kong Gateway (not the open source version) in Free mode. By using this project, you agree to the terms of Kong’s software license.
  • The Meme Game API is publicly available and ready to use in PingOne Authorize tutorials. You don't need to install it.

You’ll bring up this project and use cURL to make sure everything is working.


This project exposes Kong Manager and the Kong Admin API without any admin authentication. Be careful if you’re running this project on a docker-machine exposed to the internet.

  1. Clone the PingOne Authorize API Access Management Tutorials GitHub project.

    For example, clone the supporting files into a new pingoneauthorize-api-tutorials directory using HTTPS:

    git clone && cd pingoneauthorize-api-tutorials

    This project requires three ports:

    • KONG_ENGINE_HTTPS_PORT: The runtime port for proxying REST API requests. By default, this is 8443.
    • KONG_ADMIN_GUI_PORT: The port for the Kong Manager UI. By default, this is 8002.
    • KONG_ADMIN_API_PORT: The port for the Kong Admin API. By default, this is 8001.

    If you need to use different ports, customize the ports for your environment in the env-template.txt file as follows. Skip the next step if you’re okay with the defaults.

  2. Optional: Copy env-template.txt to .env and edit the file:
    cp env-template.txt .env
    vi .env

    When you finish editing the file, press Esc, and then exit the editor:

  3. If Docker Desktop is not running yet, start it.
  4. Bring up the project:
    docker-compose up -d --build

    This creates the database and configures Kong.

  5. To access Kong Manager, go to: http://localhost:8002.

    If you’re not running on localhost, use your docker-machine name in the URL instead of localhost.

    You can see your default workspace in Kong.

    Screen capture of the Kong Manager showing the Overview and Workspaces.
  6. Make sure Kong Gateway can connect to the Meme Game API:
    curl -i --insecure --oauth2-bearer '{"sub":"user.0"}' https://localhost:8443/meme-game/api/v1/users/user.0/answers

    The connection might take a minute to come up. If the connection works, you’ll see HTTP/1.1 200 OK and a JSON response. Not getting the right results? See Troubleshooting Kong Gateway integration for PingOne Authorize.


    When you’re finished with the tutorials and no longer need this environment, you can stop Kong and delete the PostgreSQL database. Don’t do this yet!

    docker-compose down -v

Your tutorial environment is set up and you’re ready to add applications in PingOne. The first application you’ll add is a banking application that doesn’t have access to the Meme Game API.