Create and Set Permissions for APIs
This article includes information about how to add APIs and set up API management permissions and visibility.
The following diagram summarizes the workflow for adding and setting up your API using the Add/Edit API wizard:
Set Up API Details and Policies
You can update the API details, custom fields, policies, and spec authentication.
Follow these steps:
- Log in toAPI Management SaaSas a Portal Admin.
- From the menu bar, selectManage,APIs.A list of APIs appears.
- Do one of the following steps:
TheAdd/Edit API wizardopens.
- To set up API details and policies to a new API, selectAdd API.
- To set up API details and policies to an existing API, click the API for which you want to edit details. On theAPI Detailspage, selectActions.,Edit API Details
- In theDetailssection, choose betweenRESTandSOAPAPI types. If applicable, selectChoose fileto upload your Swagger or Web Application Description Language (WADL) definition files (for REST API), or Web Services Description Language (WSDL) file and optional XSD file (for SOAP API). For more information, see About API Description Files. If you do not have definition files, provide API details manually.If you uploaded an API definition file, the fields are already filled with values. You are alerted to any mandatory fields that do not have assigned values.Provide values as follows, and then selectSave & Next:FieldNotesAPI NameMaximum name length is 255 characters. Name must be unique.VersionThe value for this field can only contain 0-9 and be delimited with . _ and - characters.Location of APIThe API proxy routes requests from applications to the location of the API behind the API proxy. Developers do not see this information. Use a context variable to Route the API to Multiple Data Centers.API EULASelect an available End User License Agreement (EULA) to assign to this API. You can assign EULAs to APIs that are not already associated to an organization. Before Developers can get an API key for the API, they must agree to your EULA.Public DescriptionThe description appears in the API Explorer and in the Add/Edit Application wizards. Provide Developers with API information, such as its proxy URL and authentication requirements.Required:NoMaximum description length is 255 characters.Private DescriptionMaximum description length is 255 characters.API URIProvide theAPI Proxy URL, which is the public URI of the API on the API Proxy. This URI is part of the URL used by developers in their web/mobile applications to send requests to the API.
- If you have enabled Custom Fields, theCustom Fieldssection opens. Complete the custom fields values, and then clickSave & Next.ThePolicy Templatessection opens.
- Do the following, and then selectSave & Next:
(REST APIs only) TheSpec Authenticationsection opens.
- Select your desired policy templates from the drop-down menu.
- Expand on an added policy to set its parameters.
- Combine multiple policy templates. Ensure that you select them in the order that you want the API proxy to apply them.For more information about how to control API access with policy templates, see Policy Templates.
- Select theAuthentication typeand provide authentication details as needed. The selected authentication type is used in theSpectab of the details page when trying out the API. ClickSave & Next.
The API details are updated. Proceed with the following steps to set up management permissions, visibility permissions, and publish state.
Set Up API Management Permissions
Set up who has the permissions to edit and delete this API.
Follow these steps:
- After setting up the API details, policy templates, and spec authentication in the Add/Edit API wizard, theManagement Permissionssection opens. Alternatively, you can navigate to an existing API, and then clickActions > Edit Management Permissions.
- Select who can manage the API. You must specify a managing organization or at least one API Owner:
- Select the Managing Organization:Selecting a managing organization allows all users within that organization to edit this API. This only applies if the user has permissions to edit APIs.Only Publisher organization type is displayed here as a Consumer organization type cannot be a managing organization.Retain Visibility?If you change the managing organization of an API to a different organization, retain the visibility of the previous managing organization by clickingYesin theRetain Visibilitypop-up dialog if you intend to allow existing applications of the previous organization to be consumed.
- Select API Owner Permissions
If a Portal Admin or an API Owner added an API inAPI Management SaaSversion 4.4 and assigned an Org User to the user permission list:
- Open:Specify that anyone with API management permissions can edit this API.
- Restricted:Specify users with API management permissions to edit this API.
- After the upgrade toAPI Management SaaSversion 4.5, only the Portal Admin or the API Owner who belongs to the permissions list has access to manage this API.
- An Org User who was a part of the permissions list will gain or lose the API management permissions based on the number of organizations associated with this API. If there were multiple organizations assigned, the Org User will lose the API management permissions.
- SelectRestricted.A list of API Owners appears.
- Select the users that have permission to edit and delete the API.The selected users appear in the right columnSelected.
- ClickSave & Next.
The API management permissions are updated. The selected users can edit and delete the API. Proceed with the following steps to set up visibility permissions and publish state.
Set Up the API Visibility Permissions for Your Organizations
Follow these steps:
- After setting up management permissions in the Add/Edit API wizard, theVisibility Permissionssection opens. Alternatively, you can navigate to an existing API, and then clickActions,Edit Visibility Permissions.
- Choose the level of visibility of the API for your organizations:
- Public:The API is visible to all organizations. If you set the visibility toPublic, any API Owner added in the future will automatically see this API.
- Private:The API is visible only to you. If you are part of an organization, the organization can see the API as well. API Owners can still see this API regardless of the settings. Set up which organizations can see this API. If you are not part of an organization and creating a private API, then only API owners will be able to see it.APIs that you set the visibility toPrivateare not associated with an organization.
- Restricted:Specify which organizations can see this API. If you set the visibility toRestricted, existing API Owners can still see this API but you will need to add any new API Owners manually to that they can see this API.
- SelectRestricted.A list of available Organizations appear.
- Check the box next to each organization name for the organizations that have permission to see the API.The selected organizations appear in the right columnSelected.
The visibility permissions are updated. The selected organizations can see the API. Proceed with the following steps to set up publish state.
Set Up Publish State
Follow these steps:
- After setting up tags in the Add/Edit API wizard, thePublish Statesection opens. Alternatively, you can navigate to an existing API and clickActions,Edit API Details.
- In thePublish Statesection of the Add/Edit API wizard, select one of the following:
- Incomplete:The API is incomplete.
- Enable:The API can be added to applications and applications can consume them. The API will be published.
- Disable:The API cannot be added to applications. If an API is already added to an application and the state changes from enabled to disabled, the application cannot continue to consume the API.
- Deprecate:The API cannot be added to applications and deployed to proxies.
- Unpublished:This state is only available to Gateway-published APIs.
The publish state is set up for the API.