API Publisher provides several mechanisms to control and monitor subscriber usage and monetize APIs. The following topics describe some of them:
The API creator can block a particular subscription on an API to disable access to it until s/he decides to unblock it again. Once an API creator blocks access on a selected subscription, neither a consumer nor the application owner can invoke the subscribed API from the application, until it is unblocked again. This feature allows API creators to control usage of APIs among API consumers. The blocking can be done in two levels.
- Block production and sandbox access: API access is blocked with both production and sandbox keys.
- Block production access only: This blocking allows sandbox access. This is useful when a user wants to fix and test an issue in an API. Rather than blocking all access, the manager can block production access only, allowing the developer to fix and test.
API Publisher provides you the Subscriptions page to view and manage all subscriptions to the APIs you created. The steps below explain how to view subscriptions and revoke access rights.
- Log in to the API Publisher
(https://<HostName>:9443/publisher)as a user who has the creator role assigned. For more information on creating users and assigning roles, refer to section Managing Users and Roles.
- Click the Subscriptions menu to open the Subscriptions window.
The window displays the following information:
- Users: Usernames of users who have subscribed to the API through the API Store. For instructions on subscribing, see Subscribing to APIs.
- Application: An application is a logical collection of one or more APIs, and is required when subscribing to an API.
- Subscribed APIs : List of all APIs a given user is subscribed to on a given application. Since API keys are generated at the application-level and valid for all APIs that are associated with an application, all APIs subscribed through the same application can be accessed using a single API key.
- Actions: The supported actions on each subscription. Currently, the API Manager provides Block action to each subscription. It allows the API creator to block a particular subscription on an API. Once a subscription is blocked, neither its users nor the application owners can invoke the subscribed API from the application. To allow APIs invocations back, the API creator has to unblock the subscription.
- To block a subscription, go to the Actions column. Choose one of the available Blocking options (e.g., Production or Production & Sandbox) and click Block. The link immediately turns to Unblock. You can click Unblock any time to unblock the subscription and allows API consumers to use the subscription again. Note that when API Gateway caching or Key Manager caching is enabled (validation information cache), even after blocking a subscription, user can access APIs until the cache expires. By default, Gateway caching is enabled in the API Manager.
In an environment where Gateway caching is enabled (which it is by default), blocking a subscription will not affect the tokens that are already cached on the Gateway. Meaning that tokens belonging to the particular subscription will still be active on the Gateway until the cache is invalidated/expired.
Monitoring and billing
For information, see Monitoring, Statistics and Billing.