Configure APIs and Methods Privacy

Configure APIs and Methods Privacy

Summary

You can define the privacy of your APIs and methods to grant access only to users you want, or revoke accesses when you require it.


Privacy rules

You can set up the visibility of APIs and methods, i.e. whether they would be public or private.

The following table explains the possible privacy combinations of APIs and methods:

Privacy Policy
Public method
Private method
Public API
AllRegitated developers can access the API and the method.


Unauthenticated visiting users can see the details of the API and the method		Only developers you shared at least one API method can access the API and only the methods that have been shared


Unauthenticated visiting users can access the API but cannot see the details of the methods
Private API
AllRegitated developers can access the API and the method.


Unauthenticated visiting users cannot access the API		Only developers you shared at least one API method can access the API and only the methods that have been shared


Unauthenticated visiting users cannot access the API

The visibility of APIs could define it when creating or editing the API, while the visibility of methods when creating or editing the method. In both cases, the option would be engraved with the visibility selector.

Applications

Applications are managed on the developer portal. Users accessing the portal can create, edit and delete their applications containing credentials to consult APIs methods.

Applications contain a Key API that would be used to make requests to methods when they are protected under that mode. Key APIs do not expire, although the user who owns the application can refresh their values.

When your account has enabled the protection functionality of methods using OAuth20, the applications would contain a ClientId and ClientSecret which should be used to make them.

Set up API privacy

If you define the API as private, a lock icon would be displayed.

Keep in mind that APIs are not shared with developer users, what are shared are their methods.

Set up privacy of methods

Methods can be protected by Keys API or the OAuth2.0 protocol.

Keys API protection

You can protect your methods using Keys APIs by setting up whether they should be sent as a signer or as a header.

If you set up As parameter the value of the Key API should be sent in the auth_key parameter.

If you set up As header API Key should be sent as the Authorization header value.

OAuth20 protection

In protecting your methods with OAuth20 you should complete a form with the appropriate configuration.


Access to private methods

When accessing the developer's portal, if a user does not have access to the method, an information message would be displayed.



    • Related Articles

    • Create APIs methods

      Summary In the article Create and manage APIs versions The first necessary steps to create APIs were shown. Methods define the action to be taken on a particular esource. As a first step you should select the option of Add Methodin the API. Add ...

    • Create and configure APIs

      Summary APIs would be exhibited on the developer portal. An API can contain multiple versions, and each of the minimum versions. To create an API you must go to APIs > New APIs. Configure APIs When creating a new API you should complete the Title, ...

    • Configure context variables at method parameters

      Summary Context variables allow you to associate values assigned to the account, users and applications to APIs parameters values. By setting up the API method you can relate its parameters to context variables. When a request is made to the method, ...

    • Audit API

      Summary The Audit API allows you to consult audit records in detail of applications received and responses submitted from APIs methods. Through this API you can learn the details of each of the requests made to your APIs and the responses submitted. ...

    • Administrative APIs: introduction

      Administrative APIs would allow you to check your account data. Administrative APIs you can consult: Statistics for the use of your APIs Audit queries made to your APIs and responses delivered Health of Methods (SLO) List of users of your account ...