Versions Compared

Old Version 236

changes.mady.by.user Annegret Bernhardt

Saved on

compared with

New Version 237

changes.mady.by.user Annegret Bernhardt

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: keycloak_tokens_usage added (content moved from a divided big_excerpt)

...

Table Filter
fixedCols
totalrow,,,
hidelabelsfalse
ddSeparator
sparkNameSparkline
hidePaneFiltration panel
customNoTableMsgText
limitHeight
sparklinefalse
default,,
isFirstTimeEntertrue
cell-width250,250,250
hideColumnsfalse
totalRowName
totalColName
customNoTableMsgfalse
disabledfalse
enabledInEditorfalse
globalFiltertrue
id1696945354182_-105526957
iconfilter
order1,2,0
hideControlstrue
inversefalse,false,false
numbering
datefilter
column
sortChapter ⇧,Name ⇧
totalcol
disableSavefalse
rowsPerPage
separatorPoint (.)
labelsName‚Chapter‚Filter whole table
thousandSeparator
ignoreFirstNrows
ddOperator
userfilterName,Chapter
datepatterndd M yy
numberfilter
heightValue
updateSelectOptionsfalse
worklog365|5|8|y w d h m|y w d h m
isORAND
showNRowsifNotFiltered


ChapterNameExcerptUsage
APIsinfo_open_api_documentation


Multiexcerpt
MultiExcerptNameinfo_open_api_documentation


Info

Adding or removing policies does not enrich the Open API documentation. You need to adjust your documentation manually. For more information on REST documentation and how to add documentation to xUML services, refer to Bridge Guide > Documenting a REST Service.



APIsinfo_testing_apis


Multiexcerpt
MultiExcerptNameinfo_testing_apis


Info

Testing of API configurations is only possible with REST APIs that are coming with an OpenAPI Specification.



APIssetting_validity_api


Multiexcerpt
MultiExcerptNamesetting_validity_api

This setting is valid for all versions of the API.


Clientssetting_validity_client


Multiexcerpt
MultiExcerptNamesetting_validity_client

This setting is valid for all versions of the client.


Developer Portalaccess_documentation_and_definiton


Multiexcerpt
MultiExcerptNameaccess_documentation_and_definiton

You can also access the API Documentation and Download the API definition file here. 


Developer Portalapi_documentation


Multiexcerpt
MultiExcerptNameapi_documentation

Click API Documentation to access the Swagger UI where you can test the API (refer to Testing APIs for further information).


Developer Portalconfirm_delete


Multiexcerpt
MultiExcerptNameconfirm_delete

For security reasons, you need to confirm the deletion.


Developer Portaldisplay_open_api_definition


Multiexcerpt
MultiExcerptNamedisplay_open_api_definition

Displays the Open API definition (Swagger) and allows for making test calls if the API is available.


Developer Portaldownload_open_api_definition


Multiexcerpt
MultiExcerptNamedownload_open_api_definition

Downloads the API definition file.


Developer Portallatest_api_version


Multiexcerpt
MultiExcerptNamelatest_api_version

If more than one version of the API is available, the latest version will be displayed on top. To see the details of earlier versions, expand the labels below the open details page. 


Developer Portalportal_copy_to_clipboard


Multiexcerpt
MultiExcerptNameportal_copy_to_clipboard

Click Copy to copy the key to the clipboard.


Developer Portalsign_up_client_created


Multiexcerpt
MultiExcerptNamesign_up_client_created

After a successful creation, your client is displayed in the box below.

Click Next to continue.


Developer Portalsign_up_create_client


Multiexcerpt
MultiExcerptNamesign_up_create_client

Now follow the wizard through some simple steps:

  • Create a new client: Enter the name of your client in field Search or create.

Click Create.


Developer Portalsign_up_multiple_organizations


Multiexcerpt
MultiExcerptNamesign_up_multiple_organizations

If your user has permission to use or create clients in various organizations, a different view will be displayed:

  • Field Organization is a drop-down and you can select the organization you want to create a new client in.
  • Below, the list of available clients for your user is displayed and you can select one directly.
  • If a client has more then one version, you can also select the client version from a drop-down list.

Click Next to continue.


Developer Portalsign_up_my_clients_tab


Multiexcerpt
MultiExcerptNamesign_up_my_clients_tab

Tab My Clients displays an overview of your clients and their contracts.

Your new client is displayed and labeled as Awaiting Approval. Refer to Handling Approval Requests for detailed information about the approval process in API Management.


Developer Portalsign_up_request_approved


Multiexcerpt
MultiExcerptNamesign_up_request_approved

As soon as an administrator approved your request, you will get a notification.

Now you can start using the API.


Developer Portalsign_up_success


Multiexcerpt
MultiExcerptNamesign_up_success

A success message is displayed in the Developer Portal.

If approval is required for the API you subscribed to, you now have to wait for the approval.
If approval is not necessary to use the API, you have now access to it.

If you want to check your newly created client, switch to the My Clients tab.


Developer Portalsign_up_summary


Multiexcerpt
MultiExcerptNamesign_up_summary

In step 2, the summary displays the API-related information.

Click Confirm to send your request.

Info

API Key and Endpoint will be provided to you after your request is approved.



Generaladding_versions


Multiexcerpt
MultiExcerptNameadding_versions

To create a new version, click New Version (refer to The Concepts of API Management > Versioning for detailed information).


Generalapi_learn_more


Multiexcerpt
MultiExcerptNameapi_learn_more

Click Learn More on the API that you want to consume.

This will open the API's details.


Generalcreate_button


Multiexcerpt
MultiExcerptNamecreate_button

No matter where you are in the API Management, the Create button is always displayed at the bottom right and opens the creation menu.


Generalcreation_wizard


Multiexcerpt
MultiExcerptNamecreation_wizard

In the next step, you need to enter the following mandatory settings:

  • Name: Enter a name. The name is not changeable after creation.

  • Version: Enter a version number or name.
Info

You can enter numbers and text in field Version. Refer to The Concepts of API Management > Versioning for detailed information.

You can then enter a description. The description is optional and can also be entered or changed later on the details page.

Click Next to continue.


Generalenable_delete_button


Multiexcerpt
MultiExcerptNameenable_delete_button

Option Delete is only enabled if you activate the checkbox.


Generalinfo_mail_notifications


Multiexcerpt
MultiExcerptNameinfo_mail_notifications


Info

The notifications can also be sent by by email. This feature must be enabled during the the setup of your Scheer PAS installation. Ask your Scheer PAS administrator for help.



Generalinfo_metrics


Multiexcerpt
MultiExcerptNameinfo_metrics


Tip

Refer to Metrics for detailed information about the available options.



Generalinfo_rights_management


Multiexcerpt
MultiExcerptNameinfo_rights_management


Info

In API Management, a user can see all APIs for which he has explicit permissions (roles Viewer and Editor). The permissions are assigned in the corresponding organizations, refer to Administrating Organization Members > Applicable Roles.
In addition, a user can be assigned the profile api_management_admin in the user management (refer to Administration Guide) which makes him a "superadmin" who can basically see and do everything in API Management (refer to Administration for details).



Generalorganization_preset


Multiexcerpt
MultiExcerptNameorganization_preset

In that case, the organization is already set in the wizard.


Generalplan_sign_up


Multiexcerpt
MultiExcerptNameplan_sign_up

In the Plans section, you find all available plans for the API and information on whether approval is required for a plan.

Click Sign Up on the plan you want to register for.


Generalsuccessful_deletion


Multiexcerpt
MultiExcerptNamesuccessful_deletion

A toast message indicates successful deletion.


Generaltip_entity_deletion


Multiexcerpt
MultiExcerptNametip_entity_deletion


Tip
titleExpert Advice

Do not delete APIs, plans, or clients and recreate them if you want to change policies or settings. Instead:

  • As concerns APIs and clients: Retire the old version, so it will not be callable anymore. Alternatively, skip this step if you want both versions - old and new - to be available.
  • Create a new version of the element you want to change.
  • Re-publish or re-register the API or client.



Generaltip_infos_about_policies


Multiexcerpt
MultiExcerptNametip_infos_about_policies


Tip

Refer to chapter Policies for an overview of the standard policies supplied with Scheer PAS API Management. Page Attaching Policies explains how to attach and configure a policy.



Generaltip_navigation


Multiexcerpt
MultiExcerptNametip_navigation


Tip

For detailed information about navigating and filtering the list refer to Working With the API Management.



Generaltip_visibility_concept


Multiexcerpt
MultiExcerptNametip_visibility_concept


Tip

For detailed information about the visibility concept, refer to The Concepts of API Management.




Organizationsorganization_best_practices


Multiexcerpt
MultiExcerptNameorganization_best_practices


Tip
titleExpert Advice

We recommend the following best practices regarding organizations:

  • Create organizations as fine-granular as possible, e.g. one organization for each logical group of APIs (purchase, order processing, billing).
  • Use a separate, dedicated organization for testing or development.
  • Do not test your API in an organization that holds productive data.



Plansinfo_deleting_locked_plans


Multiexcerpt
MultiExcerptNameinfo_deleting_locked_plans


Info

You cannot delete a locked plan. Locked plans are deleted only when the entire organization is deleted.



Planslocked_plan_unchangeable


Multiexcerpt
MultiExcerptNamelocked_plan_unchangeable


Note

Once a plan is locked, it cannot be revised anymore. However, you can still create a new version of this plan.



  • Plans
  • API Tutorial 2: Creating a Plan
Planssetting_validity_plan


Multiexcerpt
MultiExcerptNamesetting_validity_plan

This setting is valid for all versions of the plan.


Policiesclaim_availability


Multiexcerpt
MultiExcerptNameclaim_availability

All standard claims, custom claims and ID token fields are available (case sensitive). A special value of access_token will forward the entire encoded token. Nested claims can be accessed by using the JavaScript dot syntax (e.g: address.country, address.formatted).


Policiescors_policy_chain_text


Multiexcerpt
MultiExcerptNamecors_policy_chain_text

API Management sets the CORS headers in the following order:

  1. CORS headers from the CORS policy have the highest priority.
  2. If no CORS policy has been defined, CORS headers from the external API are used.
Tip

For detailed explanations about Cross-Origin Resource Sharing (CORS) visit the official Mozilla documentation.



Policiesinfo_cors_list_input


Multiexcerpt
MultiExcerptNameinfo_cors_list_input


Info

Confirm each field input with Enter to create various list entries.



Policiesinfo_java_syntax


Multiexcerpt
MultiExcerptNameinfo_java_syntax


Info

Regular expressions must be written in Java syntax.



Policiesinfo_self_signed_certificates


Multiexcerpt
MultiExcerptNameinfo_self_signed_certificates


Info

Self-signed certificates are currently not supported.



Policiesinfo_stateful_request_payload


Multiexcerpt
MultiExcerptNameinfo_stateful_request_payload


Info

If you want to cache POST requests, you have to enable stateful request payload inspection in the settings of your API.



Policieskeycloak_tokens


Multiexcerpt
MultiExcerptNamekeycloak_tokens

With PAS 23.1.1, the Scheer PAS installation comes with the default Keycloak client api-management-oauth. Keycloak clients are entities that can request Keycloak to authenticate a user. In most cases, Keycloak clients are applications and services that want to use Keycloak to secure themselves and provide a single sign-on solution. However, clients can also be entities that just want to request identity information or an access token so that they can securely invoke other services on the network.

If you use the Keycloak OAuth policy, we recommend to check against the default client api-management-oauth.

Tip
titleExpert Advice

If you need to create your own client in Keycloak, visit the official Keycloak documentation for further information.



Policieskeycloak_tokens_usage


Multiexcerpt
MultiExcerptNamekeycloak_tokens_usage

You have to send the received token with each request as authorization header. If you use the PAS internal request UI (Swagger UI), the token is set automatically.

Example:

Code Block
titleExample API Request
curl --location 'https://scheer-acme.com/acme-test/gateway/test/hello-oauth/1.0' \
--header 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c'



Policiesnote_allowlist_blocklist


Multiexcerpt
MultiExcerptNamenote_allowlist_blocklist


Note

An IP Blocklist policy overrides an IP Allowlist policy.



Policiesnote_enable_option


Multiexcerpt
MultiExcerptNamenote_enable_option

It is stongly recommended to enable this option.


Policiespolicies_best_practices


Multiexcerpt
MultiExcerptNamepolicies_best_practices


Tip
titleExpert Advice

We recommend the following best practices regarding policies:

  • Give a thought or two on where to add your policy, because policies can be added to clients, plans and APIs, which has impact on the policy chain.
    • On API level, you will typically use modification policies, such as URL Rewriting or API Key.
    • On plan level, you will typically use limiting policies, such as Rate Limiting. This way, each plan will allow for a different amount of requests.
    • On client level, you will typically apply authentication and authorization policies, such as BASIC Authentication or Authorization, or other security policies.
  • Testing APIs or verifying concepts with policies is much simpler with public APIs.



Policiespolicies_table_handling


Multiexcerpt
MultiExcerptNamepolicies_table_handling

Click Add to create more rows in the table. Click Delete to remove selected rows.


Tips and Tricksattaching_a_policy


Multiexcerpt
MultiExcerptNameattaching_a_policy

A wizard supports you during policy configuration. Refer to Attaching Policies for a step-by-step guide.



...