Creating and Editing APIs

API Key is the simplest form of authentication, your API Partner applications have one or more API keys defined for them - and any given one of them identifies that API Partner Application as the caller. Note that this API key should be treated as a secret password, which it essentially is.

By enabling basic authentication, you enable your API Partner Applications to authenticate by providing their client_id and client_secret as userid/password in a Basic Authentication. Note that as usual, you should in the Ceptor Gateway ensure that all only https/encrypted connections are used.

Almost the same as OAuth 2.0 authentication, but exposes the OpenID Connection configuration metadata URL in the OpenAPI definition, The URL is usually https://www.yourorganisation.com/.well-known/openid-configuration

This enables authentication using a bearer token, an access token earlier issued using OpenID Connect / OAuth 2.0

Essentially the same as bearer authentication, but provides the OAuth 2.0 authorize and token URLs in the OpenID Configuration, and allows specifying what scopes to require.

You can secure your APIs anyway you want using e.g. SPNEGO / Kerberos, WS-Security, SAML or other means of authentication if you just set it up in the API Gateway.

Specify a required permission to get access to this location. See authorization for more information.

Permissions and ACLs can contain very advanced functionality, such as ABAC (Attribute-Based Access Control) - see authorization for more information.

List of roles/groups, if any roles are specified, at least one of them is required to access the resources.

Custom script (JavaScript, Groovy or Python code) which can perform complex authorization decisions

Mock APIs, or using JavaScript, Groovy or Python

You can use a script to generate a response to your clients - this is ideal for creating mocks or testing stubs for APIs.

If you check one of the override checkboxes for an operation, you will get a script for this particular operation.

Implement APIs using Pipelines and Tasks

If scripts or proxying is not enough for you, you can use Ceptor Gateway's Pipelines and Tasks for your API implementation. 

Proxy requests to backend destination servers

Proxying allows you to proxy the request toward a destination server, and stream its response back to the client.

You can either use a predefined destination for your selected environment, or you can use a custom one you specify yourself.

If you specify a custom destination, you have all the same options available as any destination within the gateway.

When implementing an API in the Ceptor API Gateway, you can take advantage of the Pipelines and Tasks functionality that allows you to drag tasks together to perform different actions. This can be specified per API level and overridden for specific operations.

Examples of tasks are:

• Calling remote services
  Perform an HTTP request to call a service, or retrieve data from a resource
• Transform content from XML to JSON and back and combine responses from multiple different requests into one
• Execute script
  Allows the script to do any processing it wants by running custom code.
• Call pipeline
  Call another pipeline and run through all its tasks – this allows you to chain pipelines and reuse collections of tasks from other pipelines.

To publish an API click Publish for the appropriate environment to publish the API.

It is possible to publish an API, but having it marked as not being available in the Developer Portal - in that case, the API is still accessible (with possible subscription/security restrictions) but not visible within the Developer Portal, so API Partners / Developers cannot try it out from within it.

When you save, the API Gateway is updated and the APIs are immediately available in the given environments that they are published within.

Once your API is published in an environment, you can try it out.