API Settings
To view all APIs your user is allowed to see, go to tab My APIs in the navigation bar. The APIs are listed by organizations.
For detailed information about navigating and filtering the list refer to Working With the API Management.
You can also view the list of existing APIs for an organization by navigating to the APIs tab of the organization's details page. Click on an API tile to open the API's details page. Use the details page to modify the configuration:
Basic Settings
The Overview tab displays the most important information about an API and also offers various functionalities:
UI Element | Name | Description |
---|---|---|
Basic Settings (available in all tabs) | ||
(1) | Image | Click the API logo to upload your own image for this API. The image will be displayed in the API tile in API Management as well as in the API Developer Portal. This setting is valid for all versions of the API. |
(2) | Name / Description |
This setting is valid for all versions of the API. |
(3) | Version | In this field, the current version of the API is displayed. Use the drop-down to switch between versions.To create a new version, click New Version (refer to The Concepts of API Management for detailed information). |
(4) | Delete | Click Delete to remove the API. You will need to confirm the deletion in a separate pop-up window.This setting is valid for all versions of the API. |
(5) | Status | In this field, the current status of the API is displayed. Use the drop-down to change the status. An API can have the following states: |
(6) | Navigation Bar | Use the navigation bar to access the various tabs of the API's details page (details of all tabs API Details). |
Overview Tab Settings (available only in tab Overview) | ||
(7) | API Endpoint | Displays the endpoint of this API in read-only mode. Use option Copy to clipcoard to copy the endpoint. Use option Try! to open the test UI for this API (refer to API Details for more information). |
(8) | Attached Policies | Displays a read-only overview on all policies assigned to this API. You can click on the name of a policy. This opens tab Policies where you can adapt the policies of this API. |
(9) | API Type | This section displays the API type and associated settings:
Click on the type labels to open tab Settings where you can adapt the API's implementation. |
(10) | Useful Information | The displayed labels show some additional information about the API. The labels are interactive: Click on an entry to switch to the corresponding tab.
|
API Details
In the navigation bar of the details page, you will find several tabs where you can manage the various settings of the API. Refer to Configuring an API for more information about the necessary configuration steps.
Settings
Open tab Settings to provide the details about the backend API implementation:
The following settings are available in this tab:
UI Element | Name | Description | |
---|---|---|---|
(1) | Implementation | The URL that the API Management will use to proxy a request made for this API. | |
(2) | API Developer Portal | Enable option Feature this API if you want to display the API on the landing page of the API Developer Portal. This setting is valid for all versions of the API. | |
(3) | Advanced Settings | Expand this section to display advanced options. | |
API Type | Choose between the options REST, SOAP and UI. | ||
API Content Type | You can select JSON or XML. This information is primarily used to respond with a policy failure or error in the appropriate format. | ||
Gateway | Use the drop-down list to switch between different gateways. Only one gateway is supported in the current version of API Management. | ||
API Security | Choose between the options None, Basic Auth and MTLS/Two-Way-SSL. Please note that BASIC Authentication is not ideal. It is especially insecure if not using SSL/HTTPS to connect to the backend API. Endpoint Level Security Policy security alone does not secure an API’s unmanaged endpoint. Endpoint security also secures the APIs from attempts to bypass the gateway. Scheer PAS API Management supports two endpoint security options: Basic Auth and MTLS (Two-Way-SSL). With Mutual TLS, a two-way trust pattern is created. The gateway trusts the APIs and the APIs trust the gateway. The APIs, however, do not trust the clients. The use of enpoint security prevents that a client can bypass the gateway and access the APIs directly. The endpoint level of security applies to all requests made to the APIs, regardless of the policies configured. | ||
Enable Stateful Request Payload Inspection | If this feature is enabled, the gateway will parse the request body into an object prior to applying the policies. This allows policies to make decisions based on the content of the request payload. | ||
Disable Request Key Stripping | If this feature is enabled, the gateway will not strip the X-API-KEY and apikey query parameter from the request. This allows the gateway to send the keys to the backend endpoint (see also API Key policy). | ||
(4) | API Type |
Refer to Configuring an API for details. | |
(5) | Plan and Visibility Management |
Refer to Configuring an API for details. |
Documentation
In the Documentation tab you can manage the API definition and the description of the API.
API Definition
An API definition file allows consumers to better understand how to use your API. If you want to test your API directly from API Management, it is necessary to have an API definition. If you have imported the API from the PAS Administration, the API definition is populated automatically. Alternatively, you can load a definition from a URL, or upload a definition file. Refer to Configuring an API for details.
The OpenAPI definition is adapted, when the API is published:
The API's name, version number and markdown description are taken over in the code displayed in the definition editor.
Adding or removing policies enriches the OpenAPI definition.
(This also applies to the whole policy chain, even if the definition editor in the API details will only show API-related policy code.)
The following options are available in the API Definiton tab:
UI Element | Setting | Description |
---|---|---|
(1) | Download OpenAPI | This button offers three options once an API definition has been provided:
|
(2) | Update URL | This button offers two options:
|
(3) | Definition Validity | The label indicates whether the content of the OpenAPI definition is valid or not. The validity label is only displayed when option is Show Definition Editor enabled. |
(4) | Show Definition Editor | Enable this option to display the definition editor. The editor contains the OpenAPI definition. The definition editor allows you to adapt some content of the displayed definition, but changes on the policy logic will be overwritten during reload of the editor or publication of the API: Please note that the autosave in the editor is not triggered after the upload of an invalid file. |
(5) | OpenAPI Definition | In this section, the definition is displayed in a formatted, read-only version. |
Markdown Description
In tab Markdown Description you can provide a description of your API to help developers understand how to use your API. To enable others to easily use your APIs, it is important to provide them with extensive API documentation. You can provide your description by either using the markdown or a text editor. The entered content is automatically saved and included in the OpenAPI definition, refer to API Definition):
Policies
The Policies tab allows you to manage the policies that should be applied whenever a request is made to this API:
The order of the policies is important: The order in which the policies appear in the user interface determines the order they will be applied at runtime (refer to Policies > Policy Chain for details).
Option | Icon | Description |
---|---|---|
Add | To add another policy to this API, click one of the Plus buttons. | |
Reorder | Drag the policy and drop it on the desired new place in the hierarchy. | |
Edit | If you want to adapt an attached policy, click Edit to open the policy configuration. | |
Reorder | If you want to delete a policy from this API, click Delete. |
Refer to chapter Policies for an overview of the standard policies supplied with Scheer PAS API Management. Page Attaching Policies explains how to attach and configure a policy.
Contracts
Use tab Contracts to display a list of all contracts between all clients and this API. The list shows all clients that can consume this API and also clients that are waiting for their request to be approved (refer to Handling Approval Requests for details):
Metrics
Navigate to tab Metrics in the APIs section of API Management to display basic metric information about the API. Once an API has been used, you can use the Metrics tab to view basic analytics information and to figure out, how often the API has been used and when.
Refer to Metrics for detailed information about the available options.
Change Log
Navigate to the Change Log tab if you want to see an overview of changes made for this API. All configuration changes made by API Management users associated with this API are listed here:
Related Documentation: