CentraSite Documentation : Working with the CentraSite Business UI : API Management Solutions : Managing API Keys and OAuth 2.0 Tokens : Revoking an API Key
Revoking an API Key
 
Configuring the Email Notification for Key Revocation
After issuing an API key, you might want to revoke the key if you find serious error in the API. When you revoke an API key, client access to the associated API is blocked, and the client that is assigned that key can no longer access the resources exposed by that API.
The API provider (and users who belong to a role with the permissions stated above), can revoke an API key.
Note:  
The Revoke option is not available for the OAuth 2.0 tokens.
To revoke an API key, the following prerequisites must be met:
*Ensure that you have configured the API Consumption Settings so that the API is configured for either API key authentication or OAuth2 authentication, as described in Configuring the API Consumption Settings.
*Ensure that a target instance (for example, Mediator) is up and running. For information on creating and managing targets, see Run-Time Governance with CentraSite .
To revoke an API key
1. Display the details page for the API whose key you want to revoke. If you need procedures for this step, see Viewing Details for an API.
2. Locate the hyperlinked text "N" Consumers in the description area of the Basic Information profile, for example, “N” Consumers.
3. Click on the hyperlinked number “N” to see the list of keys available for the API.
4. Click on the hyperlinked API key name to see more information about who consume the API.
5. Locate the API key you want to revoke.
6. Mouse over the API key name, and click on the Revoke  icon displayed to the right hand side.
A confirmation message appears that the API key will be revoked.
Once the API key revocation is processed, CentraSite sends an email message to the API consumer informing that the request has been processed successfully.
CentraSite provides predefined email template only intended for the API key revocation. By default, this template is configured in the centrasite.xml file. But, if you do not want to use the predefined email template, you can create your own template and configure the centrasite.xml file as necessary. For more information on how to configure an email template for API key revocation, see Configuring the Email Notification for Key Revocation.
For more information on how to configure an email notification for API key revocation in the CentraSite Business UI, see Configuring the API Consumption Settings.
Copyright © Software AG, Darmstadt, Germany.

Product LogoContact Support   |   Community   |   Feedback