webMethods and Intelligent Business Operations 10.2 | API Gateway User's Guide | Applications | Overview
 
Overview
An application defines the precise identifiers by which messages from a particular consumer application is recognized at run time. The identifiers can be, for example, user name in HTTP headers, a range of IP addresses, such that API Gateway can identify or authenticate the consumers that are requesting an API.
The ability of API Gateway to relate a message to a specific consumer application enables it to:
*Control access to an API at run time (that is, allow only authorized consumer applications to invoke an API).
*Monitor an API for violations of a Service-Level Agreement (SLA) for a specified application.
*Indicate the consumer application to which a logged transaction event belongs.
An application has the following attributes for specifying the identifiers:
*IP address, which specifies one or more IP addresses that identify requests from a particular consumer application. Example: 192.168.0.10
This attribute is queried when the Identify and Authorize Application policy is configured to identify consumer applications using IP address.
*Claims set, which specifies one or more claims that identify requests from a particular consumer application. The claims are a set of name-value pairs that provide sufficient information about the application. Example: sub = Administrator.
This attribute is queried when the Identify and Authorize Application policy is configured to identify consumer applications using a JWT token or an OpenID token.
*Consumer certificate, which specifies the X.509 certificates that identify requests from a particular consumer.
This attribute is queried when the Identify and authenticate consumer policy is configured to identify the consumer applications by a consumer certificate.
*Identification token, which specifies the host names, user names or other distinguishing strings that identify requests from a particular consumer application.
This attribute is queried when the Identify and authenticate consumer policy action is configured to identify consumer applications by host name, token, HTTP user name, and WSS user name.
An application has a partner ID, which is a definition for applications that can be leveraged within a B2B scenario.
If you have the Manage Application functional privilege assigned, you can create and manage applications, and register applications with the APIs.
These are the high level stages of managing and using an application:
1. API developers request the API Gateway administrators to create an application for access as per the required identification criteria.
2. API Gateway provider or administrator validates the request and creates a new application, there by provisioning the application specific access tokens (API access key and OAuth credentials).
3. API Developer, upon finding a suitable API, sends a request to API Gateway for consumption by providing the application details.
4. After validating the request, API Gateway provider or administrator associates the application with the API. Keys are generated for applications and not for every API that the application consumes.
Note: The approval process, if any, is handled by the requesting application and not handled by API Gateway.
5. The API developer can then use the application with the proper identifier (such as the access key or identifier) to access the API.
API key expiration date
An API Gateway application has an optional expiration date for its API key. When the API access key expires, the application cannot be identified. The API Gateway Administrator can configure the apiKeyExpirationPeriod parameter from the General > Extended settings page. If the expiration date is not specified, then the API key never expires.
Suspended Applications
You can suspend applications so as to disable the identification of requests temporarily. If a suspended application is identified while processing a request the request is rejected with HTTP 403 (Forbidden) error. The response body has the following content:
Application has been identified but it is currently suspended. Please contact
the API Gateway administrator for further details.
You can resume the suspended applications to enable the identification again.
Copyright © 2015- 2018 | Software AG, Darmstadt, Germany and/or Software AG USA, Inc., Reston, VA, USA, and/or its subsidiaries and/or its affiliates and/or their licensors.
Innovation Release