Excerpts from Version 23.2

Oops, it seems that you need to place a table or a macro generating a table within the Table Filter macro.

Chapter	Name	Excerpt	Usage
APIs	info_open_api_documentation	Adding or removing policies does not enrich the Open API documentation. You need to adjust your documentation manually. For more information on REST documentation and how to add documentation to xUML services, refer to Bridge Guide > Documenting a REST Service.	API Settings Configuring an API
APIs	info_testing_apis	Testing of API configurations is only possible with REST APIs that are coming with an OpenAPI Specification.	Testing APIs Managing the Developer Portal Developer Access to APIs
APIs	setting_validity_api	This setting is valid for all versions of the API.	API Settings (multiple)
Clients	setting_validity_client	This setting is valid for all versions of the client.	Client Settings (multiple)
Developer Portal	access_documentation_and_definiton	You can also access the API Documentation and Download the API definition file here.	Managing the Developer Portal Developer Access to APIs
Developer Portal	api_documentation	Click API Documentation to access the Swagger UI where you can test the API (refer to Testing APIs for further information).	Developer Access to APIs
Developer Portal	confirm_delete	For security reasons, you need to confirm the deletion.	Unsubscribing from an API (2 x)
Developer Portal	display_open_api_definition	Displays the Open API definition (Swagger) and allows for making test calls if the API is available.	Using "My Clients" (2x)
Developer Portal	download_open_api_definition	Downloads the API definition file.	Using "My Clients" (2x)
Developer Portal	latest_api_version	If more than one version of the API is available, the latest version will be displayed on top. To see the details of earlier versions, expand the labels below the open details page.	Managing the Developer Portal Developer Access to APIs
Developer Portal	portal_copy_to_clipboard	Click Copy to copy the key to the clipboard.	Using "My Clients" (2x)
Developer Portal	sign_up_client_created	After a successful creation, your client is displayed in the box below. Click Next to continue.	Creating a Contract Subscribing to a Private API
Developer Portal	sign_up_create_client	Now follow the wizard through some simple steps: Create a new client: Enter the name of your client in field Search or create. Click Create.	Creating a Contract Subscribing to a Private API
Developer Portal	sign_up_multiple_organizations	If your user has permission to use or create clients in various organizations, a different view will be displayed: Field Organization is a drop-down and you can select the organization you want to create a new client in. Below, the list of available clients for your user is displayed and you can select one directly. If a client has more then one version, you can also select the client version from a drop-down list. Click Next to continue.	Creating a Contract Subscribing to a Private API
Developer Portal	sign_up_my_clients_tab	Tab My Clients displays an overview of your clients and their contracts. Your new client is displayed and labeled as Awaiting Approval. Refer to Handling Approval Requests for detailed information about the approval process in API Management.	Creating a Contract Subscribing to a Private API
Developer Portal	sign_up_request_approved	As soon as an administrator approved your request, you will get a notification. Now you can start using the API.	Creating a Contract Subscribing to a Private API
Developer Portal	sign_up_success	A success message is displayed in the Developer Portal. If approval is required for the API you subscribed to, you now have to wait for the approval. If approval is not necessary to use the API, you have now access to it. If you want to check your newly created client, switch to the My Clients tab.	Creating a Contract Subscribing to a Private API
Developer Portal	sign_up_summary	In step 2, the summary displays the API-related information. Click Confirm to send your request. API Key and Endpoint will be provided to you after your request is approved.	Creating a Contract Subscribing to a Private API
General	adding_versions	To create a new version, click New Version (refer to The Concepts of API Management > Versioning for detailed information).	Plan Settings
General	api_learn_more	Click Learn More on the API that you want to consume. This will open the API's details.	Creating a Contract Creating a Client
General	create_button	No matter where you are in the API Management, the Create button is always displayed at the bottom right and opens the creation menu.	Creating an Organization Creating a Plan Creating an API Creating a Client
General	creation_wizard	In the next step, you need to enter the following mandatory settings: Name: Enter a name. The name is not changeable after creation. Version: Enter a version number or name. You can enter numbers and text in field Version. Refer to The Concepts of API Management > Versioning for detailed information. You can then enter a description. The description is optional and can also be entered or changed later on the details page. Click Next to continue.	Creating a Plan Creating an API Creating a Client
General	enable_delete_button	Option Delete is only enabled if you activate the checkbox.	Deleting an API Deleting an Organization Deleting a Plan Deleting a Client
General	info_mail_notifications	The notifications can also be sent by by email. This feature must be enabled during the the setup of your Scheer PAS installation. Ask your Scheer PAS administrator for help.	Notifications Managing the Developer Portal
General	info_metrics	Refer to Metrics for detailed information about the available options.	API Settings Client Settings
General	info_rights_management	In API Management, a user can see all APIs for which he has explicit permissions (roles Viewer and Editor). The permissions are assigned in the corresponding organizations, refer to Administrating Organization Members > Applicable Roles. In addition, a user can be assigned the profile api_management_admin in the user management (refer to Administration Guide) which makes him a "superadmin" who can basically see and do everything in API Management (refer to Administration for details).	The Concepts of API Management API Settings
General	organization_preset	In that case, the organization is already set in the wizard.	Creating a Client Creating an API
General	plan_sign_up	In the Plans section, you find all available plans for the API and information on whether approval is required for a plan. Click Sign Up on the plan you want to register for.	Creating a Client Creating a Contract Subscribing to a Private API
General	successful_deletion	A toast message indicates successful deletion.	Deleting a Plan Deleting an API Deleting an Organization
General	tip_entity_deletion	Expert Advice Do not delete APIs, plans, or clients and recreate them if you want to change policies or settings. Instead: As concerns APIs and clients: Retire the old version, so it will not be callable anymore. Alternatively, skip this step if you want both versions - old and new - to be available. Create a new version of the element you want to change. Re-publish or re-register the API or client.	Deleting a Plan Deleting an API Deleting a Client
General	tip_infos_about_policies	Refer to chapter Policies for an overview of the standard policies supplied with Scheer PAS API Management. Page Attaching Policies explains how to attach and configure a policy.	Plan Settings API Settings Client Settings Configuring an API
General	tip_navigation	For detailed information about navigating and filtering the list refer to Working With the API Management.	Organizations
General	tip_visibility_concept	For detailed information about the visibility concept, refer to The Concepts of API Management.	API Settings (2x)
Organizations	organization_best_practices	Expert Advice We recommend the following best practices regarding organizations: Create organizations as fine-granular as possible, e.g. one organization for each logical group of APIs (purchase, order processing, billing). Use a separate, dedicated organization for testing or development. Do not test your API in an organization that holds productive data.	Organizations The Concepts of API Management
Plans	info_deleting_locked_plans	You cannot delete a locked plan. Locked plans are deleted only when the entire organization is deleted.	API Tutorial 2: Creating a Plan Plans
Plans	locked_plan_unchangeable	Once a plan is locked, it cannot be revised anymore. However, you can still create a new version of this plan.	Plans API Tutorial 2: Creating a Plan
Plans	setting_validity_plan	This setting is valid for all versions of the plan.	Plan Settings (multiple)
Policies	claim_availability	All standard claims, custom claims and ID token fields are available (case sensitive). A special value of access_token will forward the entire encoded token. Nested claims can be accessed by using the JavaScript dot syntax (e.g: address.country, address.formatted).	JWT KEYCLOAKOAUTH
Policies	cors_policy_chain_text	API Management sets the CORS headers in the following order: CORS headers from the CORS policy have the highest priority. If no CORS policy has been defined, CORS headers from the external API are used. For detailed explanations about Cross-Origin Resource Sharing (CORS) visit the official Mozilla documentation.	CORS
Policies	info_cors_list_input	Confirm each field input with Enter to create various list entries.	CORS (3x)
Policies	info_java_syntax	Regular expressions must be written in Java syntax.	CACHINGRESOURCES HEADERALLOWDENY
Policies	info_self_signed_certificates	Self-signed certificates are currently not supported.	JWT
Policies	info_stateful_request_payload	If you want to cache POST requests, you have to enable stateful request payload inspection in the settings of your API.	CACHINGRESOURCES (2x)
Policies	keycloak_tokens	With PAS 23.1.1, the Scheer PAS installation comes with the default Keycloak client api-management-oauth. Keycloak clients are entities that can request Keycloak to authenticate a user. In most cases, Keycloak clients are applications and services that want to use Keycloak to secure themselves and provide a single sign-on solution. However, clients can also be entities that just want to request identity information or an access token so that they can securely invoke other services on the network. If you use the Keycloak OAuth policy, we recommend to check against the default client api-management-oauth. Expert Advice If you need to create your own client in Keycloak, visit the official Keycloak documentation for further information.	Authentication With Keycloak OAuth KEYCLOAKOAUTH
Policies	keycloak_tokens_usage	You have to send the received token with each request as authorization header. If you use the PAS internal request UI (Swagger UI), the token is set automatically. Example: Example API Request curl --location 'https://scheer-acme.com/acme-test/gateway/test/hello-oauth/1.0' \ --header 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c'	Authentication With Keycloak OAuth KEYCLOAKOAUTH
Policies	note_allowlist_blocklist	An IP Blocklist policy overrides an IP Allowlist policy.	ALLOWLIST BLOCKLIST
Policies	note_enable_option	It is stongly recommended to enable this option.	JWT
Policies	policies_best_practices	Expert Advice We recommend the following best practices regarding policies: Give a thought or two on where to add your policy, because policies can be added to clients, plans and APIs, which has impact on the policy chain. On API level, you will typically use modification policies, such as URL Rewriting or API Key. On plan level, you will typically use limiting policies, such as Rate Limiting. This way, each plan will allow for a different amount of requests. On client level, you will typically apply authentication and authorization policies, such as BASIC Authentication or Authorization, or other security policies. Testing APIs or verifying concepts with policies is much simpler with public APIs.	Policies The Concepts of API Management
Policies	policies_table_handling	Click Add to create more rows in the table. Click Delete to remove selected rows.	ALLOWLIST BLOCKLIST IGNOREDRESSOURCES
Tips and Tricks	attaching_a_policy	A wizard supports you during policy configuration. Refer to Attaching Policies for a step-by-step guide.	Authentication With Keycloak OAuth Additional Authorization

Excerpts up to Version 23.1.1

Some API Management excerpts are saved within the documenation, see API Management excerpts managed directly in the documentation for an overview.

Oops, it seems that you need to place a table or a macro generating a table within the Table Filter macro.

Chapter	Name	Excerpt	Usage
Policies	api_behind_proxy	Please disable the TLS check if you are using Scheer PAS 21.1 or a newer version, because all PAS components are running behind a proxy server.	BASIC Authentication JWT Keycloak OAuth
Policies	api_blacklist_whitelist	An IP Blocklist policy overrides an IP Allowlist policy.	Policies IP Blocklist IP Allowlist
Terms & Definitions	api_contracts_and_keys	Only public APIs can be accessed by any consumer. The only way for a client to consume a private API is by using an API contract. An API contract is a link between a client and an API through a plan offered by that API. API contracts can only be created between clients and published APIs which are offered through at least one plan. An API contract cannot be created between a client and a public API. When an API contract is created, the system generates a unique API Key. This key is unique per client and the same for all contracts of this client. All requests made to the API by a client through the gateway must include this API Key. The API Key is used to create the runtime policy chain from the policies configured on the API, plan and client. You can forward the X-API-Key to the service using the API Key policy. However, you cannot define your own value for the X-API-Key, since the gateway uses the key to identify the clients.	Plans APIs Clients
General Notes, Infos, Tips	api_displayed_when_published	This tab is only visible for published APIs.	API Settings (twice) Metrics
General Notes, Infos, Tips	api_displayed_when_registered	This tab is only visible for registered clients.	Metrics Client Settings
Developer Portal	api_doc_and_definition	The API Documentation button and a button to download the API definition file are also available here.	Managing the Developer Portal Developer Access to APIs
Developer Portal	api_documentation_button	The API Documentation button grants access to the Swagger UI where the user can test the API (refer to Testing APIs for further information).	Managing the Developer Portal Developer Access to APIs
Policies	api_enable_option	It is strongly recommended to enable this option.	JWT
General Notes, Infos, Tips	api_link_to_policy_page	Refer to Policies for an overview of the standard policies supplied with Scheer PAS API Management. Refer to Assigning Policies for detailed explanations on how to configure a policy.	Plan Settings Client Settings
Policies	api_move_policies	The order of the policies is important. The order in which the policies appear in the user interface determines the order they will be applied at runtime. You can drag a policy up and down the list to change the order:	Plan Settings Client Settings
General Notes, Infos, Tips	api_my_all_hint	If you want to edit API Management elements, you need to access them via the My... menu items (refer to "My" API Management items).	Organization Settings Finding Organizations API Settings Finding APIs Client Settings
Clients	api_registered_client	Before the client is registered with the runtime gateway, it is not possible to make requests to backend APIs on behalf of that client.	Client Settings Registering a Client
General Notes, Infos, Tips	api_save_when_finished	Do not forget to click the Save button when you have finished.	API Settings (multiple)
Developer Portal	api_version_label	If more than one version of the API is available, the latest version will be displayed on top. To see the details of earlier versions, expand the labels below the open details page.	Managing the Developer Portal Developer Access to APIs
General Notes, Infos, Tips	api_version_number_note	You can enter numbers and text in the Version field which allows the use of version numbers (e.g. 1.0, 2.1 ...) as well as version descriptions (e.g. Gold, Super etc.).	The Concepts of API Management
APIs	api_visibility	Use the drop-down list to define which user group can browse the API and the corresponding plan. This affects the view in the API Management itself as well as in the API Developer Portal: Organization Members (default): All members of the organization. The PAS user must be listed in one of the Identity Management groups API-Management-Users, API-Management-Administrators or API-Management-Developer-Portal-Users. API Management Users: Any PAS user listed in Identity Management groups API-Management-Users or API-Management-Administrators. API Developer Portal Visitors: Any PAS user listed in Identity Management group API-Management-Developer-Portal-Users and any user who visits the API Developer Portal, whether logged in or not. For detailed information about the visibility concept, visit page The Concepts of API Management.	API Settings (twice)
General Notes, Infos, Tips	api_work_with_items	Click to add a new item to a list, click to show/hide the list of items.	CORS
Developer Portal	approver_confirmation	For security reasons, the approver needs to confirm his choice.	Answering Approval Requests (2 x)
Developer Portal	confirm_deletion	For security reasons, you need to confirm the deletion.	Unsubscribing from an API (2 x)
Developer Portal	copy_to_clipboard	Use icon to copy the key to the clipboard.	Using "My Clients" (2x)
Developer Portal	corresponding_message_in_portal	The user gets a corresponding notification in the API Developer Portal.	Answering Approval Requests (2 x)
Policies	cors_policy_chain	API Management sets the CORS headers in the following order: CORS headers from the CORS policy have the highest priority. If no CORS policy has been defined, CORS headers from the external API are used. For detailed explanations about Cross-Origin Resource Sharing (CORS) visit the official Mozilla documentation.	CORS
Terms & Definitions	definition_api	APIs in API Management represent real back-end APIs (Application Programming Interfaces). An API is also known as a service, meaning anything that can be invoked remotely by some sort of client. API Management provides a way to turn unmanaged (raw) back-end APIs into managed APIs by attaching policies to them. Every managed API can be published as Public API or Private API or both: Public APIs are available to consumers without a key. Only policies defined on the API apply to public APIs. Private APIs are only accessible for known consumers, called clients. Every client has an individual key to access the API. Policies defined on the client, the selected plan in the contract and the API apply. In API Management, users can create new APIs manually or easily import them from the API Catalog.	The Concepts of API Management
Terms & Definitions	definition_client	The client is the consumer of the API: The client consumes managed APIs offered through API Management. Each client can consume multiple APIs within API Management. The relation between client and API is defined via a contract and a plan. As with an API or a plan, you can also add policies to a client. When creating a contract, an API-Key to invoke the API will be assigned.	The Concepts of API Management
Terms & Definitions	definition_contract	A contract relates a client to an API, using a plan.	The Concepts of API Management
Terms & Definitions	definition_organization	Almost everything in the API Management data model exists in the context of an organization: An organization is a logical unit within API Management. This can be a company, department, etc. An organization is a container of other elements: plans, APIs, and clients are defined per organization. Every user must be associated with at least one organization to be able to manage elements in the application. API Management implements role-based access control for users. You can give organization members different roles to restrict the actions he is able to perform and the elements he can manage within the organization. Membership for each organization can be easily managed in the Organization tab.	The Concepts of API Management
Terms & Definitions	definition_plan	A plan is a set of policies that defines the level of service API Management provides for an API. Plans enable users to define multiple different levels of service for their APIs. Plans specify the contract between a client and an API. It is common to define multiple plans with divergent configuration options for the same API. Example: An organization offers two plans for the same API: Plan A is more expensive than plan B, but it offers a higher level of API requests in a given (and configurable) period of time.	The Concepts of API Management
Terms & Definitions	definition_policy	Policies are at the lowest level of the data model, but they are the most important concept: A policy is a rule or a set of rules API Management uses to manage access to your APIs. Policies are applied to all API requests and represent a unit of work applied at runtime to the request by API Management. You can define a policy chain, a defined order in which the policies will be applied to API requests.	The Concepts of API Management
Developer Portal	description_api_definition_download	Downloads the API definition file.	Using "My Clients" (2x)
Developer Portal	description_api_documentation	Displays the Open API definition (Swagger) and allows for making test calls if the API is available.	Using "My Clients" (2x)
Developer Portal	details_page_public	On the details page of a Public API, users can find further information about the API such as an extended description and the public endpoint.	Managing the Developer Portal Developer Access to APIs
Notifications	info_enable_mail_notifications	The notifications can also be sent by by email. This feature must be enabled during the the setup of your Scheer PAS installation. Ask your Scheer PAS administrator for help.	Notifications The API Management User Interface Managing the Developer Portal
Plans	locked_plans	Once a plan is locked, it cannot be revised anymore. However, you can still create a new version of this plan.	Plans
Administration	manage_users	API Management uses the Identity Management to manage its users. This tool can manage users for multiple applications. Data for each application is stored in so called "realms": Users of Identity Management itself are stored to realm Master. Users of API Management and Log Analyzer are stored to realm Apiman. Thus, you need to have to separate admin accounts: one for Identity Management, and one for API Management.	Managing Users and Permissions
Plans	note_on_plan_usage	Only locked plans can be used by APIs in the organization. Refer to Locking a Plan for more information.	Plan Settings Securing Designer Services via API Management
General Notes, Infos, Tips	note_read_confirmation_dialog	Please read the confirmation dialog carefully.	Deleting an Organization Deleting a Plan Deleting an API Deleting a Client
Policies	note_require_true	Make sure that this option is true if you want to use this policy for authentication.	Keycloak OAuth JWT BASIC Authentication
Policies	proxy_x_real	In the default setup the gateway runs behind a proxy. In the default scenario there is no need to add the header X-Real-IP in the custom header field IP Address HTTP Header.	IP Blocklist IP Allowlist
Support	support_overview	First of all you can consult our complete technical documentation. The documentation is divided into several guides: an API Management User's Guide You can search this documentation using the search box on the left, in top of the content tree. Installation Guides for all modules If you can't solve your problem with help of the documentation, you can file a ticket to our support team at support@scheer-pas.com. All mails to our support mailbox will open a ticket in our service desk. Optionally, you may use our service desk portal. There, you can manage your tickets and raise new support requests. Using the portal requires you to register your email address, which will not take much time. To help you with your problem, our Support team needs some information on your software and environment. Please refer to Information to Include in a Support Request for more details on this.	Troubleshooting
Policies	swagger_definition_changes	Adding or removing policies does not enrich the Open API documentation. You need to adjust your documentation manually.	Assigning Policies API Management Best Practices
Clients	swagger_ui	For more information about the functions of the Swagger UI, go to the Swagger homepage.	Testing APIs
Administration	test_gateway_nok	If the configuration is invalid, an error message will be shown including further information about the error itself:	Managing Gateways
Administration	test_gateway_ok	If the gateway configuration is correct, you will get a success message:	Managing Gateways
APIs	testing_api_with_swagger	Testing of API configurations is only possible with REST APIs that are coming with an OpenAPI Specification.	Testing APIs Managing the Developer Portal
Metrics	tipp_elaborated_metrics	PAS 22.1 For more elaborated metrics, have a look at the Log Analyzer which offers a default dashboard visualizing API Management insights.	Metrics (2x)
General Notes, Infos, Tips	use_breadcrump	Use the breadcrumb menu at the top of the page for guidance.	Notifications (twice)
Organizations	version_note_api_org_creation	From PAS 22.1 all API Management users can create new organizations. In earlier versions, only users with role Administrator had been able to create organizations.	Creating an Organization

API Management excerpts managed directly in the documentation

Chapter	Excerpt Name	Page of the Original	(Re-)Usage
Administration	data_export	API Management Backup and Restore
Administration	backup	API Management Backup and Restore
Administration	data_import	API Management Backup and Restore
Administration	restore	API Management Backup and Restore
Administration	keycloak_login	Managing Users and Permissions	Managing Users and Permissions (twice)
Policies	policy_overview_table	Policies	Policy Configuration
Policies	info_post_requests	Caching Resources	Caching Resources (twice)
Metrics	api_metrics	Metrics	API Settings
Metrics	client_metrics	Metrics	Client Settings
Some Common API Management Use Cases	page_content	Securing Designer Services via API Management	Academy: Exposing Designer Services via API Management

Page tree

_api_excerpts

Excerpts from Version 23.2

Excerpts up to Version 23.1.1

API Management excerpts managed directly in the documentation