API access use cases on webMethods.io Developer Portal

Introduction

This article explains how to restrict API access for different customers on the webMethods Developer Portal.

Audience

It is assumed that readers of this article know how to set up APIs on API Gateway and webMethods Developer Portal.

Prerequisites

  • Active tenant subscription on webMethods.io API Gateway and Developer Portal
  • APIs configured on API Gateway

Use case

  • In our use case, we have 4 APIs.
  • 2 APIs belong to the Amazon partner and the other two belong to Facebook
  • We will publish these APIs to their respective community from the API Gateway
  • Access to these APIs will be granted based on the access level to the community

Benefits to business use case

  • The user is given the API consumer access role and can access only APIs available on Private Community
  • The user will not be able to see the APIs available on other Private Communities
  • The user can see the analytics of APIs only
  • Access is governed at the community level instead of user level

What is the Community in the Developer Portal?

  • The Community facilitates API administrators or API providers in handling API visibility among the Developer Portal users
  • The users with API Administrator and API Provider privileges can create communities and manage the members of a community
  • There are two types of communities in the Developer Portal - private community and public community

Private Community

  • As the name suggests, a Private Community contains APIs that are available only for its members

Public Community

  • The Public Community comes along with the product installation and is open to all users, registered or unregistered

Create User

  • Create a user on the Developer Portal to manage users

  • In our case we will create two users, one for Amazon API and the other for Facebook API

  • Navigate to manage users and add two users

  • In our case username will be

    AmazonUser  -  For Amazon Partner
    FacebookUser - For Facebook Partner
    

  • Provide an API consumer role to both the users

Create a Private Community

  • Click on the user icon on the top right and select the “Manage communities”

  • In our case we will create two communities

    1. AmazonCommunity
    2. FacebookCommmunity

  • The AmazonCommunity will contain all APIs related to it
  • In our case, it will be
    • AmazonLoginAPI
    • AmazonStatusAPI
  • The Amazon user should be tied to the AmazonCommunity

  • In a similar fashion, the FacebookCommmunity will contain the APIs related to it
  • In our case, it will be
    • FacebookLoginAPI
    • FacebookStatusAPI
  • The Facebook user should be tied to the FacebookCommmunity

Publish the API from the API Gateway to the Developer Portal

  • Publish the APIs from API Gateway to Developer Portal
  • Publish both the Amazon API to the Developer Portal under AmazonCommunity
  • In our case, it will be the AmazonLoginAPI and the AmazonStatusAPI

  • In a similar fashion publish both Facebook APIs to the Developer Portal under the FacebookCommunity
  • In our case, it will be the FacebookLoginAPI and the FacebookStatusAPI

Policy setting at API Gateway level

  • For all the APIs published to the Dev Portal, enable the log invocation policy under traffic monitoring
  • Under Destination, select the API Portal as well

  • To see the analytics on the Dev Portal dashboard we need to enable the Identify and access policy for each API in the API Gateway
  • In our case, we will enable the API key

Verification at the Developer Portal

  • Login to the Dev Portal using Amazon Partner credentials
  • Click on the slicer and select community
  • As a user is associated with the Amazon Private community, we can see only AmazonCommunity and public community

  • We can see only two APIs published to AmazonCommunity

Create Application

  • Create an application with the name “AmazonAppForIntegration”

  • Associate two Amazon APIs with this application.

• Now connect to the Dev Portal with Facebookuser.

Testing the API in the Developer Portal

  • Invoke the API with its respective user.
  • Log in using AmazonUser and invoke the API associated with the user
  • Similarly log in using FacebookUser and invoke the API associated with it

Dashboard for Amazon APIs

  • Navigate to the dashboard where the user is AmazonUser
  • We can see only the Amazon APIs on the dashboard and not any other API

Dashboard for Facebook APIs

  • Navigate to the dashboard where the user is FacebookUser
  • We can see only the Facebook APIs on the dashboard, not any other APIs

Points to remember

  • The user added in the Dev Portal should be assigned appropriate roles
  • The application should be created within the Developer Portal
  • The “identify and authorize” policy should be enabled on the API Gateway

This article is part of the TECHniques newsletter blog - technical tips and tricks for the Software AG community. Subscribe to receive our quarterly updates or read the latest issue.

2 Likes