Summary
You can define the privacy of your APIs and methods to grant access only to users you want, or revoke accesses when you require it.
Privacy rules
You can set up the visibility of APIs and methods, i.e. whether they would be public or private.
The following table explains the possible privacy combinations of APIs and methods:
Privacy Policy
| Public method
| Private method
|
Public API
| AllRegitated developers can access the API and the method.
Unauthenticated visiting users can see the details of the API and the method | Only developers you shared at least one API method can access the API and only the methods that have been shared
Unauthenticated visiting users can access the API but cannot see the details of the methods |
Private API
| AllRegitated developers can access the API and the method.
Unauthenticated visiting users cannot access the API | Only developers you shared at least one API method can access the API and only the methods that have been shared
Unauthenticated visiting users cannot access the API |
The visibility of APIs could define it when creating or editing the API, while the visibility of methods when creating or editing the method. In both cases, the option would be engraved with the visibility selector.
Applications
Applications are managed on the developer portal. Users accessing the portal can create, edit and delete their applications containing credentials to consult APIs methods.
Applications contain a Key API that would be used to make requests to methods when they are protected under that mode. Key APIs do not expire, although the user who owns the application can refresh their values.
When your account has enabled the protection functionality of methods using OAuth20, the applications would contain a ClientId and ClientSecret which should be used to make them.
Set up API privacy
If you define the API as private, a lock icon would be displayed.
Keep in mind that APIs are not shared with developer users, what are shared are their methods.
Set up privacy of methods
Methods can be protected by Keys API or the OAuth2.0 protocol.
You can protect your methods using Keys APIs by setting up whether they should be sent as a signer or as a header.
If you set up As parameter the value of the Key API should be sent in the auth_key parameter.
If you set up As header API Key should be sent as the Authorization header value.
In protecting your methods with OAuth20 you should complete a form with the appropriate configuration.
Access to private methods
When accessing the developer's portal, if a user does not have access to the method, an information message would be displayed.