Add APIs to ASE
To secure an API with PingIntelligence for APIs software, an administrator can add an API definition to the Ping Identity ASE, which will then pass the API information to the AI Engine for reporting and attack detection. Complete the following steps to configure a simple REST API. For more information on advanced options, see the ASE Admin Guide.
-
Navigate to
/opt/pingidentity/ase/config/api
and copy the filerest_api.json.example
torest_api.json
-
Open the
rest_api.json
file and update the following information:-
Update the “url” to the base path of the API, for example,
“/apiname”
-
Replace the server IP addresses and ports with the addresser/ports of your app servers.
-
Review the following parameter list and make other edits as applicable.
-
Key API JSON file parameters to configure include:
Parameter | Description | ||
---|---|---|---|
|
API request type with supported values of:
|
||
|
The value of the URL for the managed API. You can configure up to six levels of sub-paths. For example,
|
||
|
Hostname for the API. The value cannot be empty.
|
||
|
Name of cookie used by the backend servers. |
||
|
When When For more information, see Capture client identifiers in inline mode and Capture client identifiers - Sideband. |
||
|
When API Key is sent in the query string, ASE uses the specified For more information, see Capture client identifiers in inline mode and Capture client identifiers - Sideband. |
||
|
When API Key is part of the header field, ASE uses the specified parameter name to capture the API key value. For more information, see Capture client identifiers in inline mode and Capture client identifiers - Sideband. |
||
|
Public URL used by a client to connect to the application. |
||
|
When When Ping Identity recommends setting this parameter as |
||
|
The interval in seconds at which ASE sends a health check to determine backend server status. |
||
|
The number of times ASE queries the backend server status after not receiving a response. |
||
|
The URL used by ASE to check backend server status. |
||
|
When set to |
||
Servers:
|
The IP address or hostname and port number of each backend server running the API. See REST API Protection from DoS and DDoS for information on optional flow control parameters. |
||
The following API Pattern Enforcement parameters only apply when API Firewall is activated |
|||
Flow Control
|
ASE flow control ensures that backend API servers are protected from surges (for example DDoS, traffic spike) in API traffic. See WebSocket API Protection from DoS and DDoS for information on parameters. |
||
|
List of accepted protocols Values can be HTTP, HTTPS, WS, WSS.
|
||
|
List of accepted REST API methods. Possible values are:
|
||
|
List of content types allowed. Multiple values cannot be listed. For example, application/json. |
||
Decoy Config
|
When
See API deception for details |
After configuring the API JSON file, add it to ASE for it to take effect. To add a runtime API, execute the following CLI command:
/opt/pingidentity/ase/bin/cli.sh add_api {file_path/api_name} –u admin -p
Verify/List the API
To verify whether the API that you added has been successfully added or not, run the list API command:
opt/pingidentity/ase/bin/cli.sh list_api -u admin -p