CA Live API Creator
 provides declarative definition of the following services:
  • API.
     Create the default API by connecting to your database: GET, POST, PUT, and DELETE for each table, including GET/POST access to each view and stored procedure. You can create nested document resources or endpoints.
  • Integration.
     Resources can combine data from multiple sources (SQL, Mongo, and RESTful), including updates between them.
  • Security.
     Enforces endpoint access and row/column security.
  • Logic.
     Enforces database integrity on updates, with a combination of spreadsheet-like rules and server-side JavaScript. Rules automate multi-table chaining and SQL handling. Therefore, rules are 40X more concise than conventional code.
The following image shows the architecture of 
CA Live API Creator
Specify your settings in API Creator. Activation is instantaneous. In API Creator, there is no code generation or deployment. In addition to RESTful APIs, you can access your data and admin data using the command-line interfaces (CLIs). Test your API and perform back-office database maintenance using Data Explorer, a component that 
CA Live API Creator
 creates from the schema.
In this article:
Admin Database
CA Live API Creator
 stores your data source connections, resource definitions, logic, and security settings in API Server's admin database. You can export admin contents into a file for maintenance in a source control system (SCS).
You can access and manage the admin data that is stored in the admin database by way of the CA Live API Creator Admin project API (Admin API).
Declarative Services: Retrieval, Update Logic, Data Security
Customize your API, integrate more data sources, and specify your logic and security policy using the following declarative services:
  • Retrieval.
    CA Live API Creator
     provides RESTful listeners, SQL processing, and JSON request/response processing for all endpoints.
  • Update-logic execution.
    CA Live API Creator
     enforces your logic on all PUT, POST, and DELETE requests. This enforcement applies to updates, to the resources you explicitly define in API Creator, and to tables.
  • Data-security enforcement.
    CA Live API Creator
     controls row/column retrieval and on updates by applying role permissions on GET.
JavaScript Extension Points
You can call legacy logic, and other packages, using the following JavaScript extension points:
  • Events.
     Use events for requests, GET operations (for example, call an external service, or an application server), and PUT/POST/DELETE operations. Event rules are server-side JavaScript-code business logic based on the JavaScript object model that API Creator builds.
  • Rules
    . Specify by filling out forms and providing JavaScript functions. You can extend system automation for update and retrieval logic with procedural code using server-side JavaScript code. The JavaScript extension points are the basis of the extensibility services.
For more information about the differences between rules and events, see Event Rule Types.
CA Live API Creator
 provides transparency with debugging services, including a log of all logic/database operations and a REST Lab so you can test your APIs without having to write a test program. You can test your logic using Data Explorer.
 For more information about the debugging services, see Debug.
Team Development
Multiple Developers can create APIs and logic concurrently. You can import/export your API into a JSON file, which you can manage with existing tools for diffs, SCS, etc.
For more information:
Change Management
You can protect client applications from changes in logic, security, and the database using custom resources.
For more information about change management, see Change Management.
Lifecycle Management
You can access the admin database using REST APIs. You can script the API-to-API-server deployment from SCS artifacts. For example, you can save development artifacts into an SCS and export admin contents into a file for maintenance. You can script the creation of APIs into API Server into a production system using the Admin CLI.
For more information about lifecycle management, see Import and Export APIs.
Documentation services include:
  • API documentation, by way of Swagger.
    For more information about Swagger API documentation, see API Docs.
  • System documentation, by way of URLs that you can associate with your API and view in API Creator.
    For more information about how to specify URLs for documentation, see API Properties.
  • Logic documentation, by way of topics that trace requirements to the rules that implement them.
    For more information about topics, see Manage Topics.
CA Live API Creator
 is delivered as a web application ARchive (WAR) file. It runs within the Java Virtual Machine (JVM) and you can install it in a standard WAR container. Authorized clients or servers can call into 
CA Live API Creator
 by way of REST. In addition to typical web/mobile apps, this might include cron jobs, application servers built with familiar frameworks, other systems in your organization, partners, and ESB systems.
You can deploy 
CA Live API Creator
 into standard containers (Apache Tomcat, Jetty, application servers). You can load-balance the servers using standard technology. API definitions do not result in code generation. Deployment of a running system (for example, deploying a test system into production) requires an admin database update (the API Creator WAR is not changed). You do this by exporting an API to a JSON file and then import it into API Creator. You can export an API by way of the Admin API or you can use the Admin API in your scripts for managing the import and export process. 
For more information about how to script the import/export procedure, including how to export and import APIs, see Import and Export APIs.
Architectural Fit
CA Live API Creator
 fits into an enterprise architecture:
  • Web/Mobile Apps
    API Servers figure significantly in application development, ranging from basic connectivity, to object generation, to partitioning. You can get meaningfully improved re-use and reduced development time using the services for client app development.
  • Databases
    Access cloud/on-premises SQL databases by way of JDBC. Their tables, views, and stored procedures are valid endpoints, per security settings. Updates are subject to database logic, such as triggers. Invoke stored procedures directly using JavaScript events.
  • Existing Systems
    API Server connects well to existing databases for retrieval, with the following caveat. Some systems define new columns without schema changes by storing data as Binary Large Objects (BLOBs), for example, XML or JSON data. This practice hides the columns to SQL, to other software such as business intelligence, and to API Creator.
    For updates, API Server, like any RESTful server, operates in a standard three-tiered architecture. API Server is analogous to an application server, which is accessed by way of RESTful APIs rather than technology-specific access such as J2EE. Like application servers, this architecture can provide services for:
    • Integration. Your API can integrate data from multiple databases and can send/receive messages from other systems.
      For more information about viewing an example of integration, see the Business to Business Example.
    • Scalability. You can scale multiple API servers under a load balancer for increased response and failover.
    • Logic and security. API servers provide a modern approach to enforcing logic, instead of (for example) proprietary triggers.
    Like application servers, you need to be aware of applications that access the data directly without going through the APIs. Direct-data access does not enforce the logic and security that API Creator defines. Conversely, if you have existing systems that already enforce your logic, you must work within that context using API Creator.
    The following scenarios are included:
    • Read Only. In the simplest case, update logic is not an issue if you are only reading data.
    • Update considerations. The following scenarios are common for update:
      • Triggers. If you are using database triggers, triggers fire as API Server issues SQL updates.
      • Stored procedures. You can invoke store procedures from JavaScript (for example, from Table Events), using the connection made available by API Server.
      • External logic. Logic is sometimes externalized in application servers (for example, as or bound into an object-access layer). Depending on how you architect them, they can be easy or difficult to call (for example, consider transaction boundaries).
      • Screen logic. Often, external logic is bound into screen logic (for example, controllers that are attached to buttons). External logic is the 'fat client' ant-pattern, because this logic is typically not available outside the screen. We recommend that you migrate the screen logic to a shared server such as 
        CA Live API Creator
    You can create sub-systems (manage new data that interact with existing data) and integrate systems through RESTful message exchange using 
    CA Live API Creator
    To view an example, see the Business to Business Example.
  • Application Server
    JavaScript extensions are useful in integrating existing systems and logic, such as application servers. For example, you might use row events to acquire data from application servers or data integration servers.
  • Third-party Authentication Providers
    CA Live API Creator
     provides authentication for development. Production systems typically use existing corporate identity providers–such as Lightweight Directory Access Protocol (LDAP), Active Directory (AD), or OAuth–by delegating authentication. 
    CA Live API Creator
     injects authorization at the row/column level into SQL that is sent to the database, where 
    CA Live API Creator
     can properly optimize authorization.
    For more information about authentication, see Authentication.
  • API Management
    API Server is a standard REST API. You can insert API management systems (they operate as Gateways) for monitoring and denial of service attack protection.
  • MBaaS/PaaS Services
    CA Live API Creator
     can be an important component to your Mobile backend as a Service (MBaaS), providing transaction processing automation to complement technologies, such as push or security/social integration.
    For more information about the 
    Create Application Backends
     use case, see API Creator Overview.
  • Rules Engine
    CA Live API Creator
     logic is complementary to other automation services, such as a rules engine for decisions and workflow.
  • Enterprise Service Bus
    Service orchestration platforms (also known as integration Platform as a Service (iPaaS), such as MuleSoft), can provide enterprise integration by assisting in building an enterprise service bus that integrates several existing underlying REST services. 
    CA Live API Creator
     plays a complementary role by enabling you to build (and integrate) services that do not already exist. These REST services run beside existing manually-coded database services and non-transactional services that deal with more content-oriented information.
You can customize and shape your API by explicitly defining RESTful endpoints, or resources, using API Creator, by adding custom endpoints, or by creating functions.
For more information:
Expose Tables and Stored Procedures as Resource Endpoints
You can can expose your tables, views, and stored procedures as resources, or resource endpoints. Resources are available instantly. There is no restart, code generation, deploy, or configuration. After you have exposed the tables and stored procedures, you can begin browsing your API and start application development. You can control API user access to this data by setting permissions.
For more information:
Access Resources with a RESTful API
You can access your resource endpoints by way of a RESTful API. This makes your data available from virtually any client, in particularly mobile clients and cloud-based access.
For more information:
Enterprise-class Services
CA Live API Creator
 automates the REST interfaces, the data access, and the security/business logic for transactional applications. While the automation is wide in scope, it fits into an enterprise architecture.
CA Live API Creator
 provides the following services for enterprise-class use:
Coalesced Retrieval Strategy
CA Live API Creator
 processes retrieval a level at a time, retrieving 
 rows per request. It retrieves subresource rows in the same request, with optimizations for multi-database resources. It retrieves all the subresource rows in one query.
For example, you have a 
 of ten, retrieving customers and their orders. On the first request, 
CA Live API Creator
 does the following:
  1. Retrieves the first ten customers.
  2. Extracts the ten customer keys and performs a query for orders with a where clause for the ten customers ("cust-1 or cust-2, ...') using these keys. The query also includes relevant security filters.
  3. Distributes the orders to the proper customer in the preparation of the JSON response.
This processing avoids ten orders queries and performs well in multi-database configurations where a customer-join-order is not feasible.
 You can control the chunk size on a per-request basis. For example, you can emit the simple SQL for debugging and testing by setting the chunk size to one (1).
For more information about how to control chunk size, see API Properties.
Your security specifications are defined for base tables and are applied automatically to all resources defined over that table. You can specify the security properties after you define your resource.
For more information about how to define your security definitions, see Security.
Large result sets can cripple performance, both on the client and the server. You can retrieve more data using the URI that 
CA Live API Creator
CA Live API Creator
 supports pagination at any subresource level. For example, a query of Customers and Orders can provide pagination for many customers and many orders for each of the customers.
For more information about pagination, see Performance.
JSON Refresh Information
A key benefit of logic is automated multi-table derivations. For example, saving an order might update the customer's balance. This related data might be required to be on the user's screen. Good user interface (UI) design dictates these effects be shown to the end user. 
CA Live API Creator
 returns JSON-refresh information for all updated data per logic execution, so that clients can merge these updates into the screen. This returned information can improve performance because the client does not need to show derivation results by re-retrieving data.
Per REST requirements and industry best practice, all processing is stateless. 
CA Live API Creator
 scales horizontally. 
CA Live API Creator
 provides services that address enterprise-class performance, such as minimizing network latency, through RESTful server operation, to database management system (DBMS) optimization.
For more information about the services that address performance, see Performance.