CentraSite Documentation : Working with the CentraSite Business UI : API Management Solutions : Predefined Policies for API Management : The API Key Management Policies : API Key Revocation Policy
API Key Revocation Policy
After an access key is generated, users sometimes want to revoke the token if compromised in any way, or no longer wants to use it. API Provider can revoke access keys to disable usage of an API subscribed by the consumer.
When a provider or consumer requests for revocation of an access key, CentraSite internally triggers an API Key Revoke policy for the API. The policy revokes the access key, and then notifies the consumer that the requested key is revoked and no longer available for accessing the API.
Object Scope
*Virtual Service
*Virtual XML Service
*Virtual REST Service
Event Scope
OnTrigger
Policy Actions
The API Key Revocation policy includes the following built-in actions:
*Revoke API Key - Revokes an existing access key for the API.
Input Parameters
None.
*Create Auditable Events - Creates an audit log record about the revocation of the access key.
*Send Email Notification - Sends an email message to the consumer who requested for key revocation.
Note:  
In case of failure to revoke the API key, the API Provider is informed through the configured email.
For more information about configuring the parameters for built-in actions, see the CentraSite Developer’s Guide.
Copyright © 2005-2015 Software AG, Darmstadt, Germany.

Product LogoContact Support   |   Community   |   Feedback