Create and Set Permissions for APIs

This article includes information about how to add APIs and set up API management permissions and visibility.
2
The following diagram summarizes the workflow for adding and setting up your API using the Add/Edit API wizard:
Set Up API Details and Policies
You can update the API details, custom fields, policies, and spec authentication.
Follow these steps:
  1. Log in to
    Layer7 API Developer Portal
    as a Portal Admin.
  2. From the menu bar, select
    Manage
    ,
    APIs
    .
    A list of APIs appears.
  3. Do one of the following steps:
    • To set up API details and policies to a new API, select
      Add API
      .
    • To set up API details and policies to an existing API, click the API for which you want to edit details. On the
      API Details
      page, select
      Actions
      ,
      Edit API Details
      .
    The
    Add/Edit API wizard
    opens.
  4. In the
    Details
    section, choose between
    REST
    and
    SOAP
    API types. If applicable, select
    Choose file
    to upload your Swagger or Web Application Description Language (WADL) definition files (for REST API), or Web Services Description Language (WSDL) file and optional XSD file (for SOAP API). For more information, see About API Description Files. If you do not have definition files, provide API details manually.
    If you uploaded an API definition file, the fields are already filled with values. You are alerted to any mandatory fields that do not have assigned values.
    Provide values as follows, and then select
    Save & Next
    :
    Field
    Notes
    API Name
    Maximum name length is 255 characters. Name must be unique.
    Version
    The value for this field can only contain 0-9 and be delimited with . _ and - characters.
    Location of API
    The API proxy routes requests from applications to the location of the API behind the API proxy. Developers do not see this information. Use a context variable to Route the API to Multiple Data Centers.
    API EULA
    Select an available End User License Agreement (EULA) to assign to this API. You can assign EULAs to APIs that are not already associated to an organization. Before Developers can get an API key for the API, they must agree to your EULA.
    Public Description
    The description appears in the API Explorer and in the Add/Edit Application wizards. Provide Developers with API information, such as its proxy URL and authentication requirements.
    Required:
    No
    Maximum description length is 255 characters.
    Private Description
    Maximum description length is 255 characters.
    API URI
    Provide the
    API Proxy URL
    , which is the public URI of the API on the API Proxy. This URI is part of the URL used by developers in their web/mobile applications to send requests to the API.
  5. If you have enabled Custom Fields, the
    Custom Fields
    section opens. Complete the custom fields values, and then click
    Save & Next
    .
    The
    Policy Templates
    section opens.
  6. Do the following, and then select
    Save & Next
    :
    1. Select your desired policy templates from the drop-down menu.
    2. Expand on an added policy to set its parameters.
    3. Combine multiple policy templates. Ensure that you select them in the order that you want the API proxy to apply them.
      For more information about how to control API access with policy templates, see Policy Templates.
    (REST APIs only) The
    Spec Authentication
    section opens.
  7. Select the
    Authentication type
    and provide authentication details as needed. The selected authentication type is used in the
    Spec
    tab of the details page when trying out the API. Click
    Save & Next
    .
The API details are updated. Proceed with the following steps to set up management permissions, visibility permissions, and publish state.
Set Up API Management Permissions
Set up who has the permissions to edit and delete this API.
Follow these steps:
  1. After setting up the API details, policy templates, and spec authentication in the Add/Edit API wizard, the
    Management Permissions
    section opens. Alternatively, you can navigate to an existing API, and then click
    Actions > Edit Management Permissions
    .
  2. Select who can manage the API. You must specify a managing organization or at least one API Owner:
    1. Select the Managing Organization:
      Selecting a managing organization allows all users within that organization to edit this API. This only applies if the user has permissions to edit APIs.
    2. Select API Owner Permissions
      • Open:
        Specify that anyone with API management permissions can edit this API.
      • Restricted:
        Specify users with API management permissions to edit this API.
      If a Portal Admin or an API Owner added an API in
      Layer7 API Developer Portal
      version 4.4 and assigned an Org User to the user permission list:
      • After the upgrade to
        Layer7 API Developer Portal
        version 4.5, only the Portal Admin or the API Owner who belongs to the permissions list has access to manage this API.
      • An Org User who was a part of the permissions list will gain or lose the API management permissions based on the number of organizations associated with this API. If there were multiple organizations assigned, the Org User will lose the API management permissions.
  3. Select
    Restricted
    .
    A list of API Owners appears.
  4. Select the users that have permission to edit and delete the API.
    The selected users appear in the right column
    Selected
    .
  5. Click
    Save & Next
    .
The API management permissions are updated. The selected users can edit and delete the API. Proceed with the following steps to set up visibility permissions and publish state.
Set Up the API Visibility Permissions for Your Organizations
Follow these steps:
  1. After setting up management permissions in the Add/Edit API wizard, the
    Visibility Permissions
    section opens. Alternatively, you can navigate to an existing API, and then click
    Actions
    ,
    Edit Visibility Permissions
    .
  2. Choose the level of visibility of the API for your organizations:
    • Public:
      The API is visible to all organizations. If you set the visibility to
      Public
      , any API Owner added in the future will automatically see this API.
    • Private:
      The API is visible only to you. If you are part of an organization, the organization can see the API as well. API Owners can still see this API regardless of the settings. Set up which organizations can see this API. If you are not part of an organization and creating a private API, then only API owners will be able to see it.
      APIs that you set the visibility to
      Private
      are not associated with an organization.
    • Restricted:
      Specify which organizations can see this API. If you set the visibility to
      Restricted
      , existing API Owners can still see this API but you will need to add any new API Owners manually to that they can see this API.
  3. Select
    Restricted
    .
    A list of available Organizations appear.
  4. Check the box next to each organization name for the organizations that have permission to see the API.
    The selected organizations appear in the right column
    Selected
    .
  5. Click
    Next
    .
The visibility permissions are updated. The selected organizations can see the API. Proceed with the following steps to set up publish state.
Set Up Publish State
Follow these steps:
  1. After setting up tags in the Add/Edit API wizard, the
    Publish State
    section opens. Alternatively, you can navigate to an existing API and click
    Actions
    ,
    Edit API Details
    .
  2. In the
    Publish State
    section of the Add/Edit API wizard, select one of the following:
    • Incomplete:
      The API is incomplete.
    • Enable:
      The API can be added to applications and applications can consume them. The API will be published.
    • Disable:
      The API cannot be added to applications. If an API is already added to an application and the state changes from enabled to disabled, the application cannot continue to consume the API.
    • Deprecate:
      The API cannot be added to applications and deployed to proxies.
    • Unpublished:
      This state is only available to Gateway-published APIs.
  3. Click
    Save
    .
The publish state is set up for the API.