The API Consumption Model Using API Keys
To enable a consumer to access and use an API using API access key, the following events must occur:
1. The consumer sends a request to consume an API. The request must include the consumer's authentication credentials.
2. CentraSite generates the API key for consumption of the API (the specific key generation steps depend on the configuration settings defined by the Provider (owner) of the API). Later, CentraSite prepares the API for publishing and invokes the API Key Generation policy on the Mediator.
3. The API Key Generation policy publishes the API key to Mediator.
4. If publish of the API key is successful, the API Key Generation policy returns a success message with details including API Key, Expiration Date, and Usage Notes of the access key for consuming the API. If publish of the API key is unsuccessful, the deployer service returns a failure message.
5. The consumer accesses the URL for API consumption, sends the API key as an integral part of the HTTP/SOAP request header or as a query string in the URI, and upon validation of the API key consumes the API.
6. If the consumption is successful, the consumer uses the API. If the consumption is unsuccessful for some reasons of authorization, a 500 fault is returned.