CentraSite does not begin generating an API key unless a consumer requests an API for consumption.
To enable guest users (i.e. users without a valid CentraSite user account) to access and register as consumers of APIs, you must do the following:
Create a policy that enables the administrators to approve or reject the "Register as Consumer" requests. For information, see Consumer Onboarding Policies for details.
Configure the API key settings. For information, see Configuring the API Key Settings.
Virtualize the endpoint in the native API. For information, see Virtualizing an API
Publish the virtual API into the Mediator. For information, see Publishing an API for Consumption.
When requesting an API for consumption, keep the following points in mind:
If you are a registered user and accessing CentraSite using the logon credentials, to request an API key, you must have View permission on the API. If your user account belongs to a role that has either the "Manage Assets", "Create Assets", "Modify Assets" or "View Assets" permission for an organization, you automatically have permission to request all APIs in that organization.
If you are a registered user and accessing CentraSite as a guest, to request an API for consumption, you must at least have the instance-level "View" permission on the API.
If you are a registered user and accessing CentraSite as a guest, when you request an API for consumption, you will be prompted to specify your logon credentials.
If you are not a registered user and accessing CentraSite as a guest, when you request an API for consumption, you will be prompted to register as a consumer in CentraSite.
CentraSite internally executes the consumer on-boarding workflow. This workflow helps you to onboard in an organization of interest within the CentraSite registry/repository. An onboarding request is sent to the organization’s administrator for approval. On successful onboarding of the user, a request for consumption of the selected API will be sent to the provider of the API who will generate the API Key for consumption.
The
action applies only for the virtualized services.Use the following procedure to request an API for consumption.
To request an API for consumption
In CentraSite Business UI, display the details page for the API that you want to consume. For procedures, see the section Viewing Details for an API.
On the API detail page, click ).
In the Consume API dialog, do one of the following:
Enable the Email me checkbox so as to receive auto-generated workflow notifications.
Enter a valid reason to request the API for consumption.
Specify a precise identifier token by which messages from you will be recognized at runtime. See Using Consumer Evaluators for details.
Click the
button.An API key request is sent to the designated approvers of API consumption for approval. On approval, a request for consumption of the selected API will be sent to the provider of the API who will generate the API Key for consumption.
Once approved, the API consumption request will be processed and notification sent to you at specified email address.
However, if an approval workflow is not defined for the API, the key is generated immediately.
In the Login to Your Account panel, do the following:
Enter your username and password.
Click the
button.Enable the Email me checkbox so as to receive auto-generated workflow notifications.
Enter a valid reason to request the API for consumption.
Specify a precise identifier token by which messages from you will be recognized at runtime. See Using Consumer Evaluators for details.
Click the
button.An API key request is sent to the designated approvers of API consumption for approval. On approval, a request for consumption of the selected API will be sent to the provider of the API who will generate the API Key for consumption.
Once approved, the API consumption request will be processed and notification sent to you at specified email address.
However, if an approval workflow is not defined for the API, the key is generated immediately.
In the Request an Account panel, specify the following:
Enter your First Name, Last Name and Email address.
Type in your password in the Password field.
Retype the password in the Confirm Password field.
Enter the Organization you want to join
If the Organization field is left blank, CentraSite will automatically register the user as a consumer in the organization that was configured in the Global Onboarding Policy.
Click the
button.Enable the Email me checkbox so as to receive auto-generated workflow notifications.
Enter a valid reason to request the API for consumption.
Specify a precise identifier token by which messages from you will be recognized at runtime. See Using Consumer Evaluators for details.
Click the
button.A consumer registration request is sent to the organization’s administrator for approval. On successful registration of the consumer, a request for consumption of the selected API will be sent to the provider of the API who will generate the API Key for consumption.
However, if an approval workflow is not defined for the API key, the key is generated immediately.
When you request API key for consumption of an API that requires additional runtime actions validation as configured by the provider, CentraSite requires you to specify additional identifiers.
In this field... | Do the following... |
---|---|
IPv4 Address |
Specify a range of IPv4 addresses. Type the lowest IP address in the From field and the highest IP address in the To field. This will identify only those requests originating from any IP address that lies between the specified range. Example: 192.168.0.0 and 192.168.0.10 If you need to specify additional IP addresses, use the plus button to add more rows. |
IPv6 Address |
Specify a IPv6 address. This will identify only those requests that originate from the specified IP address. Example: fdda:5cc1:23:4::1f If you need to specify additional IP addresses, use the plus button to add more rows. |
Hostname |
Specify the hostname. This will identify only those requests that originate from the specified hostname. Example: pcmachine.ab.com If you need to specify additional hostnames, use the plus button to add more rows. |
HTTP Authentication Token |
Specify one or more HTTP user names. This will identify only those requests that contain the specified user names encoded and passed in the HTTP authentication user token. Example: SAGUser123 If you need to specify additional tokens, use the plus button to add more rows. |
WS-Security Authentication Token |
Specify the WSS username token. This will identify only those requests that contain the specified user name passed in the SOAP or XML message header. Example: userwss If you need to specify additional tokens, use the plus button to add more rows. |
XPath Token |
Specify one or more XPath expressions. This will identify only those requests that contain the specified XPath in the SOAP or XML message or request. Example: //*[local-name()='Envelope']/*[local-name()='Body']/*[local-name()='echoInt']/*[local-name()='echoIntInput='][.='2'] If you need to specify additional tokens, use the plus button to add more rows. |
Consumer Certificate |
Specify the X.509 certificates that help the API owner to identify requests from you. Click to locate and select the certificate (.cer) file. |