API Connect glossary

The IBM® API Connect and Cloud Manager glossary of terms and definitions.

API Administrator (role): Manages the API product lifecycle for the Provider Organizations for which they are a member.
API Event: An event captured for use by API Connect Analytics or third-party analytics, such as response time, HTTP response code, payload of the request and response body, and so on. An API event is logged each time an API operation is invoked via the Gateway server.
API gateway: Service that acts as a single entry point or “front door” for provider APIs and back-end services. An API Gateway accepts and processes concurrent API calls, and performs traffic management, authorization and access control, monitoring, and API version management. See also IBM DataPower Gateway.
API Manager: Graphical tool in API Connect that enables you to manage Catalogs, Spaces, and APIs, users and roles in the Provider organization, consumer organizations and communities, publish Products to the Developer Portal, and analyze API usage.
API Designer: Graphical tool that runs locally on a laptop or desktop system that enables you to create and modify APIs and LoopBack® apps, and publish them to IBM Cloud or container runtimes.
API operation: REST API call consisting of an HTTP verb and a URL path (endpoint). For example, GET http://myserver.com/api/users that returns a list of users.
Application: Software that consumes (calls) an API. One or more Applications are registered by a consumer organization to subscribe to APIs. The application is allocated client ID and client secret credentials that it supplies when invoking API calls.
assembly: Makes side calls to external services and then transforms and aggregates the response before a response is relayed to the calling application.
Availability zones: Isolated locations within data centers from which public cloud services originate and operate. Businesses choose one or multiple worldwide availability zones for their services depending on business needs. Availability Zones provide high availability for services by providing redundancy across regions.
Availability zone (primary): For Kubernetes form factor, contains the management service. Other zones can contain other services such as the Developer Portal, but not the management service.
Catalog: A staging target that behaves as a logical partition of the gateway and the Developer Portal. The URLs for API calls and for the Developer Portal are specific to a particular Catalog.
client ID: A piece of information that identifies an individual application. An application can invoke an API only if it passes an application key that is recognized by the IBM API Connect system and is granted access to the API. The application key is passed by the client by using an HTTP query parameter.
client secret: A piece of information used together with the application key to verify the identity of an application. An API can be configured to require that client applications supply their client secret with their client ID. The client secret functions effectively as a password known only to the application. The client secret is passed by the client by using an HTTP query parameter.
Cloud Manager (tool): Graphical tool in API Connect on-premises installation that enables you to define servers, administer and scale system resources, monitor runtime health and create Provider organizations. The Cloud Administrator is the primary user of the Cloud Manager.
Cloud Administrator (role): Manages the configuration of resources, regions, and availability zones for the Admin Organization.
cluster: A collection of one or more servers that provide a specific function.
Cold standby: A deployment configuration in which failover servers are in a stopped state until a failover is required, resulting in a longer time window to restore the normal operation of the solution.
community: A collection of consumer organizations. It is used as a grouping construct when publishing APIs. Communities are used to restrict the visibility and accessibility of APIs. An API can be published to selected communities, which means that only application developers within those organizations can see the API.
Community Manager (role): Manages application developer communities for the Provider Organizations for which they are a member.
Consumer organization: Within a catalog, representation of a business entity that wishes to consume APIs exposed by the Catalog. For example, a third-party application development company would register themselves as a consumer organization (via the Developer Portal). Each developer in their company can then be registered as a user inside that consumer organization.
IBM DataPower® Gateway: API Gateway service component of API Connect that helps provide security, control, integration and optimized access to APIs. Due to its security and hardening, it is well-suited for a deployment in the demilitarized zone (DMZ) for externally-facing production scenarios. Available in physical, virtual, cloud, Linux and Docker form factors. There are two gateway types, DataPower Gateway (v5 compatible) and DataPower API Gateway; for details, see API Connect gateway types.
Developer (role): Creates and configures APIs, Products, and policies for the Provider Organizations for which they are a member. An API Developer can be a member of one or more Provider Organizations. The API Developer focuses on the technical implementation of APIs more than they do on the business relationship with application developers.
Development Catalog: Catalog used for testing APIs that are under development and in which approvals are bypassed for publishing and lifecycle actions. Pending approvals are canceled when a non-Development Catalog is converted to a Development Catalog.
Developer Portal: Component of API Connect that provides a customizable graphical web portal for developers to discover APIs, register applications that consume APIs, subscribe to usage plans, and test and use APIs.
Developer Toolkit: Locally-installed package that includes API Designer and the apic command-line tool that enables you to create, edit, manage, and publish APIs and apps.
Gateway: See API gateway.
Gateway service: API Connect service that provides API gateway functionality, such as microgateway or IBM DataPower.
Hot standby: A deployment configuration in which a set of servers are actively running ready to instantaneously take over in the event of a failure, but not actively serving traffic until that failover.
Identity provider: Provides identifiers for users looking to interact with a system, assert to such a system that such an identifier presented by a user is known to the provider, and possibly provide other information about the user that is known to the provider. API Connect supports LDAP, AuthURL, and Local User Registries.
Integrations: Third-party tools to build on and improve your API Connect workflow; for example, Slack, Auth0, etc.
Integration profile: Standard API that you can use to integrate with management services for things like identity, notifications, API analytics, and so on.
Keystore: A repository of security certificates, either authorization certificates or public key certificates, and corresponding private keys, used in SSL encryption. The Keystore file has a .jks extension.
LoopBack model: A JavaScript object that represents application data and includes validation rules, data access capabilities, and business logic. LoopBack models provide a REST API by default, and connect to data sources for access to back-end data
LoopBack data source: A JavaScript object that represents a back-end service such as a database, REST API (to be consumed), or SOAP web service. Data sources are backed by connectors that communicate directly with the database or other back-end service.
Management server: Stores all of the cloud configuration, and controls communication between the other servers within API Connect.
Management service: Consists of one or more Management servers.
Member (role): The default role for all users in both the Admin and Provider Organization. All users are assigned the Member role in addition to other roles they may require.
microservice: Modular, independently-deployable application service that communicates with other microservices through a REST API. Microservices are typically organized around capabilities, for example, recommendation, inventory, shipping, or billing.
Mutual authentication: Process in which both entities on a network authenticate each other. In a network environment, the client authenticates the server and vice-versa. It is optional for TLS. Also called two-way authentication.
Notification settings: How you configure notifications for API Connect users (API providers and consumers).
Notification services: Integrations that provide notification capabilities, such as email.
Notification templates: The configuration of the message format and wording for a notification service.
OAuth provider: The OAuth provider supplies the OAuth authentication for logins. API Connect supports both Native and Third Party OAuth providers. Some common third-party OAuth providers are Google and Facebook.
OpenAPI Components: Part of API specification that contains a set of reusable objects for aspects of an API specification, such as schemas, responses, reqeustBodies, and headers. For more information, see [OpenAPI v3 specification]( https://github.com/OAI/OpenAPI-Specification/blob/OpenAPI.next/versions/3.0.md#components-object).
organization: The entity that owns APIs or applications that use APIs. A provider organization owns APIs and associated Plans, and can additionally own applications. A consumer organization owns only applications. An organization has at least one owner. An organization can be a project team, department, or division.
Organization Manager (role): The Organization Manager manages Provider Organizations for the Admin Organization.
Path: Defines the route through which users access REST APIs. A path consists of one or more HTTP operations such as GET or POST.
Plan: The packaging construct by which APIs are made available to developers. A Plan makes a collection of operations from one or more APIs available, and is published to communities of application developers. Application developers gain access to APIs by registering applications to access Plans. A Plan carries with it a collection of policy settings. In the simplest form, a Plan defines a single quota policy that applies to all the API operations that are accessed through the Plan. In more advanced cases, additional policies can be associated with a Plan.
policy: A configuration that controls a specific aspect of processing in the Gateway server during the handling of an API invocation at run time. Policies are the building blocks of assembly flows. Policies provide the means to configure capability, such as security, logging, routing of requests to target services, and transformation of data from one format to another. Policies can be configured in the context of an API or in the context of a Plan.
Product: Provide a method by which you can group APIs into a package that is intended for a particular use. Additionally, they contain Plans, which can be used to differentiate between different offerings. You can create Plans only within Products, and these Products are then published in a Catalog.
Provider Organization Owner: Owns and administers API provider organizations, manages application developer communities, authors APIs and defines products, manages the API product lifecycle. Owners are invited by the Cloud Administrator to join API Connect as an owner of a provider organization.
proxy: Application programming interface that forwards requests to a user-defined back-end resource and relays responses back to the calling application.
Region: A physical location (site or data center) hosting infrastructure isolated from other locations, with independent power and networking connectivity. A region may or may not have further sub-isolation characteristics such as semi-independent pods or availability zones.
Resources (User registries, TLS Profiles, Notifications): Resources supply necessary functions for the API Connect cloud, such as user authentication, SSL security, and sending system-generated emails.
role: Defines permissions that can enable functionality for users. Each role has a different set of permissions.
security definition: Specifies all the settings for a particular aspect of API security; for example, the user registry that you use to authenticate access to the API.
server: A single appliance, such as an IBM WebSphere IBM DataPower appliance.
service: A user-configurable element implemented through one or more server processes in the API Connect runtime, such as microgateway, Analytics, IBM DataPower, and Developer Portal.
SNMP: Simple Network Management Protocol (SNMP) is a popular protocol for network management. It is used for collecting information from, and configuring, network devices, such as servers, printers, hubs, switches, and routers on an Internet Protocol (IP) network. The SNMP hosts are configured in the API Connect Cloud Manager.
Space: A subdivision of a Catalog. Each Space is used by a different API provider development team and has its own set of management capabilities relating specifically to the APIs that the associated team publishes to that Space, enabling each team to manage their APIs independently.
SSL (TLS) Profile: An SSL/TLS profile is used to secure the transmission of data through web sites. SSL certificates guarantee that information you submit to web sites will not be stolen or tampered with.
subscription: The means by which an application developer gains access to the resources provided by an API. An application developer uses the Developer Portal to subscribe to the plan in which the API is published.
TLS: Transport Layer Security - a cryptographic protocol that provides secure communication over a network to prevent eavesdropping and tampering. It is a successor to SSL and runs over TCP.
TLS Profiles: The Cloud Manager and API Manager use TLS profiles to secure transmission of data through web sites. TLS certificates guarantee that information you submit to web sites will not be stolen or tampered with. A TLS Profile consists of Server name, Protocol used (SSL or TLS), and whether Mutual Authentication is required.
Toolkit: See Developer Toolkit.
Topology administrator (role): Configures gateway services for the Admin Organization.
Truststore: Stores certificates from trusted Certificate authorities(CA) which are used to verify certificate presented by Server in SSL/TSL Connection. While a keystore stores a server's credentials, the truststore stores certificates from a third-party CA.
User registry: A database or other collection containing credentials for users such as provider organization members, consumer organization members, and API Connect administrators. The users are authenticated by an identity provider such as LDAP. User registries authenticate users at login time when accessing the Cloud Manager or API Manager applications. User registries are also be used to protect APIs so that user credentials must be supplied when an API is called.
vendor extension: An extension to OpenAPI (Swagger) specification required by a particular use case.
Visibility: Setting visibility determines whether a Provider Organization has access to an Availability Zone, or other service.