sunleo sunleo - 26 days ago 8
reST (reStructuredText) Question

PingFederate and PingAccess REST APIs using Authorization token

I am calling PF and PA REST Web services using username and password but it seems vulnerable to provide credentials.Is there a way to provide the only Authorization code for REST AP service calls instead of credentials?.

At the moment am calling in this way

root@ubuntu:/home/joe# curl -k -u "**UserName:Password**" -H "X-Xsrf-Header: PingAccess" https://localhost:9000/pa-admin-api/v1/virtualhosts

Answer

The PingAccess administrative API supports OAuth Access Tokens for authentication. They must be access tokens issued by PingFederate (using any grant type) and contain a configured scope for administrative API access. For more details see: https://docs.pingidentity.com/bundle/pa_sm_AuthenticationConfiguration_pa41/page/pa_t_Configure_API_Authentication.html

PingFederate itself currently does not support OAuth for administrative APIs however there are a number of options for authentication. The most secure form of authentication currently supported is client certificate authentication. For more details, see: https://documentation.pingidentity.com/pingfederate/pf82/index.shtml#adminGuide/concept/configuringAccessToTheAdministrativeApi.html