Overview
API Gateway supports the import and export of the assets that you create or configure in API Gateway. You can import archives of APIs, global policies, and other related assets that you have exported and re-create them in API Gateway. This enables you to easily export and archive the assets; and when required, import them to a different instance of API Gateway or redeploy them on the same instance.
Each artifact in an archive is associated with a universally unique identifier (UUID) that is unique across all API Gateway installations. When importing an archive, the UUID helps in determining whether the corresponding artifact is already available in API Gateway. You can configure whether you want to overwrite the existing artifact or keep the available artifact during the import process.
Note:
During export or import of assets, ensure that the master password is identical across stages and on different instances of API Gateway.
Considerations while importing assets:
The APIs, applications, policies, and aliases you import become visible in
API Gateway immediately.
Active APIs are replaced during import with the updated API and the API level policies.
The updated APIs and updated API level policies do not become effective for ongoing requests.
Active APIs are replaced during deployment with zero downtime without breaking ongoing requests.
Imported applications become effective immediately, even the ongoing requests are affected.
Imported aliases and global policies do not affect the ongoing requests.
You can not define multiple aliases with the same name in API Gateway as overwriting of aliases based on their names during import is not supported. Aliases, like other assets, are identified based on their UUID. Hence, if you want to overwrite an alias by importing, then ensure that the alias being imported has the same UUID as the one in the target instance.
Note:
Do not attempt to modify and import an archive file because import of modified archive files is not supported.
You can export archives from an earlier version to a later version of
API Gateway. However, you can not import from a later version to an earlier version. For example, you can not import an 10.5 asset into a 10.3
API Gateway.
You can also export and import assets using the
API Gateway REST APIs. For more information, see
API Gateway Archive.
When you export an asset, the dependent assets are also exported. If any of the exported assets contain secure strings, the user credential information (passwords) associated with the assets is also exported. When you import this exported asset, API Gateway enforces conditions to check the order of import and the dependency evaluation between assets, and the dependent assets along with the user credential data are imported. For example, if you import an API, API Gateway checks and ensures that all associated policies and aliases are imported along with any passwords, if present, before importing the API.
The Overwrite option available for all the assets allows you to decide whether the asset should be imported if an existing version of the asset already exists in the target instance. In scenarios where you select to overwrite the asset in the target instance, API Gateway also checks for any associated passwords and applies the overwrite accordingly. There is no separate overwrite option for the passwords during import. The password uses the overwrite option of the asset it is associated with. For example, if you are importing an alias with a password, the overwrite option provided for the alias is applied for the password as well. If set to true, the password is overwritten if it already exists in the system.
Functional Privileges
The Export or Import assets and Purge and Archive events category on the Functional privileges page has the available import and export privileges. You must assign the following functional privileges for the required permissions:
Import assets: To import assets previously exported assets from a local system.
Export assets: To export assets and save them on a local system.
Accessing the Export and Import commands in the API Gateway user interface
The export command is either a button with the label
Export, or the
icon. You can export multiple items within lists, such as APIs in the API page, by using the export command in the list menu.
You can import assets using the user menu (
) >
Import command.
Assets that can be exported and imported
Path to Page/Tab | Assets that can be exported and imported |
APIs | APIs |
Policies > Threat protection | Global denial of service |
Denial of service by IP |
Rules |
Mobile device and apps |
Alert settings |
Policies > Global policies | Global policies |
Policies > Policy templates | Policy templates |
Applications | Applications |
Packages > Packages | Packages |
Packages > Plans | Plans |
User menu ( ) > Administration > General | Load balancer Extended settings API fault Approval configuration Outbound proxy URL Aliases Custom content-types Cache configuration Log level configuration Callback processor settings Messaging Web services |
User menu ( ) > Administration > General > Messaging | JNDI Provider Alias JMS Connection Alias |
User menu ( ) > Administration > Security | Keystore/Truststore Ports SAML issuer Custom assertions Kerberos JWT/OAuth/OpenID Providers |
User menu ( ) > Administration > Destinations | API Gateway API Portal (only the Event configurations are exported) Transaction logger Elasticsearch (properties on both tabs—Elasticsearch communication and Events—are exported) Email (properties on both tabs—Email configuration and Templates—are exported) SNMP (properties on both tabs—SNMP communication and Events—are exported) Custom destinations |
User menu ( ) > Administration > System settings | Configurations SAML SSO Note: A change in the SAML SSO configuration from the API Gateway user interface forces the logged in user to log out. However, importing an SAML SSO does not. |
User menu ( ) > Administration > Service registries | Service registry |
User menu ( ) > Administration > Aliases | Aliases |
User menu ( ) > User management | Users Groups Teams Global team assignments Account settings Password restrictions Password expiry settings Account locking settings LDAP configuration |
For more information about how to export APIs and Global policies, see the following:
Dependencies
Some API Gateway assets use other assets. For example, APIs uses policies, aliases, and other assets. As the configuration of an asset is incomplete without the assets it uses, the export features includes the assets that are used by the asset that you export.
Note:
The association of a user to a group is not exported. After importing a user archive, you must manually link the new users to the required groups.
The following table shows the asset dependencies of each type of asset:
Asset | Dependencies (Required) | Dependencies (Optional) |
APIs | Policies, Aliases | Applications, Application registrations |
Applications | APIs, Application registrations | — |
Packages | APIs, Plans, Policies, Subscriptions | — |
Plans | Policies | — |
Subscriptions | Packages, Plans | Applications |
Teams | — | Group |
Approval configurations | Teams | — |
Configuration > Keystore | Keystore, Truststore | — |
Email destination | — | Trust store |
Group | — | User |
JMS connection alias | JNDI provider alias | — |
LDAP configuration | Group | — |
Password expiry settings | — | User |
Port (https) | Keystore, Truststore | — |
Service Registry | Keystore, Truststore | — |
Web service endpoint alias | Teams, JMS, JNDI, JMS Trigger, Keystore, Truststore | — |
Custom destinations | Keystore, Truststore, Aliases | --- |