Define a managed API service to represent your API so that PingOne Authorize can help your API gateway enforce access control.
Configure an API gateway integration kit to connect your API gateway to PingOne.
An API service allows PingOne Authorize to recognize requests for your API and instruct your API gateway to block access from unauthorized clients and allow access only from authorized clients.
An API service definition specifies:
- Pointers to the API and to specific parts of the API that you want to protect
- Whether directory services and access token validation for the API service are managed by PingOne or managed externally
- The PingOne resource associated with the API service (this is specified only when PingOne manages token validation)
- Whether custom access control policies for complex authorization scenarios are enabled for the API service
For more details, see API services.
Note:
You can define up to 25 API services in each environment.
You must deploy the API service after you make configuration changes, such as updating settings, or adding or updating operations or custom policies.
- If PingOne is managing user directory and access token validation services for the protected API service, add a PingOne application that is allowed to access the protected API service. To allow access, grant the application the same scope that you configured for the API service. For more information, see Editing scopes for an application.
- To configure built-in access control rules, define operations for protected API actions.
- For more complex access control scenarios, add custom policies for the API service.