User Roles and Groups in API Portal
API Portal provides predefined roles that you can assign to users and groups defined in an organization. You can also create custom roles as needed. Users or groups who have roles receive all permissions associated with the roles.
The following is a list of the roles and function privileges in API Portal that apply to API users and administration. For complete information about the predefined roles and creating custom roles in API Portal, see the API Portal User Management help, available from http://API_Portal_host:port/umc/help/en/handling/index.htm.
API Portal User Roles and Groups | Description |
API Administrator | Users with this role can start and stop API Portal, manage API Portal users, customize the API Portal user interface to reflect the organization’s own branding and look and feel, and switch configuration sets to customize views in API Portal. API Administrators can create and remove private communities and can also manage all communities. API Administrators can add and remove users from a community and define community administrators or revoke the community administrator role from a user. |
API Provider | An API provider is allowed to publish APIs to API Portal. These users are registered in CentraSite, API Gateway or API Portal and APIs are published to API Portal. |
API Consumer | An API consumer is allowed to browse the portal, request API access tokens, and test (evaluate) available APIs. |
API User Registration Approvers | This is a group of users who are notified when there is a user registration request for a new user. This group of users are assigned permissions to approve or reject any user registration requests. |
API Consumption Approvers | This is a group of users who are notified when there is a request for API consumption. This group of users are assigned permissions to approve any API consumption request. |
Public Community | This is a group that an on-boarded user is added to, by default. |
In addition to these roles, technical users exist to facilitate communication between systems and applications to ensure that credentials stay the same. A technical user is not associated with a specific user. Rather, a technical user represents a set of credentials and authorizations that is authenticated against an internal list of users, and not with an external set of authentications (for example, Active Directory or LDAP). API Portal administrators create technical users in API Portal, and CentraSite administrators specify the technical user credentials when they register an API Portal instance in CentraSite. Guest users are anonymous users who can browse and test the APIs available in API Portal. When a guest user decides to use an API, the user must register and request an access token.
Note: As a best practice, Software AG recommends using a technical user in CentraSite, API Gateway, and API Portal to publish APIs to API Portal.