3.2 Adding and Publishing an Existing REST API

Secure API Manager allows you to add existing REST APIs to the Publisher to create a single repository for all of your APIs. The Publisher consumes the Swagger file or the Swagger URL for the existing APIs. You must understand REST and Swagger to create a REST API. For more information, see Required Knowledge.

If you do not have a Swagger file or Swagger URL for the API, you can manually add the API to the Publisher as if you were creating a new API. For more information, see Designing a Prototype REST API.

Adding the REST API to the Store occurs during the add process. This is called publishing the REST API.

To add and publish an existing REST API:

  1. Log in to the Publisher using the account your Secure API Manager administrator gave you.

    https://lifecycle-manager-dns-name:9444/publisher
  2. To add a REST API:

    1. Click Add New API.

    2. Select I Have an Existing API.

    3. Select Swagger File, browse to and select the file, then click Start Creating.

      or

      Select Swagger URL and specify the URL, then click Start Creating.

    4. Use the following information to define the REST API:

      Name

      Specify a name for the REST API that appears in the Store. No spaces are allowed.

      Context

      Specify the URI context path of the REST API. It is case sensitive.

      Version

      Specify the version of the REST API. This helps you manage the lifecycle of the REST API.

      Visibility

      Select whether the REST API is Public or Restricted by Roles. For more information, see Section 4.0, Controlling Access to the APIs through the Access Manager Roles.

      Description

      Specify a description of the REST API that appears in the Store. The description helps people understand the purpose of the REST API.

      Select Image

      Upload an image to represent the REST API in the Store. The maximum dimensions are 100 x 100 pixels.

      API Definition

      This section contains all of the REST calls defined in the Swagger file. You can edit the Swagger file to make changes.

  3. To implement the REST API:

    1. Click Next: Implement.

    2. Select Managed API.

    3. Add the production endpoints of the REST API as follows:

      Endpoint Type

      Select HTTP/REST Endpoint for your endpoint type. You only use the SOAP endpoint only if you used SOAP to create the API.

      Production Endpoint

      Specify the back-end URL for the REST API.

      Endpoint Security Scheme

      (Conditional) If the REST API requires it, add the credentials of the back-end service.

    4. Select whether to enable a message mediation policy.

      The message mediation policy allows you to convert the input or output of the REST API from XML to JSON or from JSON to XML. For more information, see Converting JSON to XML.

    5. (Conditional) If your environment requires CORS, select Enable API based CORS Configuration.

      CORS allows you to define additional domains that are in your environment. By default, to stop cross-site scripts, Secure API Manager does not allow multiple domain names. For more information, see Cross-origins resource sharing Wiki.

    6. Use the following information to enable CORS:

      Access Control Allow Origins

      Select this option to allow all domain names that contain the origin domain name.

      Access Control Allow Headers

      Add any additional headers to this section to allow Secure API Manager to use additional domains.

      Access Control Allow Methods

      Ensure that the correct REST methods are listed.

      Access Control Allow Credentials

      Select this option to allow credentials from other domains.

  4. Click Next: Manage API.

  5. Configure the REST API as follows:

    Make this the Default Version

    Select this option to make the version of the published REST API the default version so that when you access the REST API through a URL you do not have to enter a specific version. For example, if the REST API version is 2.5 and the URL is https://my.company.com/timesheet/2.5, users just have to enter https://my.company.com/timesheet/.

    Transports

    Select whether you want to use HTTPS or HTTP. HTTPS is the secure transport type.

    Response Caching

    Select whether you want to cache the response from the REST API. Caching is disabled by default. Enabling this option speeds up the response of the REST API because Secure API Manager caches the response. If you enable this option, ensure that you define a cache timeout period.

  6. Configure the following throttling options for the REST API:

    Maximum Backed Throughput

    This option limits the number of calls Secure API Manager allows to the back-end. If you select Specify, you must specify the number of transactions per second (TPS) for the production environment and the sandbox environment.

    Subscription Tiers

    Select the appropriate tier that allows the correct number of requests per second. When users subscribe to the REST APIs, the subscription tiers controls the request to the API.

    Advanced Throttling Options

    Select whether you want the throttling policy applied at the REST API level. If you select the API level, Secure API Manager ignores the other policies and does not apply them.

  7. Select whether the REST API is used in a production environment, sandbox environment, or both types of environments.

  8. Define the business information about the REST API. For example, specify the business owner of the REST API and the technical owner of the REST API.

  9. Add scopes to limit who has access to the REST API. For more information, see Section 4.0, Controlling Access to the APIs through the Access Manager Roles.

  10. Click Save & Publish, then decide whether to continue editing the REST API, access the Store, or view an overview of the REST API.

You can access and test the REST API in the Store to ensure that it works. For more information, see Invoking and Testing the REST APIs. If you have documentation to add to the REST API, proceed to Section 6.0, Managing Documentation for the APIs.