You can create, run, and secure your APIs with the DataPower API Gateway service. The API Gateway exposes APIs to the calling applications, and provide processing actions that enable the APIs to integrate with various endpoints. When a request arrives at the API Gateway, the gateway routes the request to the target API and runs the API to access the backend resources that are made available through the API. The API Gateway also allows you to monitor API activities and perform analytics based on the activity data.
The API Gateway supports REST APIs that are compliant with version 2.0 of the Swagger specification.
- API developer, who develops, tests, and packages the APIs
for access. With the API Gateway, a developer typically does the following tasks:
- Develop APIs in the DataPower® Gateway by creating each API as an API definition configuration.
- Secure APIs by defining security requirements at the API-level and the operation-level.
- Expose an API for client access by adding the API into an API plan. You can package a list of APIs in an API plan and define the rate limit settings for the plan.
- API client, who invokes the API on the gateway by sending
requests through applications or web pages.To access an API in the API Gateway, a client must subscribe to at least one API plan that contains the target API. A client is identified as a subscriber through API keys that are carried in the request. As shown in Figure 1.
- Subscriber X is allowed to access API 1, 2, and 4 through Plan A.
- Subscriber Y is allowed to access API 3, 4, and 5 through Plan B, and access API 6 through Plan C.
- Subscriber Z is not subscribed to Plan A, B, or C, so cannot access any APIs in these plans.
In addition to the common API management pattern, the API Gateway provides the following IBM extensions to the standard Swagger specification.
An API collection allows you to group a set of plans and subscribers to make APIs available to a specific group of API clients. An API Gateway can comprise one or more collections. An API collection in the DataPower API Gateway corresponds to a catalog in the API Connect API Manager.
The APIs in a collection are served on a specific path, which is called routing prefix. To access the APIs in a collection, the URL of the API request must match the URL that is formed by the routing prefix of the collection, the base path of the API, and the relative path to the target API operation.
- An assembly rule comprises only assembly actions to act on the API context.
- An error handling policy defines how to handle a specific error.
You can create custom API properties or alter the values of existing properties for an API. The property value can vary with the API collection that the API belongs to. The collection-specific API properties allow you to use the same API definition in different API collections where each collection is slightly different from each other.