Defining an API using API JSON configuration file in inline mode
The API JSON file parameters define the behavior and properties of your API. The sample API JSON files shipped with ASE can be changed to your environment settings and are populated with default values.
The following table describes the JSON file parameters:
Parameter | Description | ||
---|---|---|---|
|
API request type with supported values of:
|
||
|
The value of the URL for the managed API. You can configure up to six levels of sub-paths. For example,
|
||
|
Hostname for the API. The value cannot be empty.
|
||
|
Name of cookie used by the backend servers. |
||
|
The amount of time a cookie is valid – for example 20m for 20 min. The time duration formats include: s: seconds, m: minutes, h: hour, d: day
|
||
|
When |
||
|
When |
||
|
When When For more information, see Capture client identifiers in inline mode. |
||
|
When set to
The default value is |
||
|
When API Key is sent in the query string, ASE uses the specified For more information, see Capture client identifiers in inline mode. |
||
|
When API Key is part of the header field, ASE uses the specified parameter name to capture the API key value. For more information, see Capture client identifiers in inline mode. |
||
|
Public URL used by a client to connect to the application. |
||
|
When Default value is |
||
|
Maximum ASE memory allocation for an API. The default value is 128 MB. The data unit can be MB or GB. |
||
|
When When Ping Identity recommends setting this parameter as |
||
|
The interval in seconds at which ASE sends a health check to determine backend server status. |
||
|
The number of times ASE queries the backend server status after not receiving a response. |
||
|
The URL used by ASE to check backend server status. |
||
|
Configure one or more health check headers in the API JSON in a key-value format. This is an optional configuration and applies only to inline ASE deployment. In the sample JSON, the following example is provided: "health_check_headers": { "X-Host": "%{HOST}", "X-Custom-Header": "value" }, Example: See the following table for X-Host and X-Custom-Header details. |
||
|
When set to |
||
Servers:
|
The IP address or hostname and port number of each backend server running the API. See REST API Protection from DoS and DDoS for information on optional flow control parameters. |
||
API Mapping:
|
Internal URL is mapped to the public external URL See API Name Mapping – Protect Internal URLs for more information |
||
The following API Pattern Enforcement parameters only apply when API Firewall is activated |
|||
Flow Control
|
ASE flow control ensures that backend API servers are protected from surges (for example DDoS, traffic spike) in API traffic. See WebSocket API Protection from DoS and DDoS for information on parameters. |
||
|
List of accepted protocols Values can be HTTP, HTTPS, WS, WSS.
|
||
|
Redirect unencrypted HTTP requests to See Configuring Pattern Enforcement for details. |
||
|
List of accepted REST API methods. Possible values are:
|
||
|
List of content types allowed. Multiple values cannot be listed. For example, application/json. |
||
|
Error message generated by ASE after blocking a client See ASE Detected Error Messages for details |
||
Decoy Config
|
When
See Configuring API deception for details. |
||
|
The name of the custom header containing username. When the value of
|
||
JWT
|
When the parameter values of
For more information, see Extract user information from JWT in inline mode.
|
Example Key | Value |
---|---|
X-Host |
In the sample API JSON, ASE will dynamically replace %{HOST} with IP address (127.0.0.1) configured in the "servers": [ { "host": "127.0.0.1", "port": 8080, "server_spike_threshold": "0/second", "server_connection_quota": 0 } ], |
X-Custom-Header |
Your custom header value. All the custom health check headers configured are sent to all the backend API servers. |
Here is a sample JSON file for a REST API:
{
"api_metadata": {
"protocol": "http",
"url": "/rest",
"hostname": "*",
"cookie": "",
"cookie_idle_timeout": "200m",
"logout_api_enabled": false,
"cookie_persistence_enabled": false,
"oauth2_access_token": false,
"is_token_mandatory": false,
"apikey_qs": "",
"apikey_header": "",
"login_url": "",
"enable_blocking": true,
"api_mapping": {
"internal_url": ""
},
"api_pattern_enforcement": {
"protocol_allowed": "",
"http_redirect": {
"response_code": "",
"response_def": "",
"https_url": ""
},
"methods_allowed": [],
"content_type_allowed": "",
"error_code": "401",
"error_def": "Unauthorized",
"error_message_body": "401 Unauthorized"
},
"flow_control": {
"client_spike_threshold": "0/second",
"server_connection_queueing": false
},
"api_memory_size": "128mb",
"health_check": false,
"health_check_interval": 60,
"health_retry_count": 4,
"health_url": "/health",
"health_check_headers": {},
"server_ssl": false,
"servers": [
{
"host": "127.0.0.1",
"port": 8080,
"server_spike_threshold": "0/second",
"server_connection_quota": 0
},
{
"host": "127.0.0.1",
"port": 8081,
"server_spike_threshold": "0/second",
"server_connection_quota": 0
}
],
"decoy_config": {
"decoy_enabled": false,
"response_code": 200,
"response_def": "",
"response_message": "",
"decoy_subpaths": []
},
"username_header": "x-username-header",
"jwt": {
"location": "h:authorization:bearer",
"username": "username",
"clientid": "client_id"
}
}
}
Add configured API JSON to ASE
After configuring an API JSON file, add it to ASE to activate ASE processing. To add an API, execute the following CLI command:
/opt/pingidentity/ase/bin/cli.sh –u admin -p admin add_api \{file_path/api_name}
After configuring API JSON files for each API, ASE configuration is complete.
Update a configured API
After activation, an API JSON definition can be updated in real time. Edit the API JSON file located in the /config/api
directory and make the desired changes. Save the edited API JSON file and execute the following CLI command:
/opt/pingidentity/ase/bin/cli.sh –u admin -p admin update_api <api_name>
For example:
/opt/pingidentity/ase/bin/cli.sh –u admin -p admin update_api shop api shop updated successfully