Attaching the PingAuth shared flow to API proxies in Apigee - PingOne - PingOne Cloud Platform - PingOne Authorize - PingOne Services

PingOne Cloud Platform
bundle
pingone
ft:publication_title
PingOne Cloud Platform
Product_Version_ce
PingOne
PingOne Cloud Platform
category
Administratorguide
ContentType
Guide
Product
Productdocumentation
p1
p1cloudplatform
ContentType_ce
Product documentation
Guide > Administrator Guide
Guide

Configure the PingAuth shared flow on the API proxies where you want to use PingOne Authorize as the external authorization policy run-time service.

  1. Add a Flow Callout policy:
    1. In Develop > API Proxies, go to one of your APIs and click the Develop tab. Make sure you are on the latest revision of the proxy.
    2. In the left pane, for Policies, click the + icon to add a policy.
    3. In the Add Policy window, select the Flow Callout policy in the left pane, and then in the Shared Flow list, select PingAuth.
    4. Click Add.

      Screen capture of the Add Policy window in Apigee.
  2. Attach the Flow Callout policy to flows.

    Because PingOne Authorize is providing authentication and authorization that occurs before most other policies execute, integrate it in the preflow of the request to the proxy endpoint. For information about other ways to integrate PingOne Authorize, see Controlling how a proxy executes with flows in the Apigee documentation.

    1. In the left pane, for the Proxy Endpoint, click PreFlow, and then click + Step to add a flow step to the Request.

      Screen capture showing PreFlow for the Proxy Endpoint in Apigee.
    2. On the Existing tab, select the PingAuth Flow Callout policy, and then click Add.

      Screen capture of the Add Step window in Apigee.
    3. In the left pane, for the Target Endpoint, click PreFlow, and then click + Step to add a flow step to the Response flow.
    4. On the Existing tab, select the PingAuth Flow Callout policy, and then click Add.

      This gives PingOne Authorize an early opportunity to process the API response from the target API before it's processed by Apigee.


      Screen capture showing PreFlow for the Target Endpoint in Apigee.
  3. Save and deploy the updated proxy.

Define API services to represent your APIs so that PingOne Authorize can help your API gateway enforce access control. For more information, see Defining your API in PingOne Authorize.