Attention:

The PingOne API Intelligence service is currently available only in United States regions and requires approximately 24 hours for launch.

What is PingOne API Intelligence?

PingOne API Intelligence uses artificial intelligence (AI) to track API activity across all API clusters and identify abnormal situations with APIs in your environment. PingOne API Intelligence:

  • Detects partners that are misusing or abusing an API
  • Captures bugs and vulnerabilities in production APIs
  • Identifies and automatically block cyberattacks on APIs

Existing and new APIs are discovered automatically, and API traffic is linked to the identity of each user. Deep activity insights are also delivered for auditing, forensic and governance reports.

PingOne API Intelligence is a software as a service (SaaS) offering. The SaaS components handle all AI processing and dashboard reporting, and the service itself is managed from the cloud. The on-premise component responsible for collecting API traffic metadata is called the API Security Enforcer (ASE). It's deployed as a virtual machine or Docker container and connects to the PingOne API Intelligence service hosted in the cloud to deliver the API traffic metadata that is processed by the AI engine.


A diagram of the interaction between your API environment and PingOne API Intelligence when ASE is deployed in sideband mode.

The above diagram shows the interaction between your API environment and PingOne API Intelligence when ASE is deployed in sideband mode.

PingOne API Intelligence components

PingOne API Intelligence consists of the following components:

  • ASE is deployed on-premise to integrate with your API environment. It captures the metadata of the monitored APIs and sends it to the PingOne API Intelligence service for processing. Note that no payload data is sent to the cloud. You can deploy ASE in two modes, inline and sideband.

    When deployed in inline mode, the ASE is installed as a reverse proxy between a load balancer such as, AWS ELB, and the APIs. In sideband mode, the ASE is deployed next to a gateway and receives traffic from the gateway through a sideband policy deployed on the gateway. Integration policies are available to connect to a wide variety of gateways and some load balancers as well. For more information on the integrations supported, see sideband integrations.

  • The cloud-based AI engine processes the metadata sent by ASE to identify new APIs, deliver increased visibility, and detect abnormal API traffic patterns. It builds machine learning models that self-train based on the API traffic. When an abnormal situation or attack needs to be blocked, it communicates with the on-premise ASE to block the clients from which the traffic originates.
  • The cloud-based PingOne API Intelligence Dashboard provides rich analytics on API activities. It tracks API activity across all API gateway clusters, clouds, and data centers to deliver a single pane of glass used to monitor the API infrastructure. Newly discovered APIs are surfaced and are tracked once selected. All tokens or cookies used, and IP addresses are associated with each user identity. It provides information on the training status of the APIs and delivers insights on abnormal situations and attacks detected. It also supports administrative activities, such as attack management, API discovery and classification of APIs.

Next steps

Proceed to Getting started with PingOne API Intelligence and follow the steps involved in deploying PingOne API Intelligence.