When an API developer signs up and requests an API access token, API-Portal sends the API developer’s sign-up or key request to CentraSite.

CentraSite generates a key, sends the key through an email to the requesting API developer, and deploys the key to Mediator.

After receiving the email, the API developer includes the key in the application so that, at run time, when the application communicates with the virtual service at the Mediator target endpoint, Mediator will call the native service. Mediator acts as a “key enforcer,” validating the key contained in the application’s header.

In addition to key validation, Mediator also collects metrics about the application and sends that data to CentraSite for later analysis and displaying the information on dashboards.