Secure API Manager allows you to add existing REST APIs to the Publisher to create a single repository for all of your APIs. The Publisher consumes the Swagger file or the Swagger URL for the existing APIs. You must understand REST and Swagger to create a REST API. For more information, see Required Knowledge.
If you do not have a Swagger file or Swagger URL for the API, you can manually add the API to the Publisher as if you were creating a new API. For more information, see Designing a Prototype REST API.
Adding the REST API to the Store occurs during the add process. This is called publishing the REST API.
To add and publish an existing REST API:
Log in to the Publisher using the account your Secure API Manager administrator gave you.
https://lifecycle-manager-dns-name:9444/publisherTo add a REST API:
Click Add New API.
Select I Have an Existing API.
Select Swagger File, browse to and select the file, then click Start Creating.
or
Select Swagger URL and specify the URL, then click Start Creating.
Use the following information to define the REST API:
Specify a name for the REST API that appears in the Store. No spaces are allowed.
Specify the URI context path of the REST API. It is case sensitive.
Specify the version of the REST API. This helps you manage the lifecycle of the REST API.
Select whether the REST API is Public or Restricted by Roles. For more information, see Section 4.0, Controlling Access to the APIs through the Access Manager Roles.
Specify a description of the REST API that appears in the Store. The description helps people understand the purpose of the REST API.
Specify tags in a comma-separated list to describe the REST API. Use common words or key phrases as tags.
Upload an image to represent the REST API in the Store. The maximum dimensions are 100 x 100 pixels.
This section contains all of the REST calls defined in the Swagger file. You can edit the Swagger file to make changes.
To implement the REST API:
Click Next: Implement.
Select Managed API.
Add the production endpoints of the REST API as follows:
Select HTTP/REST Endpoint for your endpoint type. You only use the SOAP endpoint only if you used SOAP to create the API.
Specify the back-end URL for the REST API.
(Conditional) If the REST API requires it, add the credentials of the back-end service.
Select whether to enable a message mediation policy.
The message mediation policy allows you to convert the input or output of the REST API from XML to JSON or from JSON to XML. For more information, see Converting JSON to XML.
(Conditional) If your environment requires CORS, select Enable API based CORS Configuration.
CORS allows you to define additional domains that are in your environment. By default, to stop cross-site scripts, Secure API Manager does not allow multiple domain names. For more information, see Cross-origins resource sharing Wiki
.
Use the following information to enable CORS:
Select this option to allow all domain names that contain the origin domain name.
Add any additional headers to this section to allow Secure API Manager to use additional domains.
Ensure that the correct REST methods are listed.
Select this option to allow credentials from other domains.
Click Next: Manage API.
Configure the REST API as follows:
Select this option to make the version of the published REST API the default version so that when you access the REST API through a URL you do not have to enter a specific version. For example, if the REST API version is 2.5 and the URL is https://my.company.com/timesheet/2.5, users just have to enter https://my.company.com/timesheet/.
Select whether you want to use HTTPS or HTTP. HTTPS is the secure transport type.
Select whether you want to cache the response from the REST API. Caching is disabled by default. Enabling this option speeds up the response of the REST API because Secure API Manager caches the response. If you enable this option, ensure that you define a cache timeout period.
Configure the following throttling options for the REST API:
This option limits the number of calls Secure API Manager allows to the back-end. If you select Specify, you must specify the number of transactions per second (TPS) for the production environment and the sandbox environment.
Select the appropriate tier that allows the correct number of requests per second. When users subscribe to the REST APIs, the subscription tiers controls the request to the API.
Select whether you want the throttling policy applied at the REST API level. If you select the API level, Secure API Manager ignores the other policies and does not apply them.
Select whether the REST API is used in a production environment, sandbox environment, or both types of environments.
Define the business information about the REST API. For example, specify the business owner of the REST API and the technical owner of the REST API.
Add scopes to limit who has access to the REST API. For more information, see Section 4.0, Controlling Access to the APIs through the Access Manager Roles.
Click Save & Publish, then decide whether to continue editing the REST API, access the Store, or view an overview of the REST API.
You can access and test the REST API in the Store to ensure that it works. For more information, see Invoking and Testing the REST APIs. If you have documentation to add to the REST API, proceed to Section 6.0, Managing Documentation for the APIs.