Page created: 13 Feb 2023
|
Page updated: 13 Feb 2023
Define a managed API service to represent your API so that PingOne Authorize can help your API gateway enforce access control.
A managed API service enables PingOne Authorize to recognize requests for your API and instructs the API gateway to allow access from authorized clients only and block access from unauthorized clients.
An API service definition includes a pointer to the API and to the specific parts of the API you want to protect. The definition also specifies whether directory services and access token validation are managed by PingOne or managed externally.
- If PingOne is managing user directory and access token validation services for the protected API service, add a PingOne application that is allowed to access the protected API service. To allow access, grant the application the same scope that you configured for the API service. For more information, see Editing scopes for an application.
- Define operations for protected API actions.