Versions Compared

Old Version 29

changes.mady.by.user Kirstin Seidel-Gebert

Saved on

compared with

New Version Current

changes.mady.by.user Annegret Bernhardt

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Excerpts from Version 23.2

Table Filter
trueGroup,Nametrue
hideControlsfixedCols
totalrowinversefalse,,,
hidelabelsfalse
ddSeparator
sparkNameSparklinecolumn
hidePaneFiltration panel
customNoTableMsgText
limitHeight
sortGroup ⇧,Name ⇧
separatorPoint (.)
labels‚‚
sparklinefalse
default,,
isFirstTimeEntertrue
cell-width250,250,250
datepatternhideColumnsdd M yyfalse
globalFiltertotalRowName
totalColName
idcustomNoTableMsg1550843185735_1800880779
worklog5|8|w d h m|w d h m
isORAND
order0,1,2
GroupNameExcerpt
Administrationmanage_users
Multiexcerpt
MultiExcerptNamemanage_users

API Management uses the Keycloak application to manage its users.Keycloak is an identity and access management software that can manage users for multiple applications. Data for each application is stored in so called "realms":

  • Users of Keycloak itself are stored to realm Master.
  • Users of API Management and Kibana are stored to realm Apiman.

Thus, you need to have to separate admin accounts: one for Keycloak, and one for API Management.

Administrationtest_gateway_nok
Multiexcerpt
MultiExcerptNametest_gateway_nok
If the configuration is invalid, an error message will be shown including further information about the error itself:

Image Removed

Administrationtest_gateway_ok
Multiexcerpt
MultiExcerptNametest_gateway_ok
If the gateway configuration is correct, you will get a success message:

Image Removed

APIsprivate_api_testcode
Multiexcerpt
MultiExcerptNameprivate_api_testcode
Code Block
languageyml
titleExample in swagger.yaml
linenumberstrue
basePath: /yourOrganizationNameHere/yourApiNameHere/theApiVersionNumberHere
host: yourHostNameHere:portNumberHere
schemes:
- http (or https)

security:
- X-API-Key: []
securityDefinitions:
  X-API-Key:
    description: Authenticate using pre-acquired API key
    in: header
    name: X-API-Key
    type: apiKey
Note

Note: Depending on the used policies, further entries in the YAML or JSON file may be necessary.

APIspublic_api_testcode
Multiexcerpt
MultiExcerptNamepublic_api_testcode
Code Block
languageyml
titleExample in swagger.yaml
linenumberstrue
basePath: /yourOrganizationNameHere/yourApiNameHere/theApiVersionNumberHere
host: yourHostNameHere:portNumberHere
Tip

You can copy the basePath and host in the APIs tab Endpoint or in the Client's tab APIs (use icon Image Removed in column Endpoint).

Clientsapi_registered_client
Multiexcerpt
MultiExcerptNameapi_registered_client
Note

Until the client is registered with the runtime gateway, it is not possible to make requests to backend APIs on behalf of that client.

Clientsswagger_ui
Multiexcerpt
MultiExcerptNameswagger_ui
Tip

For more information about the functions of the Swagger UI visit the Swagger homepage.

General Notes, Infos, Tipsapi_displayed_when_published
Multiexcerpt
MultiExcerptNameapi_displayed_when_published
Info

This tab is only visible for published APIs.

General Notes, Infos, Tipsapi_displayed_when_registered
Multiexcerpt
MultiExcerptNameapi_displayed_when_registered
Info

This tab is only visible for registered clients.

General Notes, Infos, Tipsapi_link_to_policy_page
Multiexcerpt
MultiExcerptNameapi_link_to_policy_page
Tip

On page Policies you can find an overview of the standard policies supplied with Scheer PAS API Management. Page Assigning Policies shows how to configure a policy.

General Notes, Infos, Tipsapi_save_when_finished
Multiexcerpt
MultiExcerptNameapi_save_when_finished

Do not forget to click the Save button when you have finished.

General Notes, Infos, Tipsapi_version_number_note
Multiexcerpt
MultiExcerptNameapi_version_number_note
Info

You can enter numbers and text in the Version field which allows the use of version numbers (e.g. 1.0, 2.1 ...) as well as version descriptions (e.g. Gold, Super etc.).

General Notes, Infos, Tipsapi_work_with_items
Multiexcerpt
MultiExcerptNameapi_work_with_items

Click Image Removed to add a new item to a list, click Image Removed to show/hide the list of items.

General Notes, Infos, Tips

note_read_confirmation_dialog

Multiexcerpt
MultiExcerptNamenote_read_confirmation_dialog
Note

Please read the confirmation dialog carefully.

Installationload_docker_images
Multiexcerpt
MultiExcerptNameload_docker_images
Code Block
docker image load -i api-mgmt-gateway-<VERSION>.tar
Code Block
docker image load -i api-mgmt-ui-<VERSION>.tar
Code Block
docker image load -i api-mgmt-keycloak-<VERSION>.tar
Installationprerequisites
Multiexcerpt
MultiExcerptNameprerequisites

Scheer PAS API Management uses Docker to run the software.

  • The Docker Community Editon (CE) is sufficient to run API Management. The provided Docker containers for API Management are Linux containers.
  • As Docker host, Linux or Windows are supported.
  • The Docker tool docker-compose must be installed.
Installationstart_all_containers
Multiexcerpt
MultiExcerptNamestart_all_containers

Start all containers by running the following command from api-mgmt/single-host-setup (folder that contains the file docker-compose.yml):

Code Block
docker-compose up ui gateway

To run the containers in the background use:

Code Block
docker-compose up -d ui gateway
Kibanakibana
Multiexcerpt
MultiExcerptNamekibana

Kibana is an open source analytics and visualization tool designed to work with Elasticsearch. With Kibana you can search, view, and interact with data stored in Elasticsearch indices. You can perform advanced data analysis and visualize your data in a variety of charts, tables, and maps.
For detailed information on Kibana, its features and how to use them, refer to the Kibana User Guide.

Organizations

api_org_creation
Multiexcerpt
MultiExcerptNameapi_org_creation
Note

Only users with role Administrator are allowed to create new organizations.

Planslocked_plans
Multiexcerpt
MultiExcerptNamelocked_plans
Note

Once a plan is locked, it cannot be revised. However, you can still create a new version of this plan.

Policiesapi_blacklist_whitelist
Multiexcerpt
MultiExcerptNameapi_blacklist_whitelist
Note

An IP Blacklist policy overrides an IP Whitelist policy in the same plan.

Policiesapi_enable_option
Multiexcerpt
MultiExcerptNameapi_enable_option
Note

It is strongly recommended to enable this option.

Policiesapi_move_policies
Multiexcerpt
MultiExcerptNameapi_move_policies
The order of the policies is important. The order in which the policies appear in the user interface determines the order they will be applied at runtime. You can drag a policy up and down the list to change the order:
Policiesapi_no_ipv6
Multiexcerpt
MultiExcerptNameapi_no_ipv6
Note

The use of IPv6 is neither possible in the blacklist nor in the whitelist policy.

Policiescors_policy_chain
Multiexcerpt
MultiExcerptNamecors_policy_chain

API Management sets the CORS headers in the following order:

  1. CORS headers from the CORS policy have the highest priority.
  2. Then, if no CORS policy has been defined, CORS headers from the API are used.
  3. Then, if 1 and 2 are not the case, special headers for the integrated Swagger UI are used.
Step by Step Guidesapi_definition_details
Multiexcerpt
MultiExcerptNameapi_definition_details
Tip

Detailed information about the necessary settings in the definition file can be found on page Managing APIs > Definition.

Step by Step Guides

goto_chapter_apis

Multiexcerpt
MultiExcerptNamegoto_chapter_apis
Tip

Visit chapter APIs to learn more about the details of an API and its configuration options.

Step by Step Guides

goto_chapter_organizations

Multiexcerpt
MultiExcerptNamegoto_chapter_organizations
Tip

Visit chapter Organizations to learn more about the details of an organization and its configuration options.

Step by Step Guides

step_by_step_policies

Multiexcerpt
MultiExcerptNamestep_by_step_policies
Tip

On page Policies you can find an overview of all policies provided in API Management. Furthermore, for each policy a separate page is available explaining its configuration options.

Supportsupport_overview
Multiexcerpt
MultiExcerptNamesupport_overview
  1. First of all you can consult our complete technical documentation.
    The documentation is divided into several guides:
  2. If you can't solve your problem with help of the documentation, you can have a look into our Forum at http://forum.e2ebridge.com.
    Maybe, someone had a similar problem. Otherwise, you are invited to post a question there. API Management developers or fellow users will help you.

  3. Last but not least, you can file a ticket to our support team at support@e2ebridge.com.
    All mails to our support mailbox will open a ticket in our service desk.
    Optionally, you may use our service desk portal. There, you can manage your tickets and raise new support requests. Using the portal requires you to register your email address, which will not take much time.

    To help you with your problem, our Support team needs some information on your software and environment. Please refer to What Information to Include into a Support Request for more details on this.

Terms & Definitionsapi_contracts_and_keys
Multiexcerpt
MultiExcerptNameapi_contracts_and_keys

API Contracts and API Keys

Only public APIs can be accessed by any consumer. The only way for a client to consume a private API is by using an API contract. An API contract is a link between a client and an API through a plan offered by that API.

API contracts can only be created between clients and published APIs which are offered through at least one plan. An API contract cannot be created between a client and a public API.

When an API contract is created, the system generates a unique API Key. This key is unique per client and the same for all contracts of this client. All requests made to the API by a client through the gateway must include this API Key. The API Key is used to create the runtime policy chain from the policies configured on the API, plan and client.

Info

You can forward the X-API-Key to the service using the API Key policy. However, you cannot define your own value for the X-API-Key, since the gateway uses the key to identify the clients.

Terms & Definitionsdefinition_api
Multiexcerpt
MultiExcerptNamedefinition_api

APIs represent real back-end APIs (Application Programming Interfaces). An API is also known as a service, meaning anything that can be invoked remotely by some sort of client. API Management provides a way to turn unmanaged (raw) back-end APIs into managed APIs by attaching policies to them.

Every managed API can be published as Public API or Private API or both:

  • Public APIs are available to consumers without a key. Only policies defined for the API apply.
  • Private APIs are only accessible for known consumers called clients. Every client has an individual key to access the API. Policies from the client, the selected plan in the contract and API apply.

In API Management, users can create new APIs manually or easily import them from the API Catalog.

Terms & Definitionsdefinition_client
Multiexcerpt
MultiExcerptNamedefinition_client

The client is the consumer of the API:

  • The client needs to consume managed APIs offered through the API Management.
  • Each client can consume multiple APIs within the API Management, therefore a contract is created between an API and a client over a plan.
  • As with an API or a plan, you can also add policies to a client. If you created a contract, you will get an API-Key to invoke the API.

Terms & Definitions

definition_organization
Multiexcerpt
MultiExcerptNamedefinition_organization

Almost everything in the API Management data model exists in the context of an organization:

  • An organization contains and manages all elements used by a company, department, etc. within API Management.
  • An organization is a container of other elements: plans, APIs, and clients are defined in the organization.
  • Every user must be associated with at least one organization to be able to manage elements in the application.
  • Scheer PAS API Management implements role-based access control for users. The organization membership of a user defines the actions he is able to perform and the elements he can manage within the organization.
  • Memberships for each organization can be easily managed in the Organization tab.
Terms & Definitionsdefinition_plan
Multiexcerpt
MultiExcerptNamedefinition_plan

A plan is a set of policies that defines the level of service the API Management provides for an API.

  • Plans enable users to define multiple different levels of service for their APIs.
  • It is common to define different plans for the same API. The differences depend on configuration options.
    Example:
    An organization offers two plans for the same API: Plan A is more expensive than plan B, but it offers a higher level of API requests in a given (and configurable) time period.
Terms & Definitionsdefinition_policy
Multiexcerpt
MultiExcerptNamedefinition_policy

Policies are at the lowest level of the data model, but they are the most important concept: A policy is a rule or a set of rules Scheer PAS API Management uses to manage your APIs.

  • Policies represent the unit of work done at runtime, when the API Management applies the policies to all API requests.
  • Policies are applied through a policy chain: when a request to an API is made, API Management creates a chain of policies to be applied to that request.
  • Policy chains define a specific sequence order in which the defined policies are applied to API requests.

...

false
disabledfalse
enabledInEditorfalse
globalFiltertrue
id1696945354182_-105526957
iconfilter
order1,2,0
hideControlstrue
inversefalse,false,false
numbering
datefilter
column
sortChapter ⇧,Name ⇧
totalcol
disableSavefalse
rowsPerPage
separatorPoint (.)
labelsName‚Chapter‚Filter whole table
thousandSeparator
ignoreFirstNrows
ddOperator
userfilterName,Chapter
datepatterndd M yy
numberfilter
heightValue
updateSelectOptionsfalse
worklog365|5|8|y w d h m|y w d h m
isORAND
showNRowsifNotFiltered


ChapterNameExcerptUsage
APIs

info_open_api_documentation

delete when 24.1 has been published


Multiexcerpt
MultiExcerptNameinfo_open_api_documentation


Info

Adding or removing policies does not enrich the Open API documentation. You need to adjust your documentation manually. For more information on REST documentation and how to add documentation to xUML services, refer to Bridge Guide > Documenting a REST Service.



APIsinfo_openapi_definition


Multiexcerpt
MultiExcerptNameinfo_openapi_definition


Info

PAS 24.1 The OpenAPI definition is adapted, when the API is published:

  • The API's name, version number and markdown description are taken over in the code displayed in the definition editor.
  • Adding or removing policies enriches the OpenAPI definition.
    (This also applies to the whole policy chain, even if the definition editor in the API details will only show API-related policy code.)



APIsinfo_testing_apis


Multiexcerpt
MultiExcerptNameinfo_testing_apis


Info

Testing of API configurations is only possible with REST APIs that are coming with an OpenAPI specification.



APIssetting_validity_api


Multiexcerpt
MultiExcerptNamesetting_validity_api

This setting is valid for all versions of the API.


Clientssetting_validity_client


Multiexcerpt
MultiExcerptNamesetting_validity_client

This setting is valid for all versions of the client.


Developer Portalaccess_documentation_and_definiton


Multiexcerpt
MultiExcerptNameaccess_documentation_and_definiton

You can also access the API Documentation and Download Image Added the API definition file here. 


Developer Portalapi_documentation


Multiexcerpt
MultiExcerptNameapi_documentation

Click API Documentation to access the Swagger UI where you can test the API (refer to Testing APIs for further information).


Developer Portalconfirm_delete


Multiexcerpt
MultiExcerptNameconfirm_delete

For security reasons, you need to confirm the deletion.


Developer Portaldisplay_open_api_definition


Multiexcerpt
MultiExcerptNamedisplay_open_api_definition

Displays the Open API definition (Swagger) and allows for making test calls if the API is available.


Developer Portaldownload_open_api_definition


Multiexcerpt
MultiExcerptNamedownload_open_api_definition

Downloads the API definition file.


Developer Portallatest_api_version


Multiexcerpt
MultiExcerptNamelatest_api_version

If more than one version of the API is available, the latest version will be displayed on top. To see the details of earlier versions, expand the labels below the open details page. 


Developer Portalportal_copy_to_clipboard


Multiexcerpt
MultiExcerptNameportal_copy_to_clipboard

Click Copy Image Added to copy the key to the clipboard.


Developer Portalsign_up_client_created


Multiexcerpt
MultiExcerptNamesign_up_client_created

After a successful creation, your client is displayed in the box below.

Click Next to continue.


Developer Portalsign_up_create_client


Multiexcerpt
MultiExcerptNamesign_up_create_client

Now follow the wizard through some simple steps:

  • Create a new client: Enter the name of your client in field Search or create.

Click Create.


Developer Portalsign_up_multiple_organizations


Multiexcerpt
MultiExcerptNamesign_up_multiple_organizations

If your user has permission to use or create clients in various organizations, a different view will be displayed:

  • Field Organization is a drop-down and you can select the organization you want to create a new client in.
  • Below, the list of available clients for your user is displayed and you can select one directly.
  • If a client has more then one version, you can also select the client version from a drop-down list.

Click Next to continue.


Developer Portalsign_up_my_clients_tab


Multiexcerpt
MultiExcerptNamesign_up_my_clients_tab

Tab My Clients displays an overview of your clients and their contracts.

Your new client is displayed and labeled as Awaiting Approval. Refer to Handling Approval Requests for detailed information about the approval process in API Management.


Developer Portalsign_up_request_approved


Multiexcerpt
MultiExcerptNamesign_up_request_approved

As soon as an administrator approved your request, you will get a notification.

Now you can start using the API.


Developer Portalsign_up_success


Multiexcerpt
MultiExcerptNamesign_up_success

A success message is displayed in the Developer Portal.

If approval is required for the API you subscribed to, you now have to wait for the approval.
If approval is not necessary to use the API, you have now access to it.

If you want to check your newly created client, switch to the My Clients tab.


Developer Portalsign_up_summary


Multiexcerpt
MultiExcerptNamesign_up_summary

In step 2, the summary displays the API-related information.

Click Confirm to send your request.

Info

API Key and Endpoint will be provided to you after your request is approved.



Generaladding_versions


Multiexcerpt
MultiExcerptNameadding_versions

To create a new version, click New Version Image Added(refer to The Concepts of API Management > Versioning for detailed information).


Generalapi_learn_more


Multiexcerpt
MultiExcerptNameapi_learn_more

Click Learn More on the API that you want to consume.

This will open the API's details.


Generalcreate_button


Multiexcerpt
MultiExcerptNamecreate_button

No matter where you are in the API Management, the Create button Image Added is always displayed at the bottom right and opens the creation menu.


Generalcreation_wizard


Multiexcerpt
MultiExcerptNamecreation_wizard

In the next step, you need to enter the following mandatory settings:

  • Name: Enter a name. The name is not changeable after creation.

  • Version: Enter a version number or name.
Info

You can enter numbers and text in field Version. Refer to The Concepts of API Management > Versioning for detailed information.

You can then enter a description. The description is optional and can also be entered or changed later on the details page.

Click Next to continue.


Generalenable_delete_button


Multiexcerpt
MultiExcerptNameenable_delete_button

Option Delete is only enabled if you activate the checkbox.


Generalinfo_mail_notifications


Multiexcerpt
MultiExcerptNameinfo_mail_notifications


Info

The notifications can also be sent by by email. This feature must be enabled during the the setup of your Scheer PAS installation. Ask your Scheer PAS administrator for help.



Generalinfo_metrics


Multiexcerpt
MultiExcerptNameinfo_metrics


Tip

Refer to Metrics for detailed information about the available options.



Generalinfo_rights_management


Multiexcerpt
MultiExcerptNameinfo_rights_management


Info

In API Management, a user can see all APIs for which he has explicit permissions (roles Viewer and Editor). The permissions are assigned in the corresponding organizations, refer to Administrating Organization Members > Applicable Roles.
In addition, a user can be assigned the profile api_management_admin in the user management (refer to Administration Guide) which makes him a "superadmin" who can basically see and do everything in API Management (refer to Administration for details).



Generalorganization_preset


Multiexcerpt
MultiExcerptNameorganization_preset

In that case, the organization is already set in the wizard.


Generalplan_sign_up


Multiexcerpt
MultiExcerptNameplan_sign_up

In the Plans section, you find all available plans for the API and information on whether approval is required for a plan.

Click Sign Up on the plan you want to register for.


Generalsuccessful_deletion


Multiexcerpt
MultiExcerptNamesuccessful_deletion

A toast message indicates successful deletion.


Generaltip_entity_deletion


Multiexcerpt
MultiExcerptNametip_entity_deletion


Tip
titleExpert Advice

Do not delete APIs, plans, or clients and recreate them if you want to change policies or settings. Instead:

  • As concerns APIs and clients: Retire the old version, so it will not be callable anymore. Alternatively, skip this step if you want both versions - old and new - to be available.
  • Create a new version of the element you want to change.
  • Re-publish or re-register the API or client.



Generaltip_infos_about_policies


Multiexcerpt
MultiExcerptNametip_infos_about_policies


Tip

Refer to chapter Policies for an overview of the standard policies supplied with Scheer PAS API Management. Page Attaching Policies explains how to attach and configure a policy.



Generaltip_navigation


Multiexcerpt
MultiExcerptNametip_navigation


Tip

For detailed information about navigating and filtering the list refer to Working With the API Management.



Generaltip_visibility_concept


Multiexcerpt
MultiExcerptNametip_visibility_concept


Tip

For detailed information about the visibility concept, refer to The Concepts of API Management.




Organizationsorganization_best_practices


Multiexcerpt
MultiExcerptNameorganization_best_practices


Tip
titleExpert Advice

We recommend the following best practices regarding organizations:

  • Create organizations as fine-granular as possible, e.g. one organization for each logical group of APIs (purchase, order processing, billing).
  • Use a separate, dedicated organization for testing or development.
  • Do not test your API in an organization that holds productive data.



Plansinfo_deleting_locked_plans


Multiexcerpt
MultiExcerptNameinfo_deleting_locked_plans


Info

You cannot delete a locked plan. Locked plans are deleted only when the entire organization is deleted.



Planslocked_plan_unchangeable


Multiexcerpt
MultiExcerptNamelocked_plan_unchangeable


Note

Once a plan is locked, it cannot be revised anymore. However, you can still create a new version of this plan.



  • Plans
  • API Tutorial 2: Creating a Plan
Planssetting_validity_plan


Multiexcerpt
MultiExcerptNamesetting_validity_plan

This setting is valid for all versions of the plan.


Policiesclaim_availability


Multiexcerpt
MultiExcerptNameclaim_availability

All standard claims, custom claims and ID token fields are available (case sensitive). A special value of access_token will forward the entire encoded token. Nested claims can be accessed by using the JavaScript dot syntax (e.g: address.country, address.formatted).


Policiescors_policy_chain_text


Multiexcerpt
MultiExcerptNamecors_policy_chain_text

API Management sets the CORS headers in the following order:

  1. CORS headers from the CORS policy have the highest priority.
  2. If no CORS policy has been defined, CORS headers from the external API are used.
Tip

For detailed explanations about Cross-Origin Resource Sharing (CORS) visit the official Mozilla documentation.



Policiesinfo_cors_list_input


Multiexcerpt
MultiExcerptNameinfo_cors_list_input


Info

Confirm each field input with Enter to create various list entries.



Policiesinfo_java_syntax


Multiexcerpt
MultiExcerptNameinfo_java_syntax


Info

Regular expressions must be written in Java syntax.



Policiesinfo_self_signed_certificates


Multiexcerpt
MultiExcerptNameinfo_self_signed_certificates


Info

Self-signed certificates are currently not supported.



Policiesinfo_stateful_request_payload


Multiexcerpt
MultiExcerptNameinfo_stateful_request_payload


Info

If you want to cache POST requests, you have to enable stateful request payload inspection in the settings of your API.



Policieskeycloak_tokens


Multiexcerpt
MultiExcerptNamekeycloak_tokens

With PAS 23.1.1, the Scheer PAS installation comes with the default Keycloak client api-management-oauth. Keycloak clients are entities that can request Keycloak to authenticate a user. In most cases, Keycloak clients are applications and services that want to use Keycloak to secure themselves and provide a single sign-on solution. However, clients can also be entities that just want to request identity information or an access token so that they can securely invoke other services on the network.

If you use the Keycloak OAuth policy, we recommend to check against the default client api-management-oauth.

Tip
titleExpert Advice

If you need to create your own client in Keycloak, visit the official Keycloak documentation for further information.



Policieskeycloak_tokens_usage


Multiexcerpt
MultiExcerptNamekeycloak_tokens_usage

You have to send the received token with each request as authorization header. If you use the PAS internal request UI (Swagger UI), the token is set automatically.

Example:

Code Block
titleExample API Request
curl --location 'https://scheer-acme.com/acme-test/gateway/test/hello-oauth/1.0' \
--header 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c'



Policiesnote_allowlist_blocklist


Multiexcerpt
MultiExcerptNamenote_allowlist_blocklist


Note

An IP Blocklist policy overrides an IP Allowlist policy.



Policiesnote_enable_option


Multiexcerpt
MultiExcerptNamenote_enable_option

It is stongly recommended to enable this option.


Policiespolicies_best_practices


Multiexcerpt
MultiExcerptNamepolicies_best_practices


Tip
titleExpert Advice

We recommend the following best practices regarding policies:

  • Give a thought or two on where to add your policy, because policies can be added to clients, plans and APIs, which has impact on the policy chain.
    • On API level, you will typically use modification policies, such as URL Rewriting or API Key.
    • On plan level, you will typically use limiting policies, such as Rate Limiting. This way, each plan will allow for a different amount of requests.
    • On client level, you will typically apply authentication and authorization policies, such as BASIC Authentication or Authorization, or other security policies.
  • Testing APIs or verifying concepts with policies is much simpler with public APIs.



Policiespolicies_table_handling


Multiexcerpt
MultiExcerptNamepolicies_table_handling

Click Add to create more rows in the table. Click Delete to remove selected rows.


Tips and Tricksattaching_a_policy


Multiexcerpt
MultiExcerptNameattaching_a_policy

A wizard supports you during policy configuration. Refer to Attaching Policies for a step-by-step guide.



Excerpts up to Version 23.1.1

Info

Some API Management excerpts are saved within the documenation, see API Management excerpts managed directly in the documentation for an overview.


Table Filter
fixedCols
totalrow,,,
hidelabelsfalse
ddSeparator
sparkNameSparkline
hidePaneFiltration panel
customNoTableMsgText
limitHeight
sparklinefalse
default,,
isFirstTimeEntertrue
cell-width250,250,150
hideColumnsfalse
totalRowName
totalColName
customNoTableMsgfalse
disabledfalse
enabledInEditorfalse
globalFiltertrue
id1695709494627_-25850261
iconfilter
order1,2,0
hideControlstrue
inversefalse,false,false
numbering
datefilter
column
sortGroup ⇧,Name ⇧
totalcol
disableSavefalse
rowsPerPage
separatorPoint (.)
labelsName‚Chapter‚Filter whole table
thousandSeparator
ignoreFirstNrows
ddOperator
userfilterName,Chapter
datepatterndd M yy
numberfilter
heightValue
updateSelectOptionsfalse
worklog5|8|w d h m|w d h m
isORAND
showNRowsifNotFiltered


ChapterNameExcerptUsage
Policiesapi_behind_proxy


Multiexcerpt
MultiExcerptNameapi_behind_proxy


Note

Please disable the TLS check if you are using Scheer PAS 21.1 or a newer version, because all PAS components are running behind a proxy server.



Policiesapi_blacklist_whitelist


Multiexcerpt
MultiExcerptNameapi_blacklist_whitelist


Note

An IP Blocklist policy overrides an IP Allowlist policy.



Terms & Definitionsapi_contracts_and_keys


Multiexcerpt
MultiExcerptNameapi_contracts_and_keys

Only public APIs can be accessed by any consumer. The only way for a client to consume a private API is by using an API contract. An API contract is a link between a client and an API through a plan offered by that API.

API contracts can only be created between clients and published APIs which are offered through at least one plan. An API contract cannot be created between a client and a public API.

When an API contract is created, the system generates a unique API Key. This key is unique per client and the same for all contracts of this client. All requests made to the API by a client through the gateway must include this API Key. The API Key is used to create the runtime policy chain from the policies configured on the API, plan and client.

Info

You can forward the X-API-Key to the service using the API Key policy. However, you cannot define your own value for the X-API-Key, since the gateway uses the key to identify the clients.



General Notes, Infos, Tipsapi_displayed_when_published


Multiexcerpt
MultiExcerptNameapi_displayed_when_published


Info

This tab is only visible for published APIs.



General Notes, Infos, Tipsapi_displayed_when_registered


Multiexcerpt
MultiExcerptNameapi_displayed_when_registered


Info

This tab is only visible for registered clients.



Developer Portalapi_doc_and_definition


Multiexcerpt
MultiExcerptNameapi_doc_and_definition

The API Documentation button and a button to download the API definition file are also available here.


Developer Portalapi_documentation_button


Multiexcerpt
MultiExcerptNameapi_documentation_button

The API Documentation button grants access to the Swagger UI where the user can test the API (refer to Testing APIs for further information).


Policiesapi_enable_option


Multiexcerpt
MultiExcerptNameapi_enable_option


Note

It is strongly recommended to enable this option.



General Notes, Infos, Tipsapi_link_to_policy_page


Multiexcerpt
MultiExcerptNameapi_link_to_policy_page


Tip

Refer to Policies for an overview of the standard policies supplied with Scheer PAS API Management. Refer to Assigning Policies for detailed explanations on how to configure a policy.



Policiesapi_move_policies


Multiexcerpt
MultiExcerptNameapi_move_policies
The order of the policies is important. The order in which the policies appear in the user interface determines the order they will be applied at runtime. You can drag a policy up and down the list to change the order:


General Notes, Infos, Tipsapi_my_all_hint


Multiexcerpt
MultiExcerptNameapi_my_all_hint


Info

If you want to edit API Management elements, you need to access them via the My... menu items (refer to "My" API Management items).



Clientsapi_registered_client


Multiexcerpt
MultiExcerptNameapi_registered_client


Note

Before the client is registered with the runtime gateway, it is not possible to make requests to backend APIs on behalf of that client.



General Notes, Infos, Tipsapi_save_when_finished


Multiexcerpt
MultiExcerptNameapi_save_when_finished

Do not forget to click the Save button when you have finished.


Developer Portalapi_version_label


Multiexcerpt
MultiExcerptNameapi_version_label

If more than one version of the API is available, the latest version will be displayed on top. To see the details of earlier versions, expand the labels below the open details page.


General Notes, Infos, Tipsapi_version_number_note


Multiexcerpt
MultiExcerptNameapi_version_number_note


Info

You can enter numbers and text in the Version field which allows the use of version numbers (e.g. 1.0, 2.1 ...) as well as version descriptions (e.g. Gold, Super etc.).



APIsapi_visibility


Multiexcerpt
MultiExcerptNameapi_visibility

Use the drop-down list to define which user group can browse the API and the corresponding plan. This affects the view in the API Management itself as well as in the API Developer Portal:

  • Organization Members (default): All members of the organization. The PAS user must be listed in one of the Identity Management groups API-Management-Users, API-Management-Administrators or API-Management-Developer-Portal-Users.
  • API Management Users: Any PAS user listed in Identity Management groups API-Management-Users or API-Management-Administrators.
  • API Developer Portal Visitors: Any PAS user listed in Identity Management group API-Management-Developer-Portal-Users and any user who visits the API Developer Portal, whether logged in or not.

For detailed information about the visibility concept, visit page The Concepts of API Management.


General Notes, Infos, Tipsapi_work_with_items


Multiexcerpt
MultiExcerptNameapi_work_with_items

Click Image Added to add a new item to a list, click Image Added to show/hide the list of items.


Developer Portalapprover_confirmation


Multiexcerpt
MultiExcerptNameapprover_confirmation

For security reasons, the approver needs to confirm his choice.


Developer Portal

confirm_deletion


Multiexcerpt
MultiExcerptNameconfirm_deletion

For security reasons, you need to confirm the deletion.


Developer Portalcopy_to_clipboard


Multiexcerpt
MultiExcerptNamecopy_to_clipboard

Use icon Image Added to copy the key to the clipboard.


Developer Portalcorresponding_message_in_portal


Multiexcerpt
MultiExcerptNamecorresponding_message_in_portal

The user gets a corresponding notification in the API Developer Portal.


Policiescors_policy_chain


Multiexcerpt
MultiExcerptNamecors_policy_chain

API Management sets the CORS headers in the following order:

  1. CORS headers from the CORS policy have the highest priority.
  2. If no CORS policy has been defined, CORS headers from the external API are used.
Tip

For detailed explanations about Cross-Origin Resource Sharing (CORS) visit the official Mozilla documentation.



Terms & Definitionsdefinition_api


Multiexcerpt
MultiExcerptNamedefinition_api

APIs in API Management represent real back-end APIs (Application Programming Interfaces). An API is also known as a service, meaning anything that can be invoked remotely by some sort of client. API Management provides a way to turn unmanaged (raw) back-end APIs into managed APIs by attaching policies to them.

Every managed API can be published as Public API or Private API or both:

  • Public APIs are available to consumers without a key. Only policies defined on the API apply to public APIs.
  • Private APIs are only accessible for known consumers, called clients. Every client has an individual key to access the API. Policies defined on the client, the selected plan in the contract and the API apply.

In API Management, users can create new APIs manually or easily import them from the API Catalog.


Terms & Definitionsdefinition_client


Multiexcerpt
MultiExcerptNamedefinition_client

The client is the consumer of the API:

  • The client consumes managed APIs offered through API Management.
  • Each client can consume multiple APIs within API Management. The relation between client and API is defined via a contract and a plan.
  • As with an API or a plan, you can also add policies to a client. When creating a contract, an API-Key to invoke the API will be assigned.


Terms & Definitionsdefinition_contract


Multiexcerpt
MultiExcerptNamedefinition_contract
A contract relates a client to an API, using a plan.


Terms & Definitions

definition_organization


Multiexcerpt
MultiExcerptNamedefinition_organization

Almost everything in the API Management data model exists in the context of an organization:

  • An organization is a logical unit within API Management. This can be a company, department, etc.
  • An organization is a container of other elements: plans, APIs, and clients are defined per organization.
  • Every user must be associated with at least one organization to be able to manage elements in the application.
  • API Management implements role-based access control for users. You can give organization members different roles to restrict the actions he is able to perform and the elements he can manage within the organization.
  • Membership for each organization can be easily managed in the Organization tab.


Terms & Definitionsdefinition_plan


Multiexcerpt
MultiExcerptNamedefinition_plan

A plan is a set of policies that defines the level of service API Management provides for an API.

  • Plans enable users to define multiple different levels of service for their APIs.
  • Plans specify the contract between a client and an API.
  • It is common to define multiple plans with divergent configuration options for the same API.
    Example:
    An organization offers two plans for the same API: Plan A is more expensive than plan B, but it offers a higher level of API requests in a given (and configurable) period of time.


Terms & Definitionsdefinition_policy


Multiexcerpt
MultiExcerptNamedefinition_policy

Policies are at the lowest level of the data model, but they are the most important concept: A policy is a rule or a set of rules API Management uses to manage access to your APIs.

  • Policies are applied to all API requests and represent a unit of work applied at runtime to the request by API Management.
  • You can define a policy chain, a defined order in which the policies will be applied to API requests.


Developer Portal

description_api_definition_download


Multiexcerpt
MultiExcerptNamedescription_api_definition_download

Downloads the API definition file.


Developer Portal

description_api_documentation


Multiexcerpt
MultiExcerptNamedescription_api_documentation

Displays the Open API definition (Swagger) and allows for making test calls if the API is available.


Developer Portaldetails_page_public


Multiexcerpt
MultiExcerptNamedetails_page_public

On the details page of a Public API, users can find further information about the API such as an extended description and the public endpoint.


Notificationsinfo_enable_mail_notifications


Multiexcerpt
MultiExcerptNameinfo_enable_mail_notifications


Info

The notifications can also be sent by by email. This feature must be enabled during the the setup of your Scheer PAS installation. Ask your Scheer PAS administrator for help.



Planslocked_plans


Multiexcerpt
MultiExcerptNamelocked_plans


Note

Once a plan is locked, it cannot be revised anymore. However, you can still create a new version of this plan.



Administrationmanage_users


Multiexcerpt
MultiExcerptNamemanage_users

API Management uses the Identity Management to manage its users. This tool can manage users for multiple applications. Data for each application is stored in so called "realms":

  • Users of Identity Management itself are stored to realm Master.
  • Users of API Management and Log Analyzer are stored to realm Apiman.

Thus, you need to have to separate admin accounts: one for Identity Management, and one for API Management.


Plansnote_on_plan_usage


Multiexcerpt
MultiExcerptNamenote_on_plan_usage


Info

Only locked plans can be used by APIs in the organization. Refer to Locking a Plan for more information.



General Notes, Infos, Tips

note_read_confirmation_dialog


Multiexcerpt
MultiExcerptNamenote_read_confirmation_dialog


Note

Please read the confirmation dialog carefully.



Policiesnote_require_true


Multiexcerpt
MultiExcerptNamenote_require_true


Note

Make sure that this option is true if you want to use this policy for authentication.



Policiesproxy_x_real


Multiexcerpt
MultiExcerptNameproxy_x_real


Info

In the default setup the gateway runs behind a proxy. In the default scenario there is no need to add the header X-Real-IP in the custom header field IP Address HTTP Header.



Supportsupport_overview


Multiexcerpt
MultiExcerptNamesupport_overview
  1. First of all you can consult our complete technical documentation.
    The documentation is divided into several guides:
  2. If you can't solve your problem with help of the documentation, you can file a ticket to our support team at support@scheer-pas.com.
    All mails to our support mailbox will open a ticket in our service desk.
    Optionally, you may use our service desk portal. There, you can manage your tickets and raise new support requests. Using the portal requires you to register your email address, which will not take much time.

  3. To help you with your problem, our Support team needs some information on your software and environment. Please refer to Information to Include in a Support Request for more details on this.


Policiesswagger_definition_changes


Multiexcerpt
MultiExcerptNameswagger_definition_changes


Info

Adding or removing policies does not enrich the Open API documentation. You need to adjust your documentation manually.



Clientsswagger_ui


Multiexcerpt
MultiExcerptNameswagger_ui


Tip

For more information about the functions of the Swagger UI, go to the Swagger homepage.



Administrationtest_gateway_nok


Multiexcerpt
MultiExcerptNametest_gateway_nok

If the configuration is invalid, an error message will be shown including further information about the error itself:

Image Added


Administrationtest_gateway_ok


Multiexcerpt
MultiExcerptNametest_gateway_ok

If the gateway configuration is correct, you will get a success message:

Image Added


APIstesting_api_with_swagger


Multiexcerpt
MultiExcerptNametesting_api_with_swagger


Info

Testing of API configurations is only possible with REST APIs that are coming with an OpenAPI Specification.



Metricstipp_elaborated_metrics


Multiexcerpt
MultiExcerptNametipp_elaborated_metrics


Tip

PAS 22.1 For more elaborated metrics, have a look at the Log Analyzer which offers a default dashboard visualizing API Management insights.



General Notes, Infos, Tipsuse_breadcrump


Multiexcerpt
MultiExcerptNameuse_breadcrump


Tip

Use the breadcrumb menu at the top of the page for guidance.



Organizations

version_note_api_org_creation


Multiexcerpt
MultiExcerptNameversion_note_api_org_creation


Info

From PAS 22.1 all API Management users can create new organizations. In earlier versions, only users with role Administrator had been able to create organizations.




API Management excerpts managed directly in the documentation

ChapterExcerpt NamePage of the Original(Re-)Usage
Administrationdata_export

API Management Backup and Restore


Administrationbackup

API Management Backup and Restore


Administrationdata_import

API Management Backup and Restore


Administrationrestore

API Management Backup and Restore


Administrationkeycloak_login

Managing Users and Permissions

Policiespolicy_overview_table

Policies

Policiesinfo_post_requests

Caching Resources

Metricsapi_metrics

Metrics

Metricsclient_metricsMetrics
Some Common API Management Use Casespage_content
Securing Designer Services via API Management