Ping Identity > Solutions > Secure Web APIs 

API Security

Secure calls to APIs and web services

Organizations rely upon application programming interfaces (APIs) and web services to facilitate interaction between applications, across enterprises and with customers and partners. APIs provide data to non-browser, native mobile or cloud-connected desktop applications. Unfortunately, the information returned by APIs doesn’t always comply with security policies and infrastructure. Ping Identity offers solutions to secure calls to your APIs.

  • Prevent unauthorized access to data
  • Deliver secure mobile applications
  • Ensure the right identity information for proper auditing and monitoring
  • Identity Gateway
    PingAccess provides greater interoperability than traditional WAM solutions, as it can use standards-based web session management (JWT), authentication (OpenID Connect), and API access management (OAuth 2.0) for modern identity environments.

    OAuth Authorization
    Secure calls to HTTP API’s across mobile browsers, native mobile applications, and direct client access of HTTP API calls. Built upon open standards, the PingFederate OAuth 2.0 Authorization Server creates and validates tokens for secure access to HTTP and RESTful web services. Access to web services can be centrally managed and revoked.

    Security Token Service (STS) 
    Secures calls to SOAP API’s. As a WS-Trust-compliant Security Token Service, PingFederate exchanges one type of security token for a different type of security token.

    API Security - How it works

    The Security Token Service provides for token exchange between multiple token types; and for token issuance and verification between applications

    OpenID Connect Provider 
    Enabling a consistent identity framework for web and mobile applications. Leveraging an emerging standard, OpenID Connect, application developers can quickly and easily integrate identities in custom applications without the need to develop custom code.