Managing APIs with API Manager

Version 5

    This document describes how you use API Manager to invoke APIs that are available on Informatica Intelligent Cloud Services, and how to apply policies and view analytic reports on these invocations.

     

     

    Introduction to API Manager

     

    API Manager Overview

    API Manager is a cloud-based service that an organization uses to manage the APIs for enterprise services and processes built in Informatica Cloud Application Integration. With the API Manager, your organization can deploy, manage, and control the use of APIs.

    The API Manager provides the following functionality:

    • Seamless integration with Informatica Cloud Application Integration to manage APIs for Informatica Cloud Application Integration services using REST and SOAP protocols
    • API lifecycle management, including activating, deactivating, and deleting APIs
    • Access to API metadata and description
    • API policy management
    • API analytics, including dashboard, security exception log and activity log

     

    With the API Manager, your organization ensures that internal or external users can safely and securely use your APIs. Administrators use the API Manager to create managed APIs from your Informatica Cloud Application Integration services and set policies and access authorization that control usage for managed APIs. Administrators can monitor and analyze managed API usage with the API Analytics dashboard, and activity and security exception logs.

     

    The Analytics dashboard provides a visual summary information about APIs, which includes trends in usage over time, APIs with the most invocations, and the most frequent users. The comprehensive security exception log allows administrators to quickly identify and analyze unauthorized API access attempts and policy exceptions. The access log includes a comprehensive report of all API access attempts.

     

    To create and use a managed API, an organization administrator performs the following steps:

    1. Select an Informatica Cloud Application Integration service.
    2. Create a managed API for the service. When the API Manager creates a managed API, it automatically activates the managed API.
    3. Set the organization policies for usage.
    4. Copy the managed API URL and provide the URL to API consumers.

     

    Before you Start

    Before you use API Manager, ensure that you have an active Informatica Intelligent Cloud Services account, have defined user roles through the Administrator, and have an API Manager license. To access API Manager, the user must be assigned the Admin role.

     

    For more information about registration and roles, refer to the Informatica Cloud Administrator Guide.

     

    Note: A trial subscription includes access to API Manager with a trial license during the trial period.

     

    API Domain Name

    When you access API Manager for the first time, you are prompted to select an API domain name.

     

    The domain name identifies the organization and is used in the URLs created for the managed APIs of an organization. For example, the URL of the managed API of a service named GetEmployee might be https://<base-url>:8243/<API-domain-name>/t/GetEmployee/1.0.0. We recommended that you use a subdomain of the organization domain.

     

    Select the domain name carefully. You can change the domain name at any time, but any change of the domain name after you start to use the system will result in the deletion of your organization API Manager settings, including managed APIs, policies, and analytics data.

     

    Accessing API Manager

    Access the API Manager through the Informatica Intelligent Cloud Services service picker.

    1. In the Informatica Intelligent Cloud Services login page, enter your user name and password.
    2. Click Log In.
    3. 3.If you are accessing API Manager for the first time, select an API domain name. On the API Domain Name window, define a unique domain name and click Save.
    4. In the Informatica Intelligent Cloud Services service picker, select API Manager. The API Manager service appears.

     

    Administration

     

    Administration Overview

    Use the API Manager to activate, manage, deactivate, or delete APIs. To manage an API, you select an Informatica Cloud service and create a managed API for the service. When the API Manager creates the managed API, it also activates the managed API. After activation you copy the managed API URL and provide it to your API consumers.

     

    If you want to temporarily make the managed API unavailable, you can deactivate the managed API. To stop running the service as a managed API, you can delete the managed API. When you delete the managed API, the Informatica Cloud service is not affected.

     

    Managed APIs can also be viewed with API Portal. API consumers can use API Portal to access detailed information about APIs so that they can incorporate APIs into their applications. For more information, see Informatica API Portal Guide.

     

    Viewing Services and Managed APIs

    Use the API Registry page of the API Manager to view and select Informatica Cloud services and create and handle managed APIs.

     

    The following image shows the API Registry page:

     

     

    The API Registry page shows services and managed APIs in alphabetical order. You can view service details and managed API details. To sort the services and managed APIs, click the title of the column to sort. To view services only, select All Services. To view managed APIs only, select Managed Services.

     

    To create and use a managed API, you perform the following actions in the API Registry page:

    1. Create a managed API for the service.
    2. Copy the managed API URL and provide the URL to API consumers.

     

    You can also deactivate or delete a managed API in the API Registry page. In addition, you can create an individual rate limit policy for a managed API. A rate limit policy controls the number of times the managed API can be invoked during a designated time period.

     

    If a managed API exists for a service that is unavailable or has been deleted, the managed API is grayed out in the display.

     

    API Registry Properties

    The following table describes the API Registry page properties:

     

    Property
    Description
    Icon

    Icon identifies whether the entity is a service or managed API:

    • Designates a service.
    • Designates a managed API.
    NameName of the service or managed API.
    Protocol

    The protocol of the service or the managed API:

    • REST
    • SOAP

    Informatica Cloud Application Integration services are published with both REST and SOAP endpoints.

    Status

    Status of a managed API:

    • Active: The managed API is active.
    • Inactive: The managed API is not active.
    • Service not available: This status indicates a managed API for a service that is unavailable or deleted.

    If the service for which a managed API has been created is unavailable or deleted, the managed API is grayed out.

    Antentication

    API authentication method:

    • Basic Auth: Basic authentication. The API consumer must provide an Informatica Cloud user name and password.
    • Anonymous: The API does not require the API consumer to authenticate.
    Rate LimitAn individual rate limit policy for a managed API.
    DescriptionDescription that the Informatica Cloud Application Integration developer provided for the service.

     

    Creating a Managed API

    You can create a managed API for any Informatica Cloud service.

    1. In the API Registry page, select a service.
    2. Click in the right-most column to open the Actions menu, and then select Create Managed API. The API Manager creates a managed API for the service.

     

    Activating a Managed API

    If you deactivate a managed API, you must reactivate it before you use it.

    1. In the API Registry page, select a managed API.
    2. Click the right-most column to open the Actions menu, and then select Activate. The API Manager activates the Managed API.

     

    Obtaining a Managed API URL

    Use the URL of the managed API to invoke the API. After you activate a managed API, copy the URL of the managed API and provide it to users.

    1. In the API Registry page, select a managed API.
    2. Click in the right-most column to open the Actions menu, and select Copy URL. The URL is copied to the clipboard.

     

    Viewing Managed API Details

    After you create a managed API, you can view various details of the managed API, including the URL.

    1. In the API Registry page, select a managed API.
    2. To view the details of the managed API, click in the right-most column to open the Actions menu, and select View API Details. The Managed API Details window appears and displays relevant details.

     

    Note: The API Manager Service Name is the Application Integration Process Unique Name, not the process name. The unique name differs from the process name when there are spaces or special characters in the process name, or when the same process name is given to processes in different folders in the Informatica Cloud organization.

     

    Viewing Managed API Metadata

    Use the URL of the managed API to view its metadata.

    1. In the API Registry page, select a managed API.
    2. Click in the right-most column to open the Actions menu, and select View API Details. The Managed API Details window appears.
    3. To view metadata details for the managed API, select the available option:
      • To view details for a REST API, click Swagger.
      • To view details for a SOAP API, click WSDL.

     

    Deactivating a Managed API

    To temporarily disable a managed API, you can deactivate it.

    1. In the API Registry page, select a managed API.
    2. Click in the right-most column to open the Actions menu, and select Deactivate. The API Manager deactivates the managed API.

     

    Deleting a Managed API

    To remove a managed API, you delete it. The Informatica Cloud service is not affected.

    1. In the API Registry page, select a managed API.
    2. Click in the right-most column to open the Actions menu, and select Delete Managed API. The API Manager deletes the managed API.

     

    Searching for a Service or Managed API

    You can search for a managed API or for an Informatica Cloud service by sorting columns or searching for specific text.

    1. To sort the services or managed APIs according to a specific property, in the API Registry page, click the column picker icon to the left of the Find field and then select the column to sort. The APIs table shows the sorted managed APIs and services.
    2. To search for managed APIs and services according to specific text, in the Find field, type the text that you want to search for. The search is performed on all columns. The APIs table shows the relevant managed APIs or services.

     

    Create a Rate Limit Policy for a Specific Managed API

    You can create a rate limit policy for a specific managed API.

    1. In the API Registry page, select a managed API.
    2. To set the rate limit policy for the managed API, click in the right-most column to open the Actions menu, and select View API Details. The Managed API Details window appears.
    3. Select the Rate Limit tab.
    4. Enable Enable API specific rate limit policy, enter the number of requests and the number of milliseconds that define the rate limit policy, and then click Update.

     

    When an API consumer attempts to access a managed API and is denied due to a rate limit policy, the HTTP response includes a 429 Too Many Requests status code and the description API rate limit reached.

     

    Note: The organizational rate limit and individual managed API rate limit are independent. For example, an organizational rate limit can be set to 1000 invocations per minute, and a rate limit for a specific managed API can be set to 10 invocations per second. The API Manager checks each policy independently, and rejects a managed API if either of the two limits is passed.

     

    Disable a Rate Limit Policy for a Specific Managed API

    You can disable a rate limit policy for a specific managed API.

    1. In the API Registry page, select a managed API.
    2. To set the rate limit policy for the managed API, click in the right-most column to open the Actions menu, and select View API Details. The Managed API Details window appears.
    3. Select the Rate Limit tab.
    4. Disable Enable API specific rate limit policy and then click Update.

     

    Organization Policies

     

    Organization Policies Overview

    Organization policies are rules that the organization creates to enforce security and access rules for all managed APIs. The organization can enforce IP filtering access policies and determine the rate at which managed API requests can be made.

     

    The IP filtering policy designates the range of computer IP addresses that are allowed to invoke or denied from invoking managed APIs. The rate limiting policy controls the number of times any single managed API can be invoked during a designated time period.

     

    The following image shows the Policies page:

     

     

    You can change the default Rate Limit Policy settings, and add, edit, or delete an IP Filtering Policy. IP Filtering Policies are applied according to the order of the policies. The order of the policy determines its precedence.

     

    When an API consumer attempts to access a managed API and is denied due to a Rate Limit Policy or an IP Filtering Policy, the HTTP response includes a 403 Forbidden status code and the description Invocation is prohibited due to organization policies.

     

    You can also create a rate limit policy for a specific managed API. The organizational rate limit and individual managed API rate limit are independent. For example, an organizational rate limit can be set to 1000 invocations per minute, and a rate limit for a specific managed API can be set to 10 invocations per second. The API Manager checks each policy independently, and rejects a managed API if either of the two limits is passed. For more information, see "Create a Rate Limit Policy for a Specific Managed API".

     

    Update the Rate Limit Policy

    You can change the rate limit policy for managed APIs. The rate limit policy controls the number of times any single managed API can be invoked during a designated time period for all the organization managed APIs. The rate limit rule cannot be deleted, but can be updated. The default rate limit for a managed API is 1000 requests per minute.

     

    In the Policies page, in the Rate Limit Policy panel, enter the number of requests and the number of milliseconds that define the rate limit policy, then click Update.

     

    Create an IP Filtering Policy

    You can create an IP filtering policy for managed APIs. The IP filtering policy designates the range of computer IP addresses that are allowed or denied to invoke managed APIs. The order of the policies determines the precedence. The first policy in the table that is relevant is applied to the managed API. You can change the order of the policies by selecting to move them up or down

    1. In the Policies page, in the IP Filtering Policy panel, select to allow or deny the range of addresses, then fill in the IP range.
    2. Add a description for the IP filtering policy.
    3. Click Add. The API Manager creates an IP filtering policy for all the managed APIs of the organization and adds the policy to the display of IP filtering policies. The order of the policies determines the precedence.
    4. To move a policy up or down in the IP filtering policy table and change the precedence, in the right-most column of the IP filtering policy row, select the Actions menu, and then select Move Up or Move Down. The higher the policy is in the table, the higher the precedence.
    5. To chance a policy from allowing an IP address range to denying it access, or from deny to allow, in the right-most column of the IP filtering policy row, select the Actions menu, and then select to allow or deny the range of addresses.
    6. To delete a policy, in the right-most column of the IP filtering policy row, select the action menu, and then select Delete.

     

    Note: The IP range applies to a Class C network. Only the last octets in the range can differ from each other. Thus the range can contain different client hosts in the same network.

     

    Search for an IP Filtering Policy

    You can search for an IP filtering policy by searching for specific text.

     

    In the Policies page, in the IP Filtering Policy panel, in the Find field, type the text for which you want to search. The IP Filtering Policy table shows the relevant policies.

     

    Analytics

     

    Analytics Overview

    API analytics provides a graphical overview of activity and API usage, as well as the ability to drill down to specific activities and security events. The Overview dashboard offers a collection of panels that contain reports about managed APIs. Use the dashboard to view visual summary information about APIs, such as trends in usage over time, APIs with the most invocations, and the most frequent users.

     

    When users invoke API calls, the organization can track general API usage activity for API access instances and access exceptions. The organization may need to track access exceptions to accommodate business or legal needs. API Manager creates an activity log for all API access instances, and a security log to track any access exceptions that users create when invoking managed APIs.

     

    The organization can create IP filtering, rate limiting and basic authentication policies. If these policies are derogated, the API Manager logs exceptions to a security log.

     

    Overview Page

    You can use the Overview page in the Analytics page to view graphical summary information about APIs, including trends in usage over time, APIs with the most invocations, and the most frequent users.

     

    When you open the Analytics page, the Overview page is displayed. The following image shows the Overview page:

     

     

    The Overview page shows API usage trends for a selected period, for 7, 30, or 90 days.

    Note: Data from the current day appears after a delay of half an hour.

     

    You can also view the APIs most frequently invoked in the selected period, ranked by number of invocations. To sort the display, click the title of the column to sort.

     

    You can view the users who most frequently invoked APIs in the selected period, ranked by number of invocations. To sort the display, click the title of the column to sort.

     

    Overview Reports Properties

    The following table describes the properties of the Top APIs report in the Overview tab:

     

    PanelDescription
    API NameName of the managed API.
    API URLIdentifies the URL of the managed API that was invoked.
    Protocol

    Identifies the protocol of the managed API. The type property has the following options:

    • REST
    • SOAP
    InvocationsNumber of times that the managed API was invoked.

     

    The following table describes the properties of the Top Users report in the Overview tab:

     

    PanelDescription
    Username

    Name of the user who invoked the managed API, if known.

    InvocationsNumber of times that the user invoked URLs for managed APIs.

     

    Activity Log

    You can use the Activity Log tab in the Analytics page to view all managed APIs access requests for a selected date range.

     

    On the Analytics page, select the Activity Log tab. The following image shows the Activity Log tab:

     

     

    The Activity Log tab shows API access attempts in chronological order. To sort the access logs, click the title of the column to sort.

     

    Note: The timestamp displayed is based on the local time zone setting in your browser.

     

    Activity Log Properties

    The following table describes the Activity Log tab properties:

     

    PanelDescription
    TimestampTime that the access occurred. The timestamp displayed is based on the local time zone that you selected for your browser.
    API NameName of the managed API.
    API URLIdentifies the URL of the managed API that was invoked.
    Protocol

    Identifies the protocol of the managed API. The type property has the following options:

    • REST
    • SOAP
    MethodIdentifies the API call method.
    HTTP ResponseThe HTTP Response to the managed API invocation.
    UsernameName of the user who performed the managed API call, if known.
    Consumer IPIdentifies the IP address that accessed the API.
    DurationThe duration of access measured from the moment the API request reaches the API Gateway until the moment that the gateway provides a response.

     

    Security Log

    You can use the Security Log tab in the Analytics page to view managed APIs access exceptions for a selected date.

     

    The following image shows the Security Log tab:

     

     

    The Security Log tab shows API access exceptions in chronological order. To sort the access exceptions, click the title of the column sort.

     

    Note: The timestamp displayed is based on the local time zone setting in your browser.

     

    Security Log Properties

    The following table describes the Security Log tab properties:

     

    Panel
    Description
    TimestampTime that the access exception occurred. The timestamp displayed is based on the local time zone of your browser.
    API URLURL of the managed API that was invoked.
    HTTP ResponseHTTP response to the managed API invocation.
    DescriptionDescription of the access exception.
    UsernameName of the user who performed the managed API call, if known.
    Consumer IPIP address of the host machine that created the access exception.

     

    Searching for a Log

    You can search for a security or activity log by date of creation or by searching for specific text in the display columns.

    1. To search for logs that were created during a specific time period, in the relevant tab, select a range of dates in the Select date range fields, and then click Show Log. Ensure that you select dates based on the local time zone setting for your browser. Logs with the relevant creation timestamps are displayed.
    2. To sort the logs according to a specific property, click the column picker icon to the left of the Find field and then select the column to sort.
    3. To search for logs according to specific descriptive text, in the Find field, type the text for which to search. The log table shows the relevant logs.