Define a managed API service to represent your API so that PingOne Authorize can help your API gateway enforce access control.
A managed API service enables PingOne Authorize to recognize requests for your API and instructs the API gateway to allow access from authorized clients only and block access from unauthorized clients.
An API service definition includes a pointer to the API and to the specific parts of the API that you want to protect. The definition includes an option to enable custom access control policies for complex authorization scenarios. The definition also specifies whether directory services and access token validation are managed by PingOne or managed externally.
You must deploy the API service after you make configuration changes, such as updating a setting or adding an operation.
- If PingOne is managing user directory and access token validation services for the protected API service, add a PingOne application that is allowed to access the protected API service. To allow access, grant the application the same scope that you configured for the API service. For more information, see Editing scopes for an application.
- Define operations for protected API actions.
- Add custom policies for the API service.