Naman Shah You can use send-request
policy in APIM to call Ping IDP introspect endpoint with the access token received from the client app and process the response to modify the behavior of the API. Here is sample code snippet:
<send-request mode="new" response-variable-name="introspectResponse" timeout="20" ignore-error="false">
<set-url>https://your-ping-idp.com/introspect</set-url>
<set-method>POST</set-method>
<set-header name="Content-Type" exists-action="override">
<value>application/x-www-form-urlencoded</value>
</set-header>
<set-body>@{
var token = context.Request.Headers.GetValueOrDefault("Authorization", "");
return "token=" + token;
}</set-body>
</send-request>
The above policy sends POST request to Ping IDP introspect endpoint and response is stored in variable introspectResponse
which you can validate if it is valid. Here is Send request doc for reference, and the policies are executed for every call. If you like to cache call for specific duration, you can explore cache-lookup
or cache-lookup-value
policy based on your need.
I hope this helps and let me know if you have any questions.