This documentation is for WSO2 API Manager 1.4.0 View documentation for the latest release.
API Visibility - API Manager 1.4.0 - WSO2 Documentation
||
Skip to end of metadata
Go to start of metadata

API visibility in super-tenant mode

When creating an API in the super tenant mode using API Publisher, you can set its level of visibility to either Public or Restricted by Roles in the Add New API page as shown below.

  • Public : The API is visible to all subscribers as well as anonymous users of the API store
  • Restricted by Roles : The API is visible only to specific roles

When Restricted by Roles is selected, a new field called Visible to Roles appears where you can specify the user roles that have access to the API. These roles can be given in a comma-separated list (no spaces).

If you specify the default subscriber role here, any user who self-subscribes to the API Store will be able to access the API. That is because the API Manager assigns the subscriber role to all users who sign up to the API Store. 

After a created API is published, it becomes visible in the API Store. Subscribers can see an API depending on its visibility level as follows:

  • Anonymous users : All APIs with Public visibility
  • Signed-up users : All APIs with Public visibility as well as Restricted by Roles APIs that are visible to a role the user is assigned to

API visibility in multi-tenant mode 

When creating an API in the tenant mode using API Publisher, you can set its level of visibility to either Public,Restricted by Roles or Restricted by Tenants in the Add New API page as shown below.


  • Public : The API is visible across all the tenants as well as anonymous users of the API store 
  • Restricted by Roles : The API is visible only to specific roles within a tenant space 
  • Restricted by Tenants  : The API is visible among a set of selected tenants

When Restricted by Roles is selected, a new field called Visible to Roles appears where you can specify a set of roles within a tenant space that has access to the API. These roles can be given in a comma-separated list (no spaces). If no roles are specified here, API will be visible to all users in this tenant space.

When Restricted by Tenants is selected, a new field called Visible to Tenants appears where you can specify a set of tenant domains that has access to the API. These domains can be given in a comma-separated list (no spaces).  

After a created API is published, it becomes visible in the API Store. In a multi-tenant environment, the API Store has two views. One is the public API Store and the other is the tenant's API Store. The APIs, a subscriber sees depend on their visibility levels as well as which API Store s/he is looking at.

APIs in the public API Store

Any user can log in to the public API Store and subscribe to APIs. Subscribers can see an API depending on its visibility level as follows:

  • Anonymous users : All APIs with Public visibility
  • Signed-up users : All APIs with Public visibility as well as Restricted by Tenants APIs that were created within the current user's tenant domain

There is a link in the public API Store that directs users to the tenant’s API Store. Tenant's API Store is the API Store specific to the tenant domain the user belongs to. You can also access it with the URL http://<hostname>/Store?tenant=<tenantdomain.com>.

APIs in the tenant's API Store

Any subscriber viewing his/her tenant's API Store can see an API depending on its visibility level as follows:

  • Anonymous users:
    • APIs that have Public visibility and created within the current user's tenant domain
    • APIs that have Public visibility and created by non-tenant users

  • Signed-In/Logged in users :
    • APIs that have Public visibility and created within the current users tenant domain
    • APIs that have Public visibility and created by non tenant users
    • Restricted by Tenants APIs created within the current user's tenant domain
    • Restricted by Tenants APIs shared within the current user's tenant domain
    • Restricted by Roles APIs created within the current user's tenant domain and are allowed to be accessed by the role of the current user

Go back to API Visibility field in Creating an API page.

  • No labels