Work with Applications

Org Admins and Developers can build their applications and access the APIs that the application consumes using applications, which are containers of related APIs in
Layer7 API Developer Portal
.
For more information about the roles and permissions for working with applications, see User Types, Roles and Permissions.
In this article:
Locate your Organization's Applications
You can find and examine your organization's applications.
Prerequisite:
The Portal Admin has created an application for the Developer.
Follow these steps:
  1. Log in to
    API Portal
    as an Org Admin or Developers.
  2. From the menu bar, select
    Manage
    ,
    Applications
    .
    A list of applications appears on the
    Applications
    page.
View the APIs Assigned to an Application
  1. While logged in to
    API Portal
    as an Org Admin or Developers, from the
    Applications
    page, select the application for which you want to view the assigned APIs.
    The application opens in view-only mode.
  2. Select the
    APIs
    tab.
    A list of the APIs that have been assigned to the application are displayed.
  3. Click any of the API tiles to view details for that API.
Add an Application
Follow these steps:
  1. While logged in to
    API Portal
    as an Org Admin, from the
    Applications
    page, select
    Add Application
    .
    The
    Details
    page appears.
  2. Provide details about the application. Select an existing organization from the
    Selected Organization
    drop-down list. Provide a unique application name and an optional description, and then select
    Next
    .
  3. If the Portal Admin added custom fields for applications, then the
    Custom Fields
    page appears. Enter details for the custom fields, and then click
    Next
    .
    The
    API Management
    page appears.
  4. Add or remove available APIs and API groups to or from that application, and then select
    Next
    .
    In addition to the listed APIs and groups, you can search using the search field.
    Do the following:
    • To remove a selected API or API group from the application
      , select (the x icon) for the API or API group that you want to remove. The list of selected APIs and API groups is under the
      Selected APIs
      and
      API Groups
      section.
    • To add an available API or API group to your application
      , select (the plus icon) to the left of the API or API group that you want to add, and then accept the terms and conditions of the end-user license agreement (EULA). The list of available APIs and API groups is under the
      Available APIs
      (or
      Available API Groups
      ) section.
      When you add an API group to your application, you add the APIs that are contained within the group to your application. These APIs are enabled and public. If the APIs that are contained within the group are enabled but private, then the APIs belong to your organization and have been added to the account plan that your organization uses.
      Prerequisite:
      You must have explicit access to the API or the API must belong to your organization.
    For more information about the effects of API lifecycles and states on your ability to add and remove APIs and API groups to and from your application, see Manage API Lifecycles and States.
    The
    Authentication
    page appears.
  5. If any of the APIs that you have added to the application use OAuth, complete the following fields, and then select
    Create
    :
    • Callback/Redirect URL(s)
      Defines the callback/redirect URLs for your application. Separate multiple URLs using a comma.
      https://{yourportalurl}/admin/oauthCallback
    • Scope
      Defines the OAuth scope parameters that specify the privileges that this application requires from the protected APIs. Separate parameters using a space.
    • Type
      Defines the grant type for the OAuth-protected APIs that the application consumes.
      Values:
      • None
        .
      • Public:
        Defines that the OAuth-protected APIs that this application consumes use the Implicit grant type.
      • Confidential:
        Defines that the OAuth-protected APIs that this application consumes use the Confidential grant type.
      Default:
      None
    The
    Generate New Secret window
    opens.
  6. To generate a secret in hashed format, select
    Create & Get Key
    . Otherwise, to explicitly generate a less secure secret in plaintext format, select the
    I want to use a non-secure plaintext key
    checkbox, and then select
    Create & Get Key
    .
    The
    Key
    page appears. The application is successfully created.
    API Portal
    generates an API key for the application. The API key and shared secret are displayed in plaintext.
  7. Do any of the following tasks, and then select
    Done
    :
    • Copy the shared secret or the API key to the clipboard.
    • Generate (or request) a new secret.
      For more information, see Edit an Application.
The application is added.
Edit an Application
You can make the following changes to an existing application:
  • Enable or disable the application.
  • Edit the name and public description of the application.
  • Add and remove APIs and API groups to and from the application.
  • Change the OAuth callback URL, scope value, and type.
  • Generate a new shared secret, or, if the Portal Admin requires that they review and approve your requests to edit the application (the Edit Application Request Workflow setting is enabled), request a new shared secret.
Follow these steps:
  1. From the
    Applications
    page, on the
    Actions
    drop-down for the application that you want to edit, select
    Edit
    .
    The
    Details
    page appears.
  2. Edit the application name, enable or disable the application, or edit the public description, and then select
    Next
    .
    • Disabling an application disables all of its API keys.
    • Re-enabling an application will re-enable the default key, while all other keys remain disabled. Ensure that you re-enable other keys individually.
    • When a disabled application is re-enabled by an Org Admin, all other keys need to be re-enabled by Portal admin or API Owner.
  3. If the Portal Admin added custom fields for applications, then the
    Custom Fields
    page appears. Edit the details for the custom field, and then click
    Next
    .
    The
    API Management
    page appears.
  4. Add or remove APIs and API groups to and from your application. Accept the terms and conditions of the end-user license agreement (EULA). Select
    Next
    .
    A list of only those APIs to which you have access to add to your application are presented.
    The
    Authentication & Keys
    page appears.
  5. You can do the following, and then click
    Done
    :
    • Edit the OAuth callback URL, scope value, and type.
    • View the API key and the shared secret.
    • Copy the API key or shared secret by clicking
      Copy
      .
    • Generate (or request) a new shared secret, for example, if the shared secret is compromised. Depending on
      API Portal
      settings,
      Plaintext Secret
      and/or
      Hashed Secret
      formats might be available.
      For more information about hashed secrets, see Enable Hashed Client Secret.
    When you generate a new shared secret, the API proxy no longer accepts queries that use the old secret. The Developer must update the shared secret in their web or mobile application so that it can access and use the APIs that the application consumes.
The changes to the application are saved.
Enable your Web/Mobile Application to Access the APIs Added to an Application in Portal
As you build your web/mobile application, add the unique API key and shared secret from the application in
API Portal
so that your web/mobile application can access and use those APIs. In addition, if your web/mobile application uses OAuth, add the shared secret to your web/mobile application.
Follow these steps:
  1. From the
    Applications
    page, select the application for which you want to view the API key and shared secret details.
    The
    Configuration
    tab displays, showing a list of the API keys for the application.
  2. Expand the API key that you require connection details.
  3. Copy the
    Client ID/API Key
    and
    Shared Secret
    .
  4. Add this information to your web/mobile application.
Delete an Application
Org Admins can delete applications. From the
Applications
page, on the
Actions
drop-down for the application that you want to delete, select
Delete
. The application is deleted.
You can also delete an application with the application open, from the
Actions
menu, by selecting
Delete Application
.