WSO2 API Manager: API Controller — API Provider Name is not mandatory anymore when exporting an API

During the API export process using API Controller (apictl), the name of the API Provider should not be a mandatory value, because when having more API providers, it is hard to define the correct API provider for each export request. It is clear that the API provider’s tenant domain is required to uniquely identify an API.

This article will discuss the way to do the export process by considering the logged-in user’s tenant domain and checking it with the API provider’s tenant thus leads a way to export an API without specifying the provider’s name explicitly.

Prerequisites

Under the assumption that you have already installed Oracle Java SE Development Kit (JDK) version 11.\* or 1.8.\* and set the JAVA_HOME environment variable (For more information on setting the JAVA_HOME environment variable for different operating systems, see Setup and Install.) you need to satisfy the below requirements. Also, this demonstration will be done on Linux (Ubuntu 18.04.4 LTS) environment.

Demonstration

Step 1 — Create two tenant domains

Create two tenant domains named test1.com and test2.com where each of the tenant domains has two admins named admin1 and admin2, as shown in the below table. (Refer here for tenant creation using WSO2 API Manager)

Why do all the user roles which have chosen are admins?

According to documentation import-export permission is given to admin user roles by default. So it is easy to test using admin user roles. (Otherwise, we can create other user roles by manually assigning the required permissions and scopes as explained here.)

Step 2 — Import an API by logging into a specific environment

First, we need to create an environment using the below command.

apictl add-env -e production --registration https://localhost:9443 --apim  https://localhost:9443 --token https://localhost:8243/token
Create an environment named production

Now, initialize an API using the below command.

apictl init Petstore --oas https://petstore.swagger.io/v2/swagger.json
Initialize an API

Login to a specific environment using the below command.

apictl login production -k
Log in to the production environment

Import the created SwaggerPetstore API to the particular environment. Note that, here we need to pass the flag — preserve-provider=false, so that the provider will be updated as the current logged in user who is admin1@test1.com.

apictl import-api --file ./Petstore --environment production -k --preserve-provider=false
Import the created API to the production environment by user admin1@test1.com

Step 3 —Export the created API

Two scenarios can be considered here.

Scenario 1 — Export the API in the same tenant domain

Use the below command to export as the same logged-in user as previously by specifying the provider name (-r admin1@test1.com).

apictl export-api -n SwaggerPetstore -r admin1@test1.com -v 1.0.3 -e production -k
Export as the API as the same logged-in user by specifying the provider name

Or else you can use the below command without specifying the provider name. It will work too, because it allows a user who belongs to the same tenant domain as the API was imported, to export the API. Here the exporting user is similar to the provider who imported it, so no error will occur.

apictl export-api -n SwaggerPetstore -v 1.0.3 -e production -k
Export as the API as the same logged-in user without specifying the provider name

Now let us try to export the API as a different logged-in user who belongs to the same tenant domain.

First, log in to the environment using the below command as a different user (admin2@test1.com) but who belongs to the same tenant domain (test1.com) as the one who imported the API earlier.

apictl login production -k
Log in to the production environment as admin2@test1.com who belongs to the same tenant domain (test1.com)

Use the below command to export the API by specifying the provider name (-r admin1@test1.com).

apictl export-api -n SwaggerPetstore -r admin1@test1.com -v 1.0.3 -e production -k
Export as the API as a different user who belongs to the same tenant domain by specifying the provider name

Or else you can use the below command without specifying the provider name. It will work too, because it allows a user who belongs to the same tenant domain as the API was imported, to export the API. Here the exporting user belongs to the same tenant domain (test1.com) as the provider who is admin1@test1.com.

apictl export-api -n SwaggerPetstore -v 1.0.3 -e production -k
Export as the API as a different user who belongs to the same tenant domain without specifying the provider name

Scenario 2 — Export the API in a different tenant domain

Now let us try to export the API as a different logged in user but belongs to a different tenant domain. (This should NOT work)

First, log in to the environment using the below command as a different user (admin1@test2.com) who belongs to a different tenant domain (test2.com).

apictl login production -k
Log in to the production environment as admin1@test2.com who belongs to a different tenant domain as API was imported (test2.com)

Use the below command to export the API by specifying the provider name (-r admin1@test1.com). This does not work because the user admin1@test2.com is not allowed to export an API that has been imported by a user in another tenant domain (test1.com).

apictl export-api -n SwaggerPetstore -r admin1@test1.com -v 1.0.3 -e production -k
Export as the API as a different user who belongs to a different tenant domain by specifying the provider name

Or else you can use the below command without specifying the provider name. It will not work too, because it could not find an API that has the same name and the version which belongs to the same tenant domain. In other words, there is not any provider who belongs to the particular domain (test2.com) who has imported the API.

apictl export-api -n SwaggerPetstore -v 1.0.3 -e production -k
Export as the API as a different user who belongs to a different tenant domain without specifying the provider name

Conclusion

As shown, this article demonstrated a way to export an API using API Controller (apictl) by considering the logged-in user’s tenant domain and checking it with the API provider’s tenant. Thus can say that during the API export process using API Controller (apictl), the name of the API Provider is not a mandatory value anymore.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store