This section describes how to view the information stored for a proxy API and how to change them.
To edit a proxy API, the following prerequisites must be met:
If you are not the owner of the API, you cannot edit the proxy API unless you have "Modify" permission on that API (granted though either a role-based permission or an instance-level permission).
When you view the details for the API, you will only see profiles for which you have "View" permission. You will only be able to edit the profiles on which you have "Modify" permission.
Some attributes are designed to be read-only and cannot be edited even if they appear in a proxy API on which you have "Modify" permission.
Some attributes accept only specific types of information.
To edit the information for a proxy API
In CentraSite Business UI, display the detail page of the proxy API whose attributes you want to modify. If you need procedures for this step, see Viewing Details for an API Proxy.
To modify the basic attributes, such as, Name, Description or Version number, place the cursor in the appropriate field and modify the text as required.
To modify the extended attributes associated with the proxy API, do the following:
Select the profile that contains the attribute(s) that you want to modify.
Edit the attributes on the profile as necessary.
Repeat steps 3.a and 3.b for each profile that you want to edit.
To modify the run-time actions configured for the proxy API, do the following:
Go to panel 2 of the Virtualize wizard.
To add an action to the Message Flow area, do the following:
In the Policy Actions area, expand the desired accordion (Request Handling, Policy Enforcement, Response Handling or Error Handling).
Locate the action you want to add for the proxy API.
Drag and drop the action in the appropriate stage (Receive, Enforce, Routing or Response) in Message Flow area.
Repeat the above steps for each action that you want to add.
To reconfigure an existing action in the Message Flow area, do the following:
In the Message Flow area, locate and mouse hover the action whose parameters you want to modify.
Choose the 
icon to the right of the action name.
In the <action name> dialog box, set the values for the parameters as necessary.
Click to save the parameter settings.
Repeat the above steps for each action that you want to modify.
Remove an action from the Message Flow area using the 
icon to the right of the action name.
To publish or unpublish the API proxy on or more targets, do the following:
Go to panel 3 of the Virtualize wizard.
Select or unselect the targets from that you want to publish or unpublish the API proxy.
Click or button, appropriately.
You have the following profile information specific to a proxy API:
The Provider Overview profile of an API shows a link to the API, a list of access URIs and the API keys.
The following example shows the Provider Overview profile for an API. Note that the Access URI provides the exact address of each endpoint.
The Consumer Overview profile of an API displays the following information:
For an instance of the SOAP API, this profile displays the Consumer Service WSDL / WSDL URL, and a list of Access URIs and API keys.
For an instance of the REST-based API, this profile displays a list of Access URIs and API keys.
The following example shows the Consumer Overview profile for an API. Note that the Access URI provides the exact address of each endpoint.
In this profile, you specify the precise values for the consumer identifier token(s) that you want to use for identifying consumers for the API. (Alternatively, you may configure this profile to allow unrestricted access.)
For example, if you configure the Identification profile to identify consumers by IP address, the PEP extracts the IP address from a request’s HTTP header at run time and searches its list of consumers for the API that is defined by that IP address.
Note:
If you want to authenticate consumers, make sure that your policy
enforcement point is configured to enable authentication. For information, see
the webMethods Mediator documentation or the documentation for your third-party
PEP.
Note:
For reasons of legibility some of the examples below contain break
lines and may not work when pasted into applications or command line tools.
| In this field... | Do the following... |
|---|---|
| IPv4 Address |
Use this field to identify consumers based on their originating 4-byte IP address range. Specify a range of IPv4 addresses. Type the lowest IP address in the From field and the highest IP address in the To field. For example, "192.168.0.0 and 192.168.0.10" The API will identify only those requests that originate from the specified IP address. If you need to specify additional IP addresses, use the plus button to add more rows. |
| IPv6 Address |
Use this field to identify consumers based on their originating 128-bit IPv6 address. Specify a IPv6 address. For example, "fdda:5cc1:23:4::1f" The API will identify only those requests that originate from an IP address that lies between the specified ranges. If you need to specify additional IP addresses, use the plus button to add more rows. |
| Hostname |
Use this field to identify consumers based on a specified host name. Specify the hostname. For example, "pcmachine.ab.com" The API will identify only those requests that originate from the specified host name. If you need to specify additional hostnames, use the plus button to add more rows. |
| HTTP Token |
Use this field to authenticate consumers based on the user name that is transmitted in an HTTP authentication user token. Specify one or more HTTP user names. For example, "SAGUser123" The API will identify only the requests that contain the specified user name encoded and passed in the HTTP authentication user token. If you need to specify additional tokens, use the plus button to add more rows. |
| WS-Security Token |
Use this field to authenticate consumers based on the user name that is transmitted in the SOAP or XML message header (HTTP body). Specify the WSS username token. For example, "userwss" The API will identify only the requests that contain the specified user name passed in the SOAP or XML message header. If you need to specify additional tokens, use the plus button to add more rows. |
| XPath Token |
Use this field to identify consumers based on the result of applying an XPath expression on the SOAP or XML message or request. //*[local-name()= 'Envelope']/* [local-name()='Body']/* [local-name()= 'echoInt']/* [local-name() ='echoIntInput='] [.='2'] The API will identify the requests that contain the XPath and the consumers. If you need to specify additional tokens, use the plus button to add more rows. |
| Consumer Certificate |
Use this field to identify consumers based on information in an X.509 v3 certificate. Click to locate and select the certificate (.cer) file. |
| API Key String | Read-only. String. The API key for authentication of API consumption. The API key is typically hidden from users who browse the catalog looking for APIs to reuse and is visible only to a particular user (known as the API's owner). |
| Expiry Date | Read-only. String. The expiration date for the API key. |
| In this field... | Do the following... |
|---|---|
| API Service | Read-only. String. The name of the an API that is associated with the API key. To view details of the an API, click its hyperlinked name. |
