Theoretically, a public API can be used by everyone. Depending on the assigned visibility, it may not be found by all users. If you have tried this tutorial on your own system and you want to make sure that the API is not accessible to everyone, we recommend that you disable or delete the created API afterwards if the customer system is accessible to the public.
In API Management go My APIs and search for your API. If you used the tutorial settings, its name is PublicEchoAPI_YourName. | |
Click on the API tile to open its detail page. |
You have various options for making your API less or no longer accessible:
You can delete the API completely by pressing Delete . | ||
The deletion of an API cannot be undone. You will therefore need to confirm the action.
|
You can also retire the API. On the details page of the API, open the status drop-down and select Retire. This will shut down the API version. | |
Note that this action cannot be undone after confirming. | |
Now, this API it is not invokable any more. Nevertheless, you have still access to the API's configuration details and you are still able to create a new version from it. |
Another possibility to make the API less accessible is changing its visibility. This restricts the user group that is able to find the API in the Developer Portal.
Go to tab Settings and change the visibility to Organization Members. Your API is now still public, but can only be found by members of your organization. | |
Re-publish the API to apply the change. | |
If you want to test this, log out from PAS and open the API Developer Portal (you can open the API Developer Portal of your system in a browser window in incognito mode instead of logging out). Search for your API. If you are not logged in, you should not be able to find it. |
Another possibility to make the API less accessible is changing its type. If you change the API type from public to private, you disable public availability of the API.
Go to tab Settings and disable option Public API.
|
|