What is a Client?

The client is the consumer of the API. Typical API consumers are for example mobile or B2B applications. Optionally, policies can also be defined on a client.

Each client can consume multiple APIs within the API Management. Therefore, a contract is created between a client and the APIs it wishes to consume. Once the contract is created, the client can be registered with the runtime gateway. Policies and contracts can be added and removed at any time. However, after any changes are made, the client must be registered again.

API Contracts and API Keys

Only public APIs can be accessed by any consumer. The only way for a client to consume a private API is by using an API contract. An API contract is a link between a client and an API through a plan offered by that API.

API contracts can only be created between clients and published APIs which are offered through at least one plan. An API contract cannot be created between a client and a public API.

When an API contract is created, the system generates a unique API Key. This key is unique per client and the same for all contracts of this client. All requests made to the API by a client through the gateway must include this API Key. The API Key is used to create the runtime policy chain from the policies configured on the API, plan and client.