Skip to content

Key Concepts


APIs are the building blocks of API Manager. They represent a set of operations that developers can use in their apps. Each API is linked to a backend service that implements it, and its operations correspond to backend operations.

In API Manager, you can customize operations by controlling the domain name, versioning, environment, and endpoints.

Group APIs

You can group individual APIs for better organization and control over API consumption.

For instance, a healthcare organization that offers various APIs related to patient management, appointment scheduling, and medical records can group these APIs into a "Healthcare Services" group.

The organization can provide internal and partner users with easy access to all the relevant APIs they need for building healthcare applications. This grouping helps streamline the development process, ensures consistent permissions control, and allows for centralized management of the APIs within the group.


API Manager provides a way to manage APIs on a large scale and create separate environments for different API services and consumers. Organizations are like workspaces that allow users to develop or consume APIs within a specific organization.

There are three types of organizations:

  1. Master Organization: This organization is created during the deployment of the API Manager and serves as the main organization for the platform.
  2. Internal Organization: Internal organizations represent workspaces for various API services within the organization. They provide separate instances of the API Manager platform for users to develop and publish their APIs.
  3. API Partner Organization: API partner organizations are external entities, such as vendors or partners, who want to consume the APIs provided by the organization. They have limited roles and permissions based on their specific partnership or vendor agreement.

Using organizations helps in segregating resources and providing a user-friendly environment for each organization within the API Manager. It allows users to onboard new APIs and consume resources specific to their organization without affecting other organizations on the platform.

For example, a bank-based organization may have internal organizations for loans, insurance, and accounts. Each internal organization represents a specific set of APIs related to that service. Additionally, the bank can invite API partner organizations, such as a fintech company, to consume their APIs for services like insurance or accounts.

Overall, organizations in API Manager provide a structured and controlled approach to managing APIs, ensuring efficient collaboration and resource allocation among different API services and consumers.


Internal users: Internal users are individuals who are part of the organization or company that manages the API Manager. They have access to various roles and permissions within the API Manager platform.

Partner users: Partner users are individuals from external organizations who have been invited to consume the APIs provided by the organization using the API Manager. They may have limited access and specific permissions based on their role.

User Roles:

  • Admin: Admins have full access and control over the API Manager platform. They can manage APIs, subscriptions, users, and other related entities.
  • API Developer: Developer API users can deploy APIs to the marketplace, create subscriptions, and perform other related tasks.
  • API Consumer: Consumer API users can consume the APIs by subscribing to them or using them in their applications.
  • API Product Manager: PM API users have the role of inviting partner organizations to consume the APIs provided by the organization.

Gateway Policies

An API Gateway acts as a protective layer for backend services, routing calls, and preventing direct access to the backend. It achieves this through the implementation of gateway policies, which control the behavior of the API Gateway and ensure the security, reliability, and performance of the APIs.

You can create policies and attach them to APIs. They enable organizations to manage and customize how requests are handled, including throttling (limiting the number of requests per interval), IP blacklisting (blocking certain IP addresses), whitelisting IP addresses (allowing only specified IP addresses to access the API), and message signature (verifying the integrity and authenticity of API requests).

For instance, in an e-commerce platform, API gateway policies can be used to limit the number of requests per user, block malicious IP addresses, and verify the integrity of API requests. This ensures fair usage, and enhanced security and maintains a reliable API infrastructure.

Version Control

Version control in an API manager enables organizations to introduce new features, improvements, and bug fixes without disrupting the existing ecosystem of client applications. By keeping multiple versions of the API running, users can upgrade to new APIs at their own pace. This ensures a smooth transition and allows organizations to provide enhanced functionalities while minimizing disruptions for their clients. For instance, a software company might use version control to release new updates and patches to their API without breaking existing apps.