API Gateway 10.5 | Using API Gateway | Export and Import Assets and Configurations | Overview
 
Overview
API Gateway supports the import and export of the assets that you create or configure in API Gateway. You can import archives of APIs, global policies, and other related assets that you have exported and re-create them in API Gateway. This enables you to easily export and archive the assets; and when required, import them to a different instance of API Gateway or redeploy them on the same instance.
Each artifact in an archive is associated with a universally unique identifier (UUID) that is unique across all API Gateway installations. When importing an archive, the UUID helps in determining whether the corresponding artifact is already available in API Gateway. You can configure whether you want to overwrite the existing artifact or keep the available artifact during the import process.
Note:
During export or import of assets, ensure that the master password is identical across stages and on different instances of API Gateway.
Considerations while importing assets:
*The APIs, applications, policies, and aliases you import become visible in API Gateway immediately.
*Active APIs are replaced during import with the updated API and the API level policies.
*The updated APIs and updated API level policies do not become effective for ongoing requests.
*Active APIs are replaced during deployment with zero downtime without breaking ongoing requests.
*Imported applications become effective immediately, even the ongoing requests are affected.
*Imported aliases and global policies do not affect the ongoing requests.
*You can not define multiple aliases with the same name in API Gateway as overwriting of aliases based on their names during import is not supported. Aliases, like other assets, are identified based on their UUID. Hence, if you want to overwrite an alias by importing, then ensure that the alias being imported has the same UUID as the one in the target instance.
Note: 
*Do not attempt to modify and import an archive file because import of modified archive files is not supported.
*You can export archives from an earlier version to a later version of API Gateway. However, you can not import from a later version to an earlier version. For example, you can not import an 10.5 asset into a 10.3 API Gateway.
You can also export and import assets using the API Gateway REST APIs. For more information, see API Gateway Archive.
When you export an asset, the dependent assets are also exported. If any of the exported assets contain secure strings, the user credential information (passwords) associated with the assets is also exported. When you import this exported asset, API Gateway enforces conditions to check the order of import and the dependency evaluation between assets, and the dependent assets along with the user credential data are imported. For example, if you import an API, API Gateway checks and ensures that all associated policies and aliases are imported along with any passwords, if present, before importing the API.
The Overwrite option available for all the assets allows you to decide whether the asset should be imported if an existing version of the asset already exists in the target instance. In scenarios where you select to overwrite the asset in the target instance, API Gateway also checks for any associated passwords and applies the overwrite accordingly. There is no separate overwrite option for the passwords during import. The password uses the overwrite option of the asset it is associated with. For example, if you are importing an alias with a password, the overwrite option provided for the alias is applied for the password as well. If set to true, the password is overwritten if it is already exists in the system.
Functional Privileges
The Export or Import assets and Purge and Archive events category on the Functional privileges page has the available import and export privileges. You must assign the following functional privileges for the required permissions:
*Import assets: To import assets previously exported assets from a local system.
*Export assets: To export assets and save them on a local system.
Accessing the Export and Import commands in the API Gateway user interface
The export command is either a button with the label Export, or the icon. You can export multiple items within lists, such as APIs in the API page, by using the export command in the list menu.
You can import assets using the user menu () > Import command.
Assets that can be exported and imported
Path to Page/Tab
Assets that can be exported and imported
APIs
APIs
Policies > Threat protection
Global denial of service
Denial of service by IP
Rules
Mobile device and apps
Alert settings
Policies > Global policies
Global policies
Policies > Policy templates
Policy templates
Applications
Applications
Packages > Packages
Packages
Packages > Plans
Plans
User menu () > Administration > General
*Load balancer
*Extended settings
*API fault
*Approval configuration
*Outbound proxy
*URL Aliases
*Custom content-types
*Cache configuration
*Log level configuration
*Callback processor settings
*Messaging
*Web services
User menu () > Administration > General > Messaging
*JNDI Provider Alias
*JMS Connection Alias
User menu () > Administration > Security
*Keystore/Truststore
*Ports
*SAML issuer
*Custom assertions
*Kerberos
*JWT/OAuth/OpenID
*Providers
User menu () > Administration > Destinations
*API Gateway
*API Portal (both the Event configurations and communication configurations are exported)
*Transaction logger
*Elasticsearch (properties on both tabs—Elasticsearch communication and Events—are exported)
*Email (properties on both tabs—Email configuration and Templates—are exported)
*SNMP (properties on both tabs—SNMP communication and Events—are exported)
User menu () > Administration > System settings
*Configurations
*SAML SSO
Note:
A change in the SAML SSO configuration from the API Gateway user interface forces the logged in user to log out. However, importing an SAML SSO does not.
User menu () > Administration > Service registries
*Service registry
User menu () > Administration > Aliases
*Aliases
User menu () > User management
*Users
*Groups
*Teams
*Global team assignments
*Account settings
*Password restrictions
*Password expiry settings
*Account locking settings
*LDAP configuration
For more information about how to export APIs and Global policies, see the following:
* Exporting APIs
* Exporting Global Policies
Dependencies
Some API Gateway assets use other assets. For example, APIs uses policies, aliases, and other assets. As the configuration of an asset is incomplete without the assets it uses, the export features includes the assets that are used by the asset that you export.
Note:
The association of a user to a group is not exported. After importing a user archive, you must manually link the new users to the required groups.
The following table shows the asset dependencies of each type of asset:
Asset
Dependencies (Required)
Dependencies (Optional)
APIs
Policies, Aliases
Applications, Applications registrations
Applications
APIs, Application Registrations
Registered Applications
APIs
Applications
Packages
APIs, Plans, Policies, Subscriptions
Plans
Policies
Subscriptions
Packages, Plans
Applications
Teams
Group
Approval configurations
Teams
Configuration > Keystore
Keystore, Truststore
Email destination
Trust store
Group
User
JMS connection alias
JNDI provider alias
LDAP configuration
Group
Password expiry settings
User
Port (https)
Keystore, Truststore
Service Registry
Keystore, Truststore
Web service endpoint alias
Teams, JMS, JNDI, JMS Trigger, Keystore, Truststore