As an API provider, the first thing you need to do is create an API product. The API product is the mechanism through which your APIs are bundled and published so that developers can consume them from your portal.
An API product is a collection of API resources (URIs) combined with a service plan and presented to developers as a bundle. The API product can also include some metadata specific to your business for monitoring or analytics. See Understanding APIs and API proxies for more.
You can think of API products as your product line. You can create different products to provide features for different use cases. So instead of just giving developers a list of resources, you can bundle specific resources together to create a product that solves a specific user need. For instance, you can create a product that bundles a number of mapping resources to let developers easily add maps to their applications. API products are also a good way to control access to a specific bundle of resources. For example, you can bundle resources that can only be accessed by internal developers, or bundle resources that can only be accessed by paying customers.
The API resources bundled in a product can come from one or more APIs, so you can mix and match resources to create specialized feature sets.
You can set different properties on each API product. For example, you might make available one API product with a low access limit, such as 1000 requests per day, for a bargain price. You then release another API product that provides access to the same resources, but with a much higher access limit, for a higher price. Or, you might create a free API product that allows read-only access to resources, and then sell an API product to the same resources that allows read/write access.
API products are the central mechanism for authorization and access control to your APIs. In Apigee, API keys are provisioned, not for APIs themselves, but instead for API products. In other words, API keys are provisioned for bundles of URIs with an attached service plan. When you provision an API key (automatically or manually) to an app for an API product, authorization is enforced by Apigee at runtime to ensure that:
- The requesting app is permitted to access a particular API resource (URI).
- The requesting app has not exceeded the permitted quota.
- The OAuth scope matches that of the access token presented.
To learn how to create API products, see Creating API products
Apps are how your developers access the resources in your API products. When a developer create an app, they select the API products to include, and Apigee generates a key. By default, a single key provides access to multiple API products—newly approved API products are added to the existing API key by the system. When the app makes a request, Apigee inspects the request to verify that the API key matches the resource that the app is requesting. It checks any API product definitions associated with API key to see whether the resource is permitted. If everything lines up, Apigee sends back the requested resource data.
To learn how to create apps, see Creating apps to surface your API
Developers access your APIs through apps that contain keys, which in turn provide access to your API products. Keys are generated when you set up an app and add API products to the app. However, you can't create an app without a developer, so you need to have developers registered in your organization. If you have a public API product that developers can sign up for via a portal, developers register themselves because they want to access your APIs. However, in some cases you'll need to add a developer manually. For example, if you need to add internal developers or create a developer on behalf of a customer.
To learn how to register developers manually, see Adding developers to your API product.