- Secure the Access
- Distinguish between internal and external consumer
- Transform data, results and protocol (wsdl to rest API)
- Archive Scalling and Load Balancing
- Monitor the Access
- Monetize
- EASY API Creation
- Security
- Monetization
- Usage Statistic
- Discovery
- Documentation
- Testing
- Collaboration
- Import from file (singgel file, zip file):
- Rest
- SOAP
- GraphQL
- Import from url
- Rest
- SOAP
- OData
- GraphQL
- Create from Scratch
- Rest
- WebSockets (Currently on-premise only)
- Publish from an Integration Server
- Rest
- SOAP
- Rest API
- Gateway endpoint points to API Gateway in IS
- e.g http:///gateway/signUpAPI
- SOAP API
- Gateway endpoint points to IS Web Service Stack
- e.g http:///ws/airtPortInfo
- Delete Gateway endpoint(s) on Integration Server
- Remove Gateway endpoint definition on API details page
- Further consumption disabled
- Parameters used to pass and add additional information to a request
- Can be added at the API, Rest Resource, and Rest Method levels
- If API in API Gateway has change, do republish to apply change in API Portal
- Developer Portal at a glance
- Developer Portal Users
- Providers
- Consumers
- Basic API Management in Developer Portal
- Provide
- Maintain
- Enrich
- API Consumption in Developer Portal
- Discover
- Try
- Collaborate
- API Provider/Administrator
- Provide APIs to Developer Portal via :
- Import from metadata
- Publish from API Gateway
- Publish from Integration Server
- Manage
- Analyze
- Enrich
- Provide APIs to Developer Portal via :
- API Consumer
- Register
- Discover
- Test
- Rate
- Collaborate
- API Provider tasks :
- Import additional APIs
- Edit API short/long description
- Assign an API Icon
- Create a Community, assing API to Community
- Update API
- Delete API
- API Consumer :
- Discover APIs (search and explore)
- Get an Access Token
- Try an API
- Use an API in own apps
- Rate an API
- Follow an API
- Social collaboration via post
- Identification/Authentication
- Authorization
- Confidentiality
- Data Integrity
APIs in API Gateway are unsecured by default.
- Security Policies
- Applications
- Inbound security (enforce the security for incoming request before API invoke)
- Outbound security (enforce the security from on the way API to the backend service, if the backend service require for use security setting)
- Applications
- Identifier:
- Application-specific Access Token e.g API Key
- Username/password
- Hostname
- IP Range
- Bearer Token
- Linked APIs
- this police use for logging all or specific, example request payload or response payload.
- logging to specified destination.
- log invocation can be defined Globaly or at API level.
- logged data can be inspected using Analitycs capability of API Gateway
- this police use for filter the response from backend to consumer, example if the reponse have sensitif data like age or id card, the data can't be forward to consumer if use Response Transformation
- Transform native messages from native APIs into a format a required by the customer
- Configure to transform response :
- payload
- header
- status code and message and other
Can be defind at API level only
- example if the API have request on the spesific time frame API Gateway would denied serving this request
- effect all incoming request
- prevent malicious attacks on applications that typically involve large, recursive payloads and SQL injection
- to be defind at API Gateway level
- also visible at API level (read-only)
- by example in case config on api gateway is :
Key Value Maximum requests 3 In (seconds) 60 Maximum requests inprogress 1 Block intervals (minutes) 1 Error message Too many request to me! If on 60 second API on API Gateway have 4 request, the last request cannot be prosses not fordward to backend and block by API Gateway