Page History
Scheer PAS API Management supports the creation and management of two different types of APIs:
The differences between these two types are often not clear to users, although they are quite simple. In short: While public APIs can be consumed by everyone (assuming no additional security policy has been set), private APIs can only consumed by using an API contract.
In addition to the differences between the two API types, they also have two things in common:
- Both public and private APIs can be protected and further restricted by applying different policies.
- The choice of an API type is not immutable: You can change the API type in the API settings at any time
| Info |
|---|
However, we do not recommend changing the API type once the API has gone live and is in production, as active clients and contracts may already have been created. |
| Panel | ||
|---|---|---|
| ||
|
| Panel | ||
|---|---|---|
|
| Otp | ||
|---|---|---|
|
Public vs Private API: An Overview
Public APIs
Public APIs are accessible to everyone.
Therefore, public APIs are best suited if you want to make your API accessible to everyone.
| Info |
|---|
Public APIs do not require an API Key in order to be called. You can find the public endpoint for the API displayed:
|
Advantages of Public APIs
- It is very easy to consume a public API - you just need to know its public endpoint.
- Clients do not need to register for a public API: Neither a client nor a contract are necessary.
- Compared to a private API, a public API requires less configuration.
Disadvantages of Public APIs
- You have no control over the users of your API (unless the API is further restricted by policies).
- Since a private API is publicly accessible, there is a higher risk of misuse.
- Regarding the available metrics, you cannot distinguish who the caller of your API was.
Common Use Cases for Public APIs
You should use public APIs...
- ... if you want to provide your API to everyone.
- ... if you want to enable internal access without (too many) restrictions.
Private APIs
Private APIs need a contract to be used by clients.
They are best when you want to limit access to the API by selected users and customers.
| Info |
|---|
Private APIs require an API Key in order to be called. You can find the API Key displayed:
|
Advantages of Private APIs
- Access to private APIs can be controlled in a very fine-grained manner, e.g. per approval workflow (refer to Handling Approval Requests for details).
- Different access levels can be mapped by assigning restricted usage plans to your API.
- You have insight into various metrics that can be displayed per client (refer to Metrics for details).
- In addition to the policies assigned to the API, you can also assign policies to each client (refer to Policies > Policy Chain for details). This enables further changes or restrictions, e.g. different authentication methods for customers.
Disadvantages of Private APIs
- To consume a private API, a client and a contract must be created.
- Compared to a public API, a private API requires more complex configuration.
Common Use Cases for Private APIs
You should use private APIs...
- ... if you want to grant access to selected customers.
- ... if you want to monetize your APIs.
API Contracts and API Keys
| Multiexcerpt include | ||||||
|---|---|---|---|---|---|---|
|
Overview
Content Tools