API Management Guide
Step by Step Guides
step_by_step_policies
On page Policies you can find an overview of all policies provided in API Management. Furthermore, for each policy a separate page is available explaining its configuration options.
goto_chapter_organizations
Visit chapter Organizations to learn more about the details of an organization and its configuration options.
goto_chapter_apis
Visit chapter APIs to learn more about the details of an API and its configuration options.
api_definition_details
Detailed information about the necessary settings in the definition file can be found on page Managing APIs > Definition.
General Notes, Infos, Tipps
note_read_confirmation_dialog
Please read the confirmation dialog carefully.
api_save_when_finished
Do not forget to click the Save button when you have finished.
api_displayed_when_published
This tab is only visible for published APIs.
api_displayed_when_registered
This tab is only visible for registered clients.
api_link_to_policy_page
On page Policies you can find an overview of the standard policies supplied with Scheer PAS API Management. Page Assigning Policies shows how to configure a policy.
api_version_number_note
You can enter numbers and text in the Version field which allows the use of version numbers (e.g. 1.0, 2.1 ...) as well as version descriptions (e.g. Gold, Super etc.).
api_work_with_items
Click to add a new item to a list, click to show/hide the list of items.
Terms & Definitions
definition_organization
Almost everything in the API Management data model exists in the context of an organization:
definition_plan
A plan is a set of policies that defines the level of service the API Management provides for an API.
Example:
An organization offers two plans for the same API: Plan A is more expensive than plan B, but it offers a higher level of API requests in a given (and configurable) time period.
definition_api
APIs represent real back-end APIs (Application Programming Interfaces). An API is also known as a service, meaning anything that can be invoked remotely by some sort of client. API Management provides a way to turn unmanaged (raw) back-end APIs into managed APIs by attaching policies to them. Every managed API can be published as Public API or Private API or both: In API Management, users can create new APIs manually or easily import them from the API Catalog.
definition_client
The client is the consumer of the API:
definition_policy
Policies are at the lowest level of the data model, but they are the most important concept: A policy is a rule or a set of rules Scheer PAS API Management uses to manage your APIs.
api_contracts_and_keys
Only public APIs can be accessed by any consumer. The only way for a client to consume a private API is by using an API contract. An API contract is a link between a client and an API through a plan offered by that API. API contracts can only be created between clients and published APIs which are offered through at least one plan. An API contract cannot be created between a client and a public API. When an API contract is created, the system generates a unique API Key. This key is unique per client and the same for all contracts of this client. All requests made to the API by a client through the gateway must include this API Key. The API Key is used to create the runtime policy chain from the policies configured on the API, plan and client. You can forward the X-API-Key to the service using the API Key policy. However, you cannot define your own value for the X-API-Key, since the gateway uses the key to identify the clients.API Contracts and API Keys
Organizations
api_org_creation
Only users with role Administrator are allowed to create new organizations.
APIs
public_api_testcode
basePath: /yourGatewayNameHere/yourOrganizationNameHere/yourApiNameHere/theApiVersionNumberHere
host: yourHostNameHere:portNumberHere
private_api_testcode
Note: Depending on the used policies, further entries in the YAML or JSON file may be necessary.basePath: /yourGatewayNameHere/yourOrganizationNameHere/yourApiNameHere/theApiVersionNumberHere
host: yourHostNameHere:portNumberHere
schemes:
- http (or https)
security:
- X-API-Key: []
securityDefinitions:
X-API-Key:
description: Authenticate using pre-acquired API key
in: header
name: X-API-Key
type: apiKey
Policies
api_move_policies
The order of the policies is important. The order in which the policies appear in the user interface determines the order they will be applied at runtime. You can drag a policy up and down the list to change the order:
api_blacklist_whitelist
An IP Blacklist policy overrides an IP Whitelist policy in the same plan.
api_enable_option
It is strongly recommended to enable this option.
api_no_ipv6
The use of IPv6 is neither possible in the blacklist nor in the whitelist policy.
Clients
api_registered_client
Until the client is registered with the runtime gateway, it is not possible to make requests to backend APIs on behalf of that client.
swagger_ui
For more information about the functions of the Swagger UI visit the Swagger homepage.
Plans
locked_plans
Once a plan is locked, it cannot be revised. However, you can still create a new version of this plan.