Was this helpful?

 

Base Path: https://api.enterprise.apigee.com/v1/o/{org_name}

API Resource Path:

/apiproducts

Description: Create an API product: a list of API resources (URIs) combined with Quota settings that you can use to deliver customized API bundles to your developers.

Verb: POST
Auth: Basic Auth
Media types:
application/json
text/xml

API products enable you to offer your APIs as productized 'bundles' to your developer community. API products enable you re-package APIs on-the-fly, without having to do any additional coding or configuration. You create API products after you have proxied backend services using API proxies. For an overview of how to use API products to publish APIs to developers, see Overview of API publishing.

Overview:

Use the POST method to create a new API product in an organization. An API product is a 'bundle' of URIs combined with Quota settings and metadata, including scope, environments, API proxies, and an extensible profile.

The simplest API product defines only an API proxy name. Use these simple API products when setting up. By creating an API product with only a named API proxy, you can provision credentials to apps that enable those apps to start testing your APIs.

Once you have authentication and authorization working against such a simple API product, you can iterate to create finer-grained API products, defining different sets of API resources for each API product.

Defining API resources

An API resource is a URI fragment whose value is the same as the predefined variable proxy.pathsuffixTherefore, an API resource is the URI request path that follows the base path defined in the ProxyEndpoint configuration.

For example, if a ProxyEndpoint in the environment 'test' in the organization 'apifactory' is configured with a base path /weather, then an API resource is any URI path that occurs after: apifactory-test.apigee.net/weather.

For example, in the request path apifactory-test.apigee.net/weather/forecasts, /forecasts is an API resource.

API resources can be defined explicitly as URI fragments (for example, /forecasts, /reports, /blogs, /articles), or they can be defined using wildcards:

  • /*: Defines a single URI level as wild card. For example, /forecast/* defines /forecast/toronto and /forecasts/newyork as valid URIs. This is often used to support IDs, for example, /reports/*/forecasts defines the following as valid URIs: /reports/toronto/forecasts and /reports/newyork/forecasts.
  • /**: Defines all levels as wild cards. For example, /reports/** defines /reports/toronto/forecasts and /reports/newyork/forecasts as valid URIs.

Quota variables can be set as API Product attributes or as elements:

As attributes:

  • developer.quota.limit
  • developer.quota.interval
  • developer.quota.timeunit (Supported values are second/minute/hour/day/month)

As elements:

  • quota.limit
  • quota.interval
  • quota.timeunit (Supported values are second/minute/hour/day/month)

To further limit access to the URIs defined in an API proxy, you can optionally define:

  • scopes: A comma-separated list of named scopes, which are validated at runtime against a list of scopes presented in the access token associated with an incoming request. A scope mismatch between API product configuration and access token contents results in an authorization failure.
  • proxies: A comma-separated list of API proxies, the names of which derive from APIs listed in an organization. If any proxies are specified, requests made to the list API resource via API proxies other than those listed result in authorization failures. This feature is used to prevent URIs from being accidentally exposed by other API proxies in an organization. It can also be used to simplify configuration, since you can define an API product with only an API proxy name.
  • environments: A comma-separated list of environments. If environments are specified, requests made to API resources via API proxies deployed in environments other than those specified result in authorization failures. This feature is used to prevent access to production resources via APIs deployed in test, for example.

Attributes can be used to set any arbitrary metadata that you need for authorization, monitoring or analytics.

API product settings are enforced on Apigee Edge at runtime by the following policies: API Key, OAuth 1.0a, OAuth 2.0 and Quota. Apigee Edge validates credentials presented by apps, and dynamically verifies the credential's association (if any) with the API products defined in the organization.

By binding the credentials presented by the app to an API product, Apigee Edge dynamically enforces access control, authorization, and quota settings for each request message.

Sample Request:
$  curl -H "Content-Type:application/json" -X POST -d \
'{
   "approvalType" : "auto",
   "attributes" : [ {
     "name" : "division",
     "value" : "accounting"
   } ],
   "displayName" : "Sandbox Silver",
   "name" : "sandbox",
   "apiResources" : [ "/forecasts", "/categories/*/articles" ],
   "description" : "Provides rate limited read-only access to sandbox account APIs",
   "scopes": [ "read" ],
   "environments": [ "test" ],
   "proxies": [ "weatherapi" ],
   "quota": "10000",
   "quotaInterval": "1",
   "quotaTimeUnit": "month"
 }'  \
 https://api.enterprise.apigee.com/v1/o/apifactory/apiproducts \
-u myname:mypass
Request Payload Elements:
Name Description Default Required?
approvalType Manual or Auto. If Manual, consumer key is generated and returned in 'pending' state. If manual consumer key generated and returned in 'Approved' state. N/A Yes
attributes Arbitrary name/value pairs N/A No
displayName The name to be displayed in the UI or developer portal to developers registering for API access N/A Yes
name The internal name of the API Product N/A Yes
apiResources A comma separated list of API resources to be bundled in the API Product. N/A Yes
scopes A comma separated list of scopes. These must map to the scopes defined in an Oauth policy associated with the API Product. Any scope mismatch between an Acces Token presented and the API Product results in auth failure. N/A No
environments A comma-separated list of environment name in an organization. Requests to environments not listed are rejected. N/A No
proxies A comma-separated list of API proxy names in an organization. Requests to API proxies not listed are rejected. Api proxy names included here must already exist in the environment specified in the environment property because API Services validates proxy names when you create an API product. N/A Yes
quota The number of request messages permitted by this API product. N/A Yes
quotaInterval The time interval over which the number of request messages is calculated. N/A Yes
quotaTimeUnit The time unit defined for the quotaInterval N/A Yes
Sample Response:
{
  "apiResources" : [ "/forecasts", "/categories/*/articles" ],
  "approvalType" : "auto",
  "attributes" : [ {
    "name" : "division",
    "value" : "accounting"
  } ],
  "createdAt" : 1374679889295,
  "createdBy" : "andrew@apigee.com",
  "description" : "Provides rate limited read-only access to sandbox account APIs",
  "displayName" : "Sandbox Silver",
  "environments" : [ "test" ],
  "lastModifiedAt" : 1374679889295,
  "lastModifiedBy" : "andrew@apigee.com",
  "name" : "sandbox",
  "proxies" : [ "weatherapi" ],
  "quota" : "10000",
  "quotaInterval" : "1",
  "quotaTimeUnit" : "month",
  "scopes" : [ "read" ]
}
Response Payload Elements:
Name Description
approvalType Manual or Auto. If Manual, consumer key is generated and returned in 'pending' state. If manual consumer key generated and returned in 'Approved' state.
createdAt UNIX time when the API Product was created
createdby username of the user who created the API Product
displayName The display name of the API Product, used in Apps that display the API Product to Developers Apigee
lastModifiedAt UNIX time when the API Product was most recently updated
lastModifiedBy Apigee username of the user who most recently updated the API Product
name The internal name of the API Product
environments A comma-separated list of environment name in an organization. Requests to environments not listed are rejected.
proxies A comma-separated list of API proxy names in an organization. Requests to API proxies not listed are rejected.
quota The number of request messages permitted by this API product.
quotaInterval The time interval over which the number of request messages is calculated.
quotaTimeUnit The time unit defined for the quotaInterval
scopes A comma separated list of scopes. These must map to the scopes defined in an Oauth policy associated with the API Product. Any scope mismatch between an Acces Token presented and the API product results in authorization failure.
apiResources A comma separated list of API resources (URI paths) to be bundled in the API Product.
attributes Arbitrary name/value pairs that can be used to create custom profiles
Errors
{
   "Error":{
      "Code":"keymanagement.service.apiproduct_invalid_name",
      "Message":"Invalid ApiProduct Name",
      "Contexts":""
   }
}

 

Add new comment

Provide your email address if you wish to be contacted offline about your comment.
We will not display your email address as part of your comment.

We'd love your feedback and perspective! Please be as specific as possible.
Type the characters you see in this picture. (verify using audio)

Type the characters you see in the picture above; if you can't read them, submit the form and a new image will be generated. Not case sensitive.