API access use cases on webMethods.io Developer Portal

Knowledge base
, , , , ,
1

Introduction

This article explains how to restrict API access for different customers on the webMethods Developer Portal.

Audience

It is assumed that readers of this article know how to set up APIs on API Gateway and webMethods Developer Portal.

Prerequisites

  • Active tenant subscription on webMethods.io API Gateway and Developer Portal
  • APIs configured on API Gateway

Use case

  • In our use case, we have 4 APIs.
  • 2 APIs belong to the Amazon partner and the other two belong to Facebook
  • We will publish these APIs to their respective community from the API Gateway
  • Access to these APIs will be granted based on the access level to the community

Benefits to business use case

  • The user is given the API consumer access role and can access only APIs available on Private Community
  • The user will not be able to see the APIs available on other Private Communities
  • The user can see the analytics of APIs only
  • Access is governed at the community level instead of user level

image
image974Ă—403 85.6 KB

What is the Community in the Developer Portal?

  • The Community facilitates API administrators or API providers in handling API visibility among the Developer Portal users
  • The users with API Administrator and API Provider privileges can create communities and manage the members of a community
  • There are two types of communities in the Developer Portal - private community and public community

Private Community

  • As the name suggests, a Private Community contains APIs that are available only for its members

Public Community

  • The Public Community comes along with the product installation and is open to all users, registered or unregistered

Create User

  • Create a user on the Developer Portal to manage users

  • In our case we will create two users, one for Amazon API and the other for Facebook API

  • Navigate to manage users and add two users

  • In our case username will be

    AmazonUser  -  For Amazon Partner
FacebookUser - For Facebook Partner

image
image975Ă—313 55.3 KB

  • Provide an API consumer role to both the users

image
image974Ă—363 53.4 KB

Create a Private Community

  • Click on the user icon on the top right and select the “Manage communities”

image
image975Ă—413 62 KB

  • In our case we will create two communities

    1. AmazonCommunity
    2. FacebookCommmunity

image
image973Ă—269 34.8 KB

  • The AmazonCommunity will contain all APIs related to it
  • In our case, it will be
    • AmazonLoginAPI
    • AmazonStatusAPI
  • The Amazon user should be tied to the AmazonCommunity

image
image975Ă—400 18 KB

  • In a similar fashion, the FacebookCommmunity will contain the APIs related to it
  • In our case, it will be
    • FacebookLoginAPI
    • FacebookStatusAPI
  • The Facebook user should be tied to the FacebookCommmunity

image
image975Ă—438 28 KB

Publish the API from the API Gateway to the Developer Portal

  • Publish the APIs from API Gateway to Developer Portal
  • Publish both the Amazon API to the Developer Portal under AmazonCommunity
  • In our case, it will be the AmazonLoginAPI and the AmazonStatusAPI

image
image954Ă—746 109 KB

  • In a similar fashion publish both Facebook APIs to the Developer Portal under the FacebookCommunity
  • In our case, it will be the FacebookLoginAPI and the FacebookStatusAPI

image
image801Ă—626 77 KB

Policy setting at API Gateway level

  • For all the APIs published to the Dev Portal, enable the log invocation policy under traffic monitoring
  • Under Destination, select the API Portal as well

image
image973Ă—371 93.1 KB

  • To see the analytics on the Dev Portal dashboard we need to enable the Identify and access policy for each API in the API Gateway
  • In our case, we will enable the API key

image
image974Ă—330 77.2 KB

Verification at the Developer Portal

  • Login to the Dev Portal using Amazon Partner credentials
  • Click on the slicer and select community
  • As a user is associated with the Amazon Private community, we can see only AmazonCommunity and public community

image
image975Ă—594 67.7 KB

  • We can see only two APIs published to AmazonCommunity

image
image975Ă—319 40.8 KB

Create Application

  • Create an application with the name “AmazonAppForIntegration”

image
image974Ă—220 26.6 KB

  • Associate two Amazon APIs with this application.

image
image966Ă—433 50.5 KB

• Now connect to the Dev Portal with Facebookuser.

image
image974Ă—576 84 KB

image
image974Ă—576 84 KB

  • In similar fashion create the application with the name “FacebookAppForIntegration”
    image
    image974Ă—230 26.6 KB

image
image974Ă—499 72.4 KB

Testing the API in the Developer Portal

  • Invoke the API with its respective user.
  • Log in using AmazonUser and invoke the API associated with the user
  • Similarly log in using FacebookUser and invoke the API associated with it

image
image973Ă—270 45.7 KB

Dashboard for Amazon APIs

  • Navigate to the dashboard where the user is AmazonUser
  • We can see only the Amazon APIs on the dashboard and not any other API

image
image975Ă—414 56.9 KB

image
image975Ă—528 82 KB

Dashboard for Facebook APIs

  • Navigate to the dashboard where the user is FacebookUser
  • We can see only the Facebook APIs on the dashboard, not any other APIs

image
image973Ă—398 49.3 KB

Points to remember

  • The user added in the Dev Portal should be assigned appropriate roles
  • The application should be created within the Developer Portal
  • The “identify and authorize” policy should be enabled on the API Gateway

This article is part of the TECHniques newsletter blog - technical tips and tricks for the Software AG community. Subscribe to receive our quarterly updates or read the latest issue.

2 Likes