Skip to main content
Skip table of contents

Managing a Private API - Step by Step

This tutorial explains step by step how to create all necessary elements of API Management to be able to manage a private API. Private APIs are APIs that are only accessible for known consumers (clients).

All content in a lighter font color refers to the story of the tutorial.

Follow Our Example User Story

ACME Corp. uses Scheer PAS API Management to provide customers with access to the ACME APIs. For example, ACME Corp. is running the test service RESTAPI_Echo_Example which implements a very basic REST service that is perfect for testing. Now David Stringer of ACME Corp. wants to enable the developers of customer Spring Corp. to use this service. So David is going to setup private API access to the service RESTAPI_Echo_Example.

You are going to help him with that task.

During this tutorial you will build up the following: Organization STRINGER containing the PrivateEchoAPI, which will be consumed by client Spring Corp. via plan Gold which contains the Rate Limiting Policy.

data_model_organization_stringer.png

Please make sure that the name of the created elements such as organizations, APIs, clients etc. is unique. You can use your own name as pre- or suffix, e.g. PublicEchoAPI_David.

During this tutorial you will learn

  • how to create an organization

  • how to create a plan

  • how to import the API of an xUML service from the PAS Administration to API Management

  • how to create a client

  • how to add a contract

  • how to apply policies to plans and APIs

  • how to restrict the visibility of an API

  • how to test API access in API Management

  • how to consume a private API via the API Developer Portal

A Short Introduction to API Management Concepts

The main elements of API Management are grouped within an Organization, which is the "container" for all other elements such as Clients, Plans and APIs. APIs represent real backend APIs (Application Programming Interfaces). API Management provides a way to turn unmanaged (raw) back-end APIs into managed APIs by attaching policies to them.

Every managed API can be published as public API or private API:

Public APIs...

Private APIs...

  • ... reside in an organization.

  • ... can contain policy definitions.

  • ... are accessible to everyone.

data_model_api_management_public_api.png

  • ... reside in an organization.

  • ... can contain policy definitions.

  • ... can only consumed by a client via a contract and a plan.

  • Plans and clients can also contain policies.

data_model_api_management.png
  • Policies are rules or units of work applied when the API is accessed.

APIs are created within API Management. They are provided via the API Developer Portal from where consumers of the API have access to them.

data_model_api_devportal.png

For more information on the concepts of API Management, refer to The Concepts of API Management.

Prerequisites

The following elements must be present or installed in order to be able to go through the step-by-step tutorials:

  • You need an up-and-running installation of Scheer PAS and access to the components API Management and Administration.

  • The RESTAPI_Echo_Example must be deployed in the administration component. You can download the repository here to deploy it: RESTAPI_Echo_Example.rep

How to Deploy the Example

Deploy the service via the deployment wizard within the PAS Administration. To access the deployment wizard, open the Administration:

administration_tile.png

Your user needs the profile xuml_container_admin to use the deployment wizard and to manage xUML services in the Administration.

Use option + Service in the navigation bar to open the deployment wizard:

open_deployment_wizard.png

The wizard opens in a separate pop-up window. As soon as you have selected the .rep file of the service, the wizard guides you through the necessary steps to deploy the xUML service:

deployment_wizard.png

In step 2 of the deployment wizard, please adjust the service name so that it matches your user, e.g. restapi-echo-example-stringer.

Refer to Working With the Deployment Wizard in the Administration Guide for detailed step-by-step instructions.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.