CentraSite Documentation : Working with the CentraSite Business UI : API Management Solutions : Predefined Policies for API Management : The API Key Management Policies : API Key Renewal Policy
API Key Renewal Policy
After an API key is generated, users sometimes want to renew the old key due to expiration or security concerns. API Consumers can re-generate/renew API keys to change the default expiration time of an API key, consumer of an API generates the API key which serves as an authentication token when the consumer requests for consumption of the API.
When a consumer requests for renewing an API key (as described in Renewing API Keys), CentraSite internally creates and triggers an API Key Renewal policy for the API. A request for the API key renewal is subsequently submitted to all members of the approval list specified in the Initiate Approval action. The approvers can either approve or decline the request. If the approvers approve the request, CentraSite re-generates the API key, deploys the generated key in the Mediator, and notifies the consumer that the API is now ready for consumption using the newly generated key.
Object Scope
*Virtual Service
*Virtual XML Service
*Virtual REST Service
Event Scope
OnTrigger
Policy Actions
The API Key Renewal policy includes the following built-in actions:
*Initiate Approval - Initiates an approval workflow.
*Renew API Key - Re-generates an API key with new validity for the API.
Input Parameters
Key Expiration Interval
String. Mandatory. Specifies the new time interval a re-generated API key can remain active. When the interval expires, the current key is marked expired.
*Deploy API Key - Re-deploys the API key with new validity in the gateway (for example, Mediator).
Note:  
The action is prone to failure due to the fact that the gateway may be down/unreachable. In case of failure, the API Provider is informed through the configured email. For example, if an API key is already deployed in multiple gateways and upon API key renewal, re-deployment fails in a couple of gateways, a mail would be sent to API Provider informing that the API key deployment failed in the listed gateways. Currently, API Provider is not allowed to deploy an API key alone. Instead, the Provider has to redeploy the API itself so as to deploy the updated key (after taking corrective actions in Mediator).
Input Parameters
None.
*Create Auditable Events - Creates an audit log record about the renewal of the access key.
*Send Email Notification - Sends an email message to specified a group of users.
For more information about configuring the parameters for built-in actions, see the CentraSite Developer’s Guide.
Copyright © 2005-2015 Software AG, Darmstadt, Germany.

Product LogoContact Support   |   Community   |   Feedback