With many new APIs launched every day, and more and more enterprises starting to open up their web APIs, API use cases are increasing. Nowadays, the number of daily API calls is surging, and how to manage these APIs securely and efficiently has become a challenge to enterprises.
iPaaS offers the API publishing feature, which allows you to quickly package published apps to generate APIs for users to manage and call, and provides API management capabilities to control access permissions and traffic scheduling for APIs.
Log in to the iPaaS console and click Integration development > APIs on the left sidebar.
On the APIs page, you can create or view API services, view API catalogs, manage API subscription credentials, and manage the approvals.
There are three API service status: configuring, running, and stopped. You can hover to see service domain name to view the publishing environment and domain name of the API service.
The operations supported by the API service include: view, create new API, lauch, remove, delete, view description files, and view release history.
The API management feature supports OpenAPI Specification v3.0.0. For the object definitions of OpenAPI Specification v3.0.0, see OpenAPI Specification. You can click Create to enter the API creation page.
There are two ways to create an API service: including manually creating and importing service.
On the [APIs] page, click Import API service. On the Basic settings page, configure the following information and click Next.
On the Policy info page, configure the following information and click Done to create the API service.
After we have created an API service, we can start editing its specific API. Including API request path, request method, authentication policy, request parameters, policy settings, backend service type and other operations.
There are 3 steps to create a new API (The appendix uses postman as an example to introduce how to call the API from the user side).
API name and description support customization. For grouping, you can choose the default grouping or create a new grouping.
Support configuration response example and error code configuration.
When all the above configurations are completed, click Finish, and the API list will be returned, and the created API information will be displayed here.
The created API will be displayed in the API list, and you can create, view and edit APIs on this page. You can publish APIs, set and view API description files and call credentials, and view API subscription details.
The left side is the API list, and the default tab page on the right side is the detailed configuration information of the API: API access path, request method, parameters, backend service type, etc. can be viewed here.
The description file is a description for the current API service. The YAML/JSON format file is displayed on the left, and the Swagger visualization content is displayed on the right.
When creating an API service, if the selected authentication strategy is NoAuth, this option can be ignored. Conversely, if the API service requires authentication, you need to configure the calling credentials on this page. With any calling credentials under the current service, you can call any API under the service.
The above picture is the certificate list page, the created certificate will be displayed here, select New Credential to create a new certificate. Customize the credential information and save it.
The listed API service can be subscribed and invoked by all sub-UINs under the business owner's UIN. This menu allows you to view the status of the current API service being subscribed.
Here you can see a list of all users who have subscribed to the API, and at the same time, you can remove a user's subscription.
Click Delete to delete the current API service. After deletion, all configurations under the API service will be cleared and cannot be restored. The running service cannot be deleted directly, it needs to be stopped first and then deleted.
Published API services can change state, environment, etc. Go to API Service > Operations > More > View Release History path. This function can view the historical situation after the release of the API service (up to 10 items can be displayed).
The API catalog displays listed API services. Similar to an API service market, after the service is put on the shelf, it is not limited to the project dimension, and can be viewed, subscribed to and called by all sub-accounts under the current admin account. This page provides a quick search for services by their properties. At the same time, you can apply for subscription or unsubscribe API service.
When applying for API service subscription, you need to select or create a new subscription certificate. Associate the credentials with the API service. After being approved by the system administrator, you can successfully subscribe.
After canceling the subscription, the API service cannot be called, and this operation does not need to be reviewed by the system administrator.
This list can display or search for all subscription certificates, and at the same time, new certificates can be created. Subscription credentials are used to subscribe to services in the API catalog. Credentials are keys to an API service. When applying to subscribe to the API service, associate the credential with the API service, fill in the credential when calling, and the service can be called successfully. At the same time, you can see the Key and Secret of various authentication types of the credential, which can be directly copied when calling.
One credential supports association with multiple API services. All API services associated with this credential can be viewed on the subscribed API tab page.
When creating a new credential, you can customize the relevant attributes.
Approvals management is divided into two functions: my applications and my approvals. Matters related to approvals are handled on this function page.
var hmac_key = "2e4d0bbad47e3b5e3a0c";
var hmac_secret = "815ba6d666d58ef1e79b";
var time = new Date().toUTCString();
console.log("time:" + time)
var signed_headers_string = "";
signing_string= pm.request.method + "\n" + pm.request.url.getPath() + "\n" + pm.request.url.getQueryString() + "\n" + hmac_key + "\n" + time + "\n" + signed_headers_string;
console.log("signing_string:\n" + signing_string);
var signatureBytes = CryptoJS.HmacSHA256(signing_string, hmac_secret);
var requestSignatureBase64String = CryptoJS.enc.Base64.stringify(signatureBytes);
console.log("requestSignatureBase64String:" + requestSignatureBase64String)
//used in Header
pm.globals.set("sign", requestSignatureBase64String); //hmac signature
pm.globals.set("hmac_key", hmac_key); //hmac key
pm.globals.set("date", time); //request time