Versions Compared

Old Version 139

changes.mady.by.user Annegret Bernhardt

Saved on

compared with

New Version 140

changes.mady.by.user Annegret Bernhardt

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: tip_navigation added

...

Table Filter
fixedCols
totalrow,,,
hidelabelsfalse
ddSeparator
sparkNameSparkline
hidePaneFiltration panel
customNoTableMsgText
limitHeight
sparklinefalse
default,,
isFirstTimeEntertrue
cell-width250,250,250
hideColumnsfalse
totalRowName
totalColName
customNoTableMsgfalse
disabledfalse
enabledInEditorfalse
globalFiltertrue
id16957090982151695709478759_-39655962341880947
iconfilter
order1,2,0
hideControlstrue
inversefalse,false,false
numbering
datefilter
column
sortGroup ⇧,Name ⇧
totalcol
disableSavefalse
rowsPerPage
separatorPoint (.)
labelsName‚Group‚Filter Name‚Chapter‚Filter whole table
thousandSeparator
ignoreFirstNrows
ddOperator
userfilterName,GroupChapter
datepatterndd M yy
numberfilter
heightValue
updateSelectOptionsfalse
worklog365|5|8|y w d h m|y w d h m
isORAND
showNRowsifNotFiltered


Group
ChapterNameExcerptUsage
Generaltip_navigation


Multiexcerpt
MultiExcerptNametip_navigation


Tip

For detailed information about navigating and filtering the list go to Working With the API Management.












Excerpts up to Version 23.1.1

...

Table Filter
fixedCols
totalrow,,,
hidelabelsfalse
ddSeparator
sparkNameSparkline
hidePaneFiltration panel
customNoTableMsgText
limitHeight
sparklinefalse
default,,
isFirstTimeEntertrue
cell-width250,250,150
hideColumnsfalse
totalRowName
totalColName
customNoTableMsgfalse
disabledfalse
enabledInEditorfalse
globalFiltertrue
id16957092161571695709494627_1532212185-25850261
iconfilter
order1,2,0
hideControlstrue
inversefalse,false,false
numbering
datefilter
column
sortGroup ⇧,Name ⇧
totalcol
disableSavefalse
rowsPerPage
separatorPoint (.)
labelsName‚Group‚Filter Name‚Chapter‚Filter whole table
thousandSeparator
ignoreFirstNrows
ddOperator
userfilterName,GroupChapter
datepatterndd M yy
numberfilter
heightValue
updateSelectOptionsfalse
worklog5|8|w d h m|w d h m
isORAND
showNRowsifNotFiltered


GroupChapterNameExcerptUsage
AdministrationPoliciesmanageapi_usersbehind_proxy


Multiexcerpt
MultiExcerptNamemanage_users

API Management uses the Identity Management to manage its users. This tool can manage users for multiple applications. Data for each application is stored in so called "realms":

  • Users of Identity Management itself are stored to realm Master.
  • Users of API Management and Log Analyzer are stored to realm Apiman.

Thus, you need to have to separate admin accounts: one for Identity Management, and one for API Management.

Administrationtest_gateway_nok
Multiexcerpt
MultiExcerptNametest_gateway_nok

If the configuration is invalid, an error message will be shown including further information about the error itself:

Image Removed

Administrationtest_gateway_ok
Multiexcerpt
MultiExcerptNametest_gateway_ok

If the gateway configuration is correct, you will get a success message:

Image Removed

APIsapi_visibility
Multiexcerpt
MultiExcerptNameapi_visibility

Use the drop-down list to define which user group can browse the API and the corresponding plan. This affects the view in the API Management itself as well as in the API Developer Portal:

  • Organization Members (default): All members of the organization. The PAS user must be listed in one of the Identity Management groups API-Management-Users, API-Management-Administrators or API-Management-Developer-Portal-Users.
  • API Management Users: Any PAS user listed in Identity Management groups API-Management-Users or API-Management-Administrators.
  • API Developer Portal Visitors: Any PAS user listed in Identity Management group API-Management-Developer-Portal-Users and any user who visits the API Developer Portal, whether logged in or not.

For detailed information about the visibility concept, visit page The Concepts of API Management.

api_behind_proxy


Note

Please disable the TLS check if you are using Scheer PAS 21.1 or a newer version, because all PAS components are running behind a proxy server.



Policiesapi_blacklist_whitelist


Multiexcerpt
MultiExcerptNameapi_blacklist_whitelist


Note

An IP Blocklist policy overrides an IP Allowlist policy.



Terms & Definitionsapi_contracts_and_keys


Multiexcerpt
MultiExcerptNameapi_contracts_and_keys

API Contracts and API Keys

Only public APIs can be accessed by any consumer. The only way for a client to consume a private API is by using an API contract. An API contract is a link between a client and an API through a plan offered by that API.

API contracts can only be created between clients and published APIs which are offered through at least one plan. An API contract cannot be created between a client and a public API.

When an API contract is created, the system generates a unique API Key. This key is unique per client and the same for all contracts of this client. All requests made to the API by a client through the gateway must include this API Key. The API Key is used to create the runtime policy chain from the policies configured on the API, plan and client.

Info

You can forward the X-API-Key to the service using the API Key policy. However, you cannot define your own value for the X-API-Key, since the gateway uses the key to identify the clients.



General Notes, Infos, Tipsapi_displayed_when_published


Multiexcerpt
MultiExcerptNameapi_displayed_when_published


Info

This tab is only visible for published APIs.



General Notes, Infos, Tipsapi_displayed_when_registered


Multiexcerpt
MultiExcerptNameapi_displayed_when_registered


Info

This tab is only visible for registered clients.



Developer Portalapi_doc_and_definition


Multiexcerpt
MultiExcerptNameapi_doc_and_definition

The API Documentation

APIstesting_api_with_swagger Multiexcerpt
MultiExcerptNametesting_api_with_swagger
Info

Testing of API configurations is only possible with REST APIs that are coming with an OpenAPI Specification.

Clientsapi_registered_client Multiexcerpt
MultiExcerptNameapi_registered_client
Note

Before the client is registered with the runtime gateway, it is not possible to make requests to backend APIs on behalf of that client.

Clientsswagger_ui Multiexcerpt
MultiExcerptNameswagger_ui
Tip

For more information about the functions of the Swagger UI, go to the Swagger homepage.

Developer Portalapi_doc_and_definition
Multiexcerpt
MultiExcerptNameapi_doc_and_definition

The API Documentation button and a button to download the API definition file are also available here.


Developer Portalapi_documentation_button


Multiexcerpt
MultiExcerptNameapi_documentation_button

The API Documentation button grants access to the Swagger UI where the user can test the API (refer to Testing APIs for further information).


Developer PortalPoliciesapi_versionenable_labeloption


Multiexcerpt
MultiExcerptNameapi_versionenable_label

If more than one version of the API is available, the latest version will be displayed on top. To see the details of earlier versions, expand the labels below the open details page.

option


Note

It is strongly recommended to enable this option.



General Notes, Infos, Tipsapi_link_to_policy_pageDeveloper Portalapprover_confirmation


Multiexcerpt
MultiExcerptNameapprover_confirmation

For security reasons, the approver needs to confirm his choice.

Developer Portal

confirm_deletion

Multiexcerpt
MultiExcerptNameconfirm_deletion

For security reasons, you need to confirm the deletion.

api_link_to_policy_page


Tip

On page Policies you can find an overview of the standard policies supplied with Scheer PAS API Management. Page Assigning Policies shows how to configure a policy.



Policiesapi_move_policiesDeveloper Portalcopy_to_clipboard


Multiexcerpt
MultiExcerptNamecopyapi_tomove_clipboard

Use icon Image Removed to copy the key to the clipboard.

Developer Portalcorresponding_message_in_portal
Multiexcerpt
MultiExcerptNamecorresponding_message_in_portal

The user gets a corresponding notification in the API Developer Portal.

policies
The order of the policies is important. The order in which the policies appear in the user interface determines the order they will be applied at runtime. You can drag a policy up and down the list to change the order:


General Notes, Infos, Tipsapi_my_all_hintDeveloper Portaldescription_api_definition_download


Multiexcerpt
MultiExcerptNamedescriptionapi_apimy_definitionall_download

Downloads the API definition file.

Developer Portal
hint


Info

If you want to edit API Management elements, you need to access them via the My... menu items (see "My" API Management items).



Clientsapi_registered_clientdescription_api_documentation


Multiexcerpt
MultiExcerptNamedescriptionapi_apiregistered_documentationclient

Displays the Open API definition (Swagger) and allows for making test calls if the API is available.

Developer Portaldetails_page_public
Multiexcerpt
MultiExcerptNamedetails_page_public

On the details page of a Public API, users can find further information about the API such as an extended description and the public endpoint.


Note

Before the client is registered with the runtime gateway, it is not possible to make requests to backend APIs on behalf of that client.



General General Notes, Infos, Tipsapi_displayedsave_when_publishedfinished


This tab is only visible for published APIs

.

Multiexcerpt
MultiExcerptNameapi_displayedsave_when_publishedfinished

Do not forget to click the Save button when you have finished

Info


General Notes, Infos, TipsDeveloper Portalapi_displayedversion_when_registeredlabel


Multiexcerpt
MultiExcerptNameapi_displayedversion_when_registered
Info

This tab is only visible for registered clients.

  • Metrics
    • Client Settings
    label

    If more than one version of the API is available, the latest version will be displayed on top. To see the details of earlier versions, expand the labels below the open details page.


    General Notes, Infos, Tipsapi_linkversion_tonumber_policy_pagenote


    Multiexcerpt
    MultiExcerptNameapi_linkversion_tonumber_policy_pagenote
    Tip

    On page Policies you can find an overview of the standard policies supplied with Scheer PAS API Management. Page Assigning Policies shows how to configure a policy.

    General Notes, Infos, Tips


    Info

    You can enter numbers and text in the Version field which allows the use of version numbers (e.g. 1.0, 2.1 ...) as well as version descriptions (e.g. Gold, Super etc.).



    APIsapi_my_all_hintapi_visibility


    Multiexcerpt
    MultiExcerptNameapi_my_all_hint
    Info

    If you want to edit API Management elements, you need to access them via the My... menu items (see "My" API Management items).

    visibility

    Use the drop-down list to define which user group can browse the API and the corresponding plan. This affects the view in the API Management itself as well as in the API Developer Portal:

    • Organization Members (default): All members of the organization. The PAS user must be listed in one of the Identity Management groups API-Management-Users, API-Management-Administrators or API-Management-Developer-Portal-Users.
    • API Management Users: Any PAS user listed in Identity Management groups API-Management-Users or API-Management-Administrators.
    • API Developer Portal Visitors: Any PAS user listed in Identity Management group API-Management-Developer-Portal-Users and any user who visits the API Developer Portal, whether logged in or not.

    For detailed information about the visibility concept, visit page The Concepts of API Management.


    General Notes, Infos, Tipsapi_work_with_itemsGeneral Notes, Infos, Tipsapi_save_when_finished
    Multiexcerpt
    MultiExcerptNameapi_save_when_finished

    Do not forget to click the Save button when you have finished.

    General Notes, Infos, Tipsapi_version_number_note


    Multiexcerpt
    MultiExcerptNameapi_versionwork_numberwith_note
    Info

    You can enter numbers and text in the Version field which allows the use of version numbers (e.g. 1.0, 2.1 ...) as well as version descriptions (e.g. Gold, Super etc.).

    General Notes, Infos, Tips
    items

    Click Image Added to add a new item to a list, click Image Added to show/hide the list of items.


    Developer Portalapprover_confirmation


    Multiexcerpt
    MultiExcerptNameapprover_confirmation

    For security reasons, the approver needs to confirm his choice.


    Developer Portal

    confirm_deletion

    api_work_with_items


    Multiexcerpt
    MultiExcerptNameapi_work_with_items

    Click Image Removed to add a new item to a list, click Image Removed to show/hide the list of items.

    confirm_deletion

    For security reasons, you need to confirm the deletion.


    Developer Portal

    General Notes, Infos, Tips

    note_read_confirmation_dialogcopy_to_clipboard


    Multiexcerpt
    MultiExcerptNamenotecopy_readto_confirmation_dialog
    Note

    Please read the confirmation dialog carefully.

    General Notes, Infos, Tips
    clipboard

    Use icon Image Added to copy the key to the clipboard.


    Developer Portalcorresponding_message_in_portaluse_breadcrump


    Multiexcerpt
    MultiExcerptNameuse_breadcrump
    Tip

    Use the breadcrumb menu at the top of the page for guidance.

    corresponding_message_in_portal

    The user gets a corresponding notification in the API Developer Portal.


    Policiescors_policy_chainMetricstipp_elaborated_metrics


    Multiexcerpt
    MultiExcerptNametippcors_elaboratedpolicy_metrics
    Tip

    PAS 22.1 For more elaborated metrics, have a look at the Log Analyzer which offers a default dashboard visualizing API Management insights.

    chain

    API Management sets the CORS headers in the following order:

    1. CORS headers from the CORS policy have the highest priority.
    2. If no CORS policy has been defined, CORS headers from the external API are used.
    Tip

    For detailed explanations about Cross-Origin Resource Sharing (CORS) visit the official Mozilla documentation.



    Terms & Definitionsdefinition_apiNotificationsinfo_enable_mail_notifications


    Multiexcerpt
    MultiExcerptNameinfo_enable_mail_notifications
    Info

    The notifications can also be sent by by email. This feature must be enabled during the the setup of your Scheer PAS installation. Ask your Scheer PAS administrator for help.

    Organizations

    version_note_api_org_creation

    Multiexcerpt
    MultiExcerptNameversion_note_api_org_creation
    Info

    From PAS 22.1 all API Management users can create new organizations. In earlier versions, only users with role Administrator had been able to create organizations.

    Planslocked_plans Multiexcerpt
    MultiExcerptNamelocked_plans
    Note

    Once a plan is locked, it cannot be revised anymore. However, you can still create a new version of this plan.

    Plansnote_on_plan_usage
     Multiexcerpt
    MultiExcerptNamenote_on_plan_usage
    Info

    Only locked plans can be used by APIs in the organization. See Locking a Plan for more information.

    Policiesapi_behind_proxy Multiexcerpt
    MultiExcerptNameapi_behind_proxy
    Note

    Please disable the TLS check if you are using Scheer PAS 21.1 or a newer version, because all PAS components are running behind a proxy server.

    Policiesapi_blacklist_whitelist Multiexcerpt
    MultiExcerptNameapi_blacklist_whitelist
    Note

    An IP Blocklist policy overrides an IP Allowlist policy.

    Policiesapi_enable_option Multiexcerpt
    MultiExcerptNameapi_enable_option
    Note

    It is strongly recommended to enable this option.

    Policiesapi_move_policies
    Multiexcerpt
    MultiExcerptNameapi_move_policies
    The order of the policies is important. The order in which the policies appear in the user interface determines the order they will be applied at runtime. You can drag a policy up and down the list to change the order:
    Policiescors_policy_chain Multiexcerpt
    MultiExcerptNamecors_policy_chain
    definition_api

    APIs in API Management represent real back-end APIs (Application Programming Interfaces). An API is also known as a service, meaning anything that can be invoked remotely by some sort of client. API Management provides a way to turn unmanaged (raw) back-end APIs into managed APIs by attaching policies to them.

    Every managed API can be published as Public API or Private API or both:

    • Public APIs are available to consumers without a key. Only policies defined on the API apply to public APIs.
    • Private APIs are only accessible for known consumers, called clients. Every client has an individual key to access the API. Policies defined on the client, the selected plan in the contract and the API apply.

    In API Management, users can create new APIs manually or easily import them from the API Catalog.


    Terms & Definitionsdefinition_client


    Multiexcerpt
    MultiExcerptNamedefinition_client

    The client is the consumer of the API:

    • The client consumes managed APIs offered through API Management.
    • Each client can consume multiple APIs within API Management. The relation between client and API is defined via a contract and a plan.
    • As with an API or a plan, you can also add policies to a client. When creating a contract, an API-Key to invoke the API will be assigned.


    Terms & Definitionsdefinition_contract


    Multiexcerpt
    MultiExcerptNamedefinition_contract
    A contract relates a client to an API, using a plan.


    Terms & Definitions

    definition_organization


    Multiexcerpt
    MultiExcerptNamedefinition_organization

    Almost everything in the API Management data model exists in the context of an organization:

    • An organization is a logical unit within API Management. This can be a company, department, etc.
    • An organization is a container of other elements: plans, APIs, and clients are defined per organization.
    • Every user must be associated with at least one organization to be able to manage elements in the application.
    • API Management implements role-based access control for users. You can give organization members different roles to restrict the actions he is able to perform and the elements he can manage within the organization.
    • Membership for each organization can be easily managed in the Organization tab.


    Terms & Definitionsdefinition_plan


    Multiexcerpt
    MultiExcerptNamedefinition_plan

    A plan is a set of policies that defines the level of service API Management provides for an API.

    • Plans enable users to define multiple different levels of service for their APIs.
    • Plans specify the contract between a client and an API.
    • It is common to define multiple plans with divergent configuration options for the same API.
      Example:
      An organization offers two plans for the same API: Plan A is more expensive than plan B, but it offers a higher level of API requests in a given (and configurable) period of time.


    Terms & Definitionsdefinition_policy


    Multiexcerpt
    MultiExcerptNamedefinition_policy

    Policies are at the lowest level of the data model, but they are the most important concept: A policy is a rule or a set of rules API Management uses to manage access to your APIs.

    • Policies are applied to all API requests and represent a unit of work applied at runtime to the request by API Management.
    • You can define a policy chain, a defined order in which the policies will be applied to API requests.


    Developer Portal

    description_api_definition_download


    Multiexcerpt
    MultiExcerptNamedescription_api_definition_download

    Downloads the API definition file.


    Developer Portal

    description_api_documentation


    Multiexcerpt
    MultiExcerptNamedescription_api_documentation

    Displays the Open API definition (Swagger) and allows for making test calls if the API is available.


    Developer Portaldetails_page_public


    Multiexcerpt
    MultiExcerptNamedetails_page_public

    On the details page of a Public API, users can find further information about the API such as an extended description and the public endpoint.


    Notificationsinfo_enable_mail_notifications


    Multiexcerpt
    MultiExcerptNameinfo_enable_mail_notifications


    Info

    The notifications can also be sent by by email. This feature must be enabled during the the setup of your Scheer PAS installation. Ask your Scheer PAS administrator for help.



    Planslocked_plans


    Multiexcerpt
    MultiExcerptNamelocked_plans


    Note

    Once a plan is locked, it cannot be revised anymore. However, you can still create a new version of this plan.



    Administrationmanage_users


    Multiexcerpt
    MultiExcerptNamemanage_users

    API Management uses the Identity Management to manage its users. This tool can manage users for multiple applications. Data for each application is stored in so called "realms":

    • Users of Identity Management itself are stored to realm Master.
    • Users of API Management and Log Analyzer are stored to realm Apiman.

    Thus, you need to have to separate admin accounts: one for Identity Management, and one for API Management.


    Plansnote_on_plan_usage


    Multiexcerpt
    MultiExcerptNamenote_on_plan_usage


    Info

    Only locked plans can be used by APIs in the organization. See Locking a Plan for more information.



    General Notes, Infos, Tips

    note_read_confirmation_dialog


    Multiexcerpt
    MultiExcerptNamenote_read_confirmation_dialog


    Note

    Please read the confirmation dialog carefully.



    Policiesnote_require_true


    Multiexcerpt
    MultiExcerptNamenote_require_true


    Note

    Make sure that this option is true if you want to use this policy for authentication.



    Policiesproxy_x_real


    Multiexcerpt
    MultiExcerptNameproxy_x_real


    Info

    In the default setup the gateway runs behind a proxy. In the default scenario there is no need to add the header X-Real-IP in the custom header field IP Address HTTP Header.



    Supportsupport_overview


    Multiexcerpt
    MultiExcerptNamesupport_overview
    1. First of all you can consult our complete technical documentation.
      The documentation is divided into several guides:
    2. If you can't solve your problem with help of the documentation, you can file a ticket to our support team at support@scheer-pas.com.
      All mails to our support mailbox will open a ticket in our service desk.
      Optionally, you may use our service desk portal. There, you can manage your tickets and raise new support requests. Using the portal requires you to register your email address, which will not take much time.

    3. To help you with your problem, our Support team needs some information on your software and environment. Please refer to Information to Include in a Support Request for more details on this.


    Policiesswagger_definition_changes


    Multiexcerpt
    MultiExcerptNameswagger_definition_changes


    Info

    Adding or removing policies does not enrich the Open API documentation. You need to adjust your documentation manually.



    Clientsswagger_ui


    Multiexcerpt
    MultiExcerptNameswagger_ui


    Tip

    For more information about the functions of the Swagger UI, go to the Swagger homepage.



    Administrationtest_gateway_nok


    Multiexcerpt
    MultiExcerptNametest_gateway_nok

    If the configuration is invalid, an error message will be shown including further information about the error itself:

    Image Added


    Administrationtest_gateway_ok


    Multiexcerpt
    MultiExcerptNametest_gateway_ok

    If the gateway configuration is correct, you will get a success message:

    Image Added


    APIstesting_api_with_swagger


    Multiexcerpt
    MultiExcerptNametesting_api_with_swagger


    Info

    Testing of API configurations is only possible with REST APIs that are coming with an OpenAPI Specification.



    Metricstipp_elaborated_metrics


    Multiexcerpt
    MultiExcerptNametipp_elaborated_metrics


    Tip

    PAS 22.1 For more elaborated metrics, have a look at the Log Analyzer which offers a default dashboard visualizing API Management insights.



    General Notes, Infos, Tipsuse_breadcrump


    Multiexcerpt
    MultiExcerptNameuse_breadcrump


    Tip

    Use the breadcrumb menu at the top of the page for guidance.



    Organizations

    version_note_api_org_creation


    Multiexcerpt
    MultiExcerptNameversion_note_api_org_creation


    Info

    From PAS 22.1 all API Management users can create new organizations. In earlier versions, only users with role Administrator had been able to create organizations.



    API Management sets the CORS headers in the following order:

    1. CORS headers from the CORS policy have the highest priority.
    2. If no CORS policy has been defined, CORS headers from the external API are used.
    Tip

    For detailed explanations about Cross-Origin Resource Sharing (CORS) visit the official Mozilla documentation.

    Policiesnote_require_true
     Multiexcerpt
    MultiExcerptNamenote_require_true
    Note

    Make sure that this option is true if you want to use this policy for authentication.

    Policiesproxy_x_real Multiexcerpt
    MultiExcerptNameproxy_x_real
    Info

    In the default setup the gateway runs behind a proxy. In the default scenario there is no need to add the header X-Real-IP in the custom header field IP Address HTTP Header.

    Policiesswagger_definition_changes
     Multiexcerpt
    MultiExcerptNameswagger_definition_changes
    Info

    Adding or removing policies does not enrich the Open API documentation. You need to adjust your documentation manually.

    Supportsupport_overview
    Multiexcerpt
    MultiExcerptNamesupport_overview
    1. First of all you can consult our complete technical documentation.
      The documentation is divided into several guides:
    2. If you can't solve your problem with help of the documentation, you can file a ticket to our support team at support@scheer-pas.com.
      All mails to our support mailbox will open a ticket in our service desk.
      Optionally, you may use our service desk portal. There, you can manage your tickets and raise new support requests. Using the portal requires you to register your email address, which will not take much time.

    3. To help you with your problem, our Support team needs some information on your software and environment. Please refer to Information to Include in a Support Request for more details on this.

    Terms & Definitionsapi_contracts_and_keys Multiexcerpt
    MultiExcerptNameapi_contracts_and_keys

    API Contracts and API Keys

    Only public APIs can be accessed by any consumer. The only way for a client to consume a private API is by using an API contract. An API contract is a link between a client and an API through a plan offered by that API.

    API contracts can only be created between clients and published APIs which are offered through at least one plan. An API contract cannot be created between a client and a public API.

    When an API contract is created, the system generates a unique API Key. This key is unique per client and the same for all contracts of this client. All requests made to the API by a client through the gateway must include this API Key. The API Key is used to create the runtime policy chain from the policies configured on the API, plan and client.

    Info

    You can forward the X-API-Key to the service using the API Key policy. However, you cannot define your own value for the X-API-Key, since the gateway uses the key to identify the clients.

    Terms & Definitionsdefinition_api
    Multiexcerpt
    MultiExcerptNamedefinition_api

    APIs in API Management represent real back-end APIs (Application Programming Interfaces). An API is also known as a service, meaning anything that can be invoked remotely by some sort of client. API Management provides a way to turn unmanaged (raw) back-end APIs into managed APIs by attaching policies to them.

    Every managed API can be published as Public API or Private API or both:

    • Public APIs are available to consumers without a key. Only policies defined on the API apply to public APIs.
    • Private APIs are only accessible for known consumers, called clients. Every client has an individual key to access the API. Policies defined on the client, the selected plan in the contract and the API apply.

    In API Management, users can create new APIs manually or easily import them from the API Catalog.

    Terms & Definitionsdefinition_client
    Multiexcerpt
    MultiExcerptNamedefinition_client

    The client is the consumer of the API:

    • The client consumes managed APIs offered through API Management.
    • Each client can consume multiple APIs within API Management. The relation between client and API is defined via a contract and a plan.
    • As with an API or a plan, you can also add policies to a client. When creating a contract, an API-Key to invoke the API will be assigned.
    Terms & Definitionsdefinition_contract
    Multiexcerpt
    MultiExcerptNamedefinition_contract
    A contract relates a client to an API, using a plan.

    Terms & Definitions

    definition_organization
    Multiexcerpt
    MultiExcerptNamedefinition_organization

    Almost everything in the API Management data model exists in the context of an organization:

    • An organization is a logical unit within API Management. This can be a company, department, etc.
    • An organization is a container of other elements: plans, APIs, and clients are defined per organization.
    • Every user must be associated with at least one organization to be able to manage elements in the application.
    • API Management implements role-based access control for users. You can give organization members different roles to restrict the actions he is able to perform and the elements he can manage within the organization.
    • Membership for each organization can be easily managed in the Organization tab.
    Terms & Definitionsdefinition_plan
    Multiexcerpt
    MultiExcerptNamedefinition_plan

    A plan is a set of policies that defines the level of service API Management provides for an API.

    • Plans enable users to define multiple different levels of service for their APIs.
    • Plans specify the contract between a client and an API.
    • It is common to define multiple plans with divergent configuration options for the same API.
      Example:
      An organization offers two plans for the same API: Plan A is more expensive than plan B, but it offers a higher level of API requests in a given (and configurable) period of time.
    Terms & Definitionsdefinition_policy
    Multiexcerpt
    MultiExcerptNamedefinition_policy

    Policies are at the lowest level of the data model, but they are the most important concept: A policy is a rule or a set of rules API Management uses to manage access to your APIs.

    • Policies are applied to all API requests and represent a unit of work applied at runtime to the request by API Management.
    • You can define a policy chain, a defined order in which the policies will be applied to API requests.


    API Management excerpts managed directly in the documentation

    ...