Onboard APIs¶

API management helps organizations secure, govern, scale, and monetize their APIs. By onboarding APIs to the Yappes platform, one can easily facilitate all of these factors. You can ensure that:

The APIs are secure and protected from unauthorized access
It’s easier for developers to discover, understand, and consume the APIs within their organization
Analytics and reporting capabilities explicitly help you gather insights into API usage, performance, and trends

Through the My APIs functionality of API Manager, the user with the role of platform-admin, api-developer or api-product-manager can onboard the API within the organization they are part of by following a user-friendly three-step process. Once the API has been onboarded, they can:

Define a standardized set of policies to protect it
Configure TLS to enforce an added layer of security through HTTPS
Set a tryout quota to limit and monitor API usage
Add subscription plans to monetize it
Define licenses for public or private use

Overall, onboarding APIs to the Yappes platform streamlines the API lifecycle, enhances security, improves developer experience, provides analytics, and enables scalability and performance optimization.

Prerequisites:¶

S.No.	Requirement
1.	platform-admin/api-developer/api-product-manager role.
2.	Internal organization access.
3.	Backend API URL.
4.	Publishing Domain, if Using a Custom Domain.
5.	API Logo (jpeg or png only)
6.	Marketplace Tags. (Create one if not already.)
7.	TLS Certificates. (Create one if not already.) Optional.
8.	Open API file for Endpoints. Optional
9.	Endpoint Path.
10.	OAuth1 and OAuth2 Values, if Using for Authentication.
11.	Application for API Tryout. (Create one if not already.)
12.	Read Me and License Details.

Steps for onboarding an API¶

Before proceeding with the steps, ensure you meet all the above requirements. If you do, then move on to the following steps.

Step 1 - Add basic information; configure environments; choose tags, and test the connection¶

The first step of onboarding an API at Yappes requires adding basic details: API name, Backend API URL, API Description, and Publishing Domain while configuring the environments with TLS. You can also utilize the Marketplace Tags that help you categorise the API for easy discoverability. Furthermore, it enables you to test the connection and use a logo for the API that would be visible to the consumer when they subscribe to it.

To onboard the API and perform all the necessary actions, do the following:

From your home screen, go to Manage APIs → My APIs.

Then, click the Onboard API.

This will start the onboarding process with the fields to add the Basic Information. Define the values in fields as appropriate:
- API name
- Backend API URL (URL where the API is located)
- Description
- Choose Domain:
  - Custom (The root domain or a subdomain of a registered internet domain where you want to onboard the API, for example, api.yappes.com)
  - Default (The same domain where the Yappes platform is provided to you)

Once done, click Save.

Info

Fields with asterisk (*) are mandatory.

Your changes will be saved, and new fields will open where you can configure backend environments, add an API logo, assign marketplace tags and test the route map connection. In order to change the URL of the Development, Testing or Production backend environment, do the following:

Go to the Configure Environments define new URLs for the Development, Testing or Production backend environment.
Once done, click Update.

If you need to enforce any shared resources, such as TLS certificates, to any of the environments, then:

Click on the Configure TLS button for the respected environment.

In the SSL/TLS Certificates popup shown, first, select the Cert Type:
- PFX P12
- Or, Cert Key CA

If you select PFX P12 → then select the created shared resource in the Selected PFX field.
If you select Cert Key CA, then:
- First, select the shared resource for the Selected Certificate
- Then, for Selected Key
- Finally, for the Selected CA

Once done, click Save.

Info

Configuring TLS requires authorized certificates. If you haven’t created one, then learn how to do it in the Shared Resources article.

After configuring the TLS for the backend API URLs, you need to add a logo and then choose a marketplace tag(s) for easy recognition and discoverability in the listing. In order to do that:

Go to API Logo and click Upload.
Choose the logo file and upload it.

Then, go to the Marketplace Tags and click on the Search Tags field.
Select the available tags from the menu.

Info

If there are no marketplace tags available. You need to create one using the Marketplace Tags functionality in the Admin Console.

Once you have added the logo and tags, you need to check whether the proxy URL (where you’re onboarding the API) and the Backend API URL are connecting successfully or not. To do so:

Go to the Configure Route Map section and click the Test Connection button.

If the connection is successful, click Next to move on to the next step.

If the connection test isn’t successful, then the possible reason is that the environments aren’t on the same path. Go to the Configure Environment sections section and ensure the URLs are correct. Then, run the test again, and if it’s successful, click Next.

If you don’t want to continue the step but want to proceed later, you can also click Save and Exit, and it will save all the details and add the API to the list as unpublished, like the following:

In the next step, you can manage Endpoints as well as add authentication for the Tryout.

Step 2 - Manage endpoints; add authentication, and tryout response¶

In this step, you will add and configure the endpoints for your API, which could be done manually or using an OpenAPI file (Swagger Spec). Endpoints represent the different functionalities or operations that your API provides. They help you define the specific operations that developers can access and utilize when interacting with your API.

Apart from adding the Endpoints for the API, you can also add authentication such as HTTP Basic, Header, OAuth1 & 2, and Query Parameter. By setting up an authentication method, you ensure that only the user with the correct authentication can Tryout the API.

To manage the endpoints and set up authentication, follow the below sections:

Manage endpoints¶

Registering endpoints for the API can be done by uploading an OpenAPI file. To do so:

Go to the Open API File section and click Upload.

In the popup shown, enter the file Version number.
Then, click Select File. Browse the file on your device and select it.

After selecting the file, click Upload.

(Todo) Example of Swagger file needs to be added here

If you need to register the endpoints manually, then in that case, you can follow the below steps:

Go to the Endpoint section and click Add.

In the popup shown, enter the Endpoint details in the fields as appropriate:
- Enter the Endpoint Name
- Then, Endpoint Path
- Select the Method - GET | PUT | POST | DELETE | PATCH
- Then, select the Content Type - application/json | application/x-www-form-encoded | multipart/form-data | application/xml
- Add the Description

Click Add Endpoint.

This will add the endpoint for the API. If you need to add multiple endpoints, you can simply repeat this step and choose a different Method and Content Type according to the requirements.

Add authentication¶

Once you add the Endpoints, the Tryout functionality will be active, and you can try out the response of the API you’ve onboarded. However, when developers or consumers try to consume the API, you might want to add authentication so that only users with access (authentication details) can do API calls and test the responses. Therefore, to add an authentication rule to the API, you need to do the following:

Go to the Authentication section → click Add.

In the popup shown:
- Choose the Authentication Type - HTTP Basic | Header | OAuth1 | Query Parameter | OAuth 2
- Add required details based on the selected Authentication

Once done adding the details, click Add Authentication.

Tip

For a detailed explanation of adding different authentication types, follow the instructions mentioned on this page.

This will add the authentication for the API.

If you need to make changes to it or delete it:

Simply click Edit or Delete and confirm your choice in the popup, followed by the action.

Tryout¶

Once you’ve added the Endpoints, the onboarded API is ready to test. You can utilize the Tryout functionality that becomes available in the same, Manage Endpoints section, soon after that. To test the API:

Simply click the Tryout button.

The Endpoint Tryout window will open with details of:
- Endpoints Used
- Endpoint Details
- X-yappes key
- X-Yappes-Subkey
- X-accept-version
- API Request examples using Curl, JavaScript, Python, and Php
- Remaining Tryouts

By default, the X-yappes key is set to Default Application. Therefore, if you’ve created the Application, switch to it before running the tryout operation.

Go to the X-yappes key.
Click the drop-down and select your Application.

Then, click Tryout operation.

Check the Response URL and Response; if correct, you can move to the next step. Click Back and then click Next to move on to the next step.

You can also click Save and Exit to continue later.

Step 3 - Set tryout quota; create subscription plans; add API monitor policies and define read me and license text¶

In this step, you can set the transaction threshold to tryout the API without a subscription.

Setting up a tryout quota is essential as it allows consumers to test and understand different aspects of an API, such as functionality, performance and suitability before they subscribe to it. Furthermore, the API tryout quota helps you manage its usage by ensuring that the resources are allocated properly without overuse.

The quota you’d set here will be on a per-user basis. With subscription plans, you can monetize your APIs effectively by offering different subscription tiers with varying usage limits. With tryout quotas and subscription plans for APIs, you can balance resource allocation, provide value-based access, generate revenue, and support users. It allows both API providers and consumers to understand the API's usage and benefits clearly.

To set the tryout quota for the API, you need to:

Go to the Tryout quota section and define values for:
- Number of transactions
- Quota Period - Daily | Monthly

Then, to create subscription plans for the API:

Go to the Subscription Plans and click Create Subscription Plan.

A Create Subscription Plan popup will be shown. It provides you with the options to create your subscription tiers:
Free
Paid
Freemium

Note

You can only create one subscription plan of each type, such as free, paid, and freemium. This applies to all subscription types offered.

Select the plan type, then add the details for the plan and click Create.

Once the plans have been created, they appear in the subscriptions column as follows.

Tip

For a detailed explanation of creating different subscription plans, see Monetize APIs.

After the plans, you can add API monitors:

Go to the API Monitor section and click Add API Monitors.

This adds the API Monitor, so that you can attach monitor policies. To do that:

Go to the Policy section and click Attach Policy.

If there are policies already available, you can find them in the list.

Simply select the policies from the list and click Update.

If you need to attach a new policy:

Click Create New Policy.
Then, in the fields available, enter the values:
- Select the Policy Type - Request Limit | Request Limit (IP Blocking) | Error code notification
- Based on the selected policy type, enter the values in the remaining fields
- If you need to send a notification about the policy, set Notification to Enabled
- Then, enter the emails whom you need to notify

Once you have added all of these, click Create and Attach.

The added policy will appear in the policy list.

Info

For a detailed explanation of creating different monitor policies, visit Monitor & Analytics

Once you’ve attached the policy, you need to add a read me text and license. So for that:

Go to the Read Me section and add your read me file text.
Then, go to the License section and add your license details.

Here’s the example of Read Me and License you can use for the API.

Read Me file example. Todo

This is the read me file.

License example. Todo

This is the license example for the license file.

Once you’ve added the information regarding Read Me and License, you need to review the details you’ve added. To do that:

Click Preview.

This will save all the details, and you can preview the API before publishing it.

The API details page in the preview.

Now, based on your user role, you’ll get the option to either save the API or Publish it.

If you’re onboarding the API as an platform-admin or api-product-manager, then you get the option to Finish and Exit as well as Finish and Publish the API.

If you need to save the API, click Finish and Exit. But if you need to publish it, click Finish and Exit. The published API will be added to APIs list and you can see the success notification.

If you’re onboarding the API as an api-developer, then you get the option to Finish and exit.

Simply click the available option, and you can see the API in the My APIs list as an unpublished list, like the following.

In order to publish this unpublished API, the product manager needs to edit the API and then publish it. By following the steps mentioned in the following article, the product manager can learn how to publish an API.

Publish an API

That’s it; you’ve successfully onboarded the API. To perform other tasks on your API, follow the instructions mentioned in the following article.

Change Ownership, Unpublish, Decommission and Delete an API