Secure API Manager provides a complete solution for creating, managing, maintaining, and monitoring APIs that you use in your company’s IT environment. It provides a single repository where you can store and manage all of the APIs you use. It allows you to easily manage the life cycle of an API from development to retirement. This allows you to create audit trails through the analytics of the solution to prove compliance with regulation and licensing requirements for the APIs.
The documentation for this product is available on the NetIQ website in HTML and PDF formats on a page that does not require you to log in. If you have suggestions for documentation improvements, click NetIQ Secure API Manager Documentation page. To download this product, see the NetIQ Downloads website.at the bottom of any page in the HTML version of the documentation posted at the
Secure API Manager is an add-on solution for Access Manager. It is an appliance, and it has the systems requirements.
Access Manager 4.5 or later
NFS v3 server
Virtual platform VMware 6.5 or later
Minimum requirements per node:
60 GB of disk space
12 GB of RAM
Google Chrome (latest version)
Microsoft Edge (latest version)
Microsoft Internet Explorer 11.x or later
Mozilla Firefox (latest version)
Secure API Manager is an appliance that you deploy and configure. Secure API Manager consists of four components: Analytics, the API Gateway, the Database Service, and the Lifecycle Manager. The single appliance that you download contains all four components. You must run the Deployment Manager that comes with the appliance to install the appropriate component on the appliance.
For an enterprise environment, we recommend that you deploy each component on a separate appliance. You must have Access Manager 4.5 installed and configured and an NFS v3 server running in your IT environment before you can deploy any of the Secure API Manager components.
NetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, please contact Technical Support.
Secure API Manager and Access Manager require an SSL connection to communicate and share information securely. To create the SSL connection, you must import the Access Manager trusted root certificate to the appliance that becomes the first Database Service component. If you import the trusted root certificate to the appliance before you create a component, the Deployment Manager places a copy of the Access Manager trusted root certificate in the keystore and in the database correctly. It also allows the Deployment Manager to copy the Access Manager trusted root certificate to each component in the Secure API Manager and the SSL connection works properly.
If you wait to import the trusted root certificate until after the first Database Service component exists, the Deployment Manager is not aware of the certificate and it does not copy it to the proper locations on each additional appliance you deploy. This causes communication problems with Access Manager. Ensure that you import the Access Manager trusted root certificate before you launch the Deployment Manager on your first appliance. For more information, see NetIQ Secure API Manager 1.0 Installation Guide.
Issue: Changing the network settings on any appliances breaks the communication between the deployed components. Secure API Manager stores the network settings for all of the components in a database on the Database Service component and in the file system on each component. Changing any network setting after deploying the components breaks the communication between the components. Secure API Manager does not update the entries in the database or the configuration files with the new network settings.
Workaround: If you must change the network settings on an appliance, you must remove the appliance from the Secure API Manager system, restart the remaining components, and then redeploy the appliance with the new network settings. If you have deployed a system in a test environment there is no way to move the system to the production environment. You must redeploy the system in the production environment.
Issue: The components were communicating correctly until someone rebooted one or more of the components, and now the components have stopped communicating with each other.
Secure API Manager deploys each component as a separate Docker container when you deploy the components on separate appliances. All of the components expect the Database Service to be up and communicating. If the Database Service is not available, the other components stop communicating with each other.
There are tenant menu options in the management console and administration console. These options are not functional and are not supported in this release of Secure API Manager. These options and the ability for multi-tenant support will be available in future releases of Secure API Manager.
Issue: In the management console, you do not have the ability to create new roles. There are a set of default roles that contain the functionally you need to use and manage Secure API Manager. When you create a user account, the management console presents the list of default roles you can assign to a user. For more information, see NetIQ Secure API Manager 1.0 Administration Guide.
You control access to the APIs through the Access Manager roles, not the Secure API Manager roles. For more information, see NetIQ Secure API Manager 1.0 Administration Guide.
Workaround: For this release, there is no workaround.
Issue: Some of the event items in the management console do not work in this release. You access the items in the management console under> . The items that do not work are:
Solution: Do not use these options at this time.
Issue: The CORS options when you create an API do not work properly. For example, if you remove GET, not all of the GET calls are blocked. (Bug 1130572)
Workaround: For this release, do not use theoption when implementing CORS.
Issue: When you import a certificate, using a Chrome browser on the appliance management console, it makes you download the certificate to the appliance before you can import it. (Bug 1130244)
Workaround: If you are using Chrome, you must download the certificate to the appliance and then import it. The other workaround is to use a different browser until we fix this issue.
In the Publisher, when you import a certificate, the Publisher allows you to import the certificate. If you later edit the API and view the details, the Publisher does not display the uploaded certificate. If you try to import the certificate a second time, you get an error stating that you already imported the certificate. This is the behavior of the Publisher. (Bug 1128401)
Issue: If you subscribed to an API through an application and the application has either production or sandbox keys generated, the(Bug 1128042)field on the tab of the Store does not auto-populate with the generated key.
Issue: In this release, you can create a REST API from a SOAP endpoint, but you cannot create a new version of that API, Secure API Manager fails to create the new version of the API correctly. Any calls made to the new API fail and return an incorrect response.(Bug 1132261)
Workaround: You can create a new version of the API by creating a new API with a different name as the next version of the REST API.
If you create a SOAP API with invalid WSDL endpoints, the Publisher displays an error when you click Failed to process the WSDL. If you click in the error message and try to click again, you get a new error stating Duplicate context value.. The error is
The Publisher validates the WSDL endpoints before it creates a working SOAP API with WSDL endpoints. When you try to force the Publisher to continue, it then sees the values that you already entered as duplicate information and you cannot proceed. If you clickNetIQ Secure API Manager 1.0 API Management Guide.at the top of the page, the Publisher allows you to continue with the creation of the API. At the end of the process, the API exists in the Publisher but it does not work because it has invalid WSDL endpoints. For more information, see
We recommend that when you create a SOAP API with WSDL endpoints, you ensure that the WSDL endpoints are valid. (Bug 1127090)
Secure API Manager is built using Docker. Docker’s time zone is set to UTC, but any machine that accesses Secure API Manager has its own time zone set. Because of differences between the time zones of the two machines, events might sometimes appear to be in the future even though they have already happened. There is currently no workaround for this release. (Bug 1128790)
Issue: If you have a distributed environment where the API Gateway and the Lifecycle Manager are on separate appliances, when you edit the throttling policies or add new throttling policies the changes appear in the Publisher but the Publisher does not execute these throttling policies. Secure API Manager stores the throttling policies in a configuration file on the NFS server. If the API Gateway and Lifecycle Manager have separate NFS servers or mount points, Secure API Manager only creates the configuration file on the mount point for the Lifecycle Manager and not on the API Gateway. Without the policies on the API Gateway, the policies do not work. (Bug 1131713)
Workaround: You can copy the edited policy file or the new policy file to the API Gateway to get the throttling policies to work. To copy the file from the Lifecycle Manager to the API Gateway:
After you have edited a throttling policy or added a new throttling policy, access the NFS mount point for the Lifecycle Manager.
Access the directory Lifecycle Manager NFS/server/executionplans/.
Find the appropriate file in the directory, then copy the file.
Access the same directory on the API Gateway’s NFS mount point API Gateway NFS/server/executionplans/.
Copy the file from the Lifecycle Manager in to the directory on the API Gateway server.
Secure API Manager automatically detects the new file and updates the Publisher. The Publisher and the API Gateway enforce the new throttling policies or the edited policies as they appears in the Publisher.
Issue: Generating the production keys in an application returns an error. This happens only when the Access Manager configuration information is incorrect. (Bug 1130126)
Solution: If the error occurs, you must delete the application, ensure that the Access Manager integration is correct, and then recreate the application. When you generate the production keys, there is no error.
In this release, users with only the publisher role assigned cannot access Analytics in the Publisher. To access Analytics, a user must have more than the publisher role assigned. (Bug 1128399)
There is a cosmetic error that appears in the Publisher when you delete the a REST API parameter. When you click (Bug 1135680), a window pops up asking you if you are sure you want to the delete the parameter. If you click , the next time you click , the pop up window has one button and two buttons. This is a cosmetic issue. If you click , you never see the issue.
Issue: If the session in the web browsers for the users and administrators change, Secure API Manager requires that they reauthenticate. This ensure that not database gets corrupted.
Solution: The users and administrators do not have to reauthenticate if you use sticky seasons on the L4 switch or load balancer. This ensures that the data in Secure API Manager does not get corrupted.
Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.
For detailed contact information, see the Support Contact Information website.
For general corporate and product information, see the NetIQ Corporate website.
For interactive conversations with your peers and NetIQ experts, become an active member of our community. The NetIQ online community provides product information, useful links to helpful resources, blogs, and social media channels.
© Copyright 2019 Micro Focus or one of its affiliates.
The only warranties for products and services of Micro Focus and its affiliates and licensors ("Micro Focus") are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Micro Focus shall not be liable for technical or editorial errors or omissions contained herein. The information contained herein is subject to change without notice.
For additional information, such as certification-related notices and trademarks, see http://www.microocus.com/about/legal/.