An API creator blocks subscription to an API as a way of disabling access to it and managing its usage and monetization. A blocking can be temporary or permanent. You get an
unblock option to allow API invocations again.
You block APIs by subscriptions. That is, a given user is blocked access to a given API subscribed to using a given application. If a user is subscribed to two APIs using the same application and you block access to only one of the APIs, s/he can still continue to invoke the other APIs that s/he subscribed to using the same application. Also, s/he can continue to access the same API subscribed to using different applications.
Blocking happens in two levels:
- Block production and sandbox access: API access is blocked with both production and sandbox keys.
- Block production access only: Allows sandbox access only. Useful when you wants to fix and test an issue in an API. Rather than blocking all access, you can block production access only, allowing the developer to fix and test.
When the API Gateway caching is enabled (it is enabled by default), even after blocking a subscription, consumers might still be able to access APIs until the cache expires, which happens approximately every 15 minutes.
Let's get started. See the video tutorial here or a step-by-step walk-through of the video tutorial below.
Here's a step-by-step walk-though of the video tutorial:
- Log in to the API Publisher.
- Create two APIs by the names
TestAPI2and publish them to the API Store.
- Log in to the API Store. Click the APIs menu and note that the two APIs are visible in the APIs page.
- Subscribe to both APIs using the same application. You can use an existing application or create a new one.
- Click the APPLICATIONS menu, click the application that you used to subscribe to the API with (
DefaultApplicationin this example), go to its Production Keys tab, and re-generate its access token. By default, access tokens expire an hour after creation.application.
Invoke both APIs using the access token you got in the previous step. We use cURL here. The command is,
Be sure to replace the placeholders as follows:
- <access token>: Give the token generated in step 5
<API URL>: Go to the API's Overview tab in the API Store and copy the production URL and append the payload to it.
Here's an example:
You have subscribed to two APIs and invoked them successfully. Let's block one subscription and see the outcome.
- Log back to the API Publisher.
- Click MANAGE SUBSCRIPTIONS. It shows all APIs/applications that each user is subscribed to.
- Block subscription for
DefaultApplication. Select the
production and sandboxoption and click the Block link.
- Note that the Block link turns to Unblock, allowing you to activate the subscription back at any time.
Invoke the two APIs (
You might have to regenerate the access token for
DefaultApplicationas done in step 5, if the access token expiration time (1 hour by default) has passed since the last time you generated it.
Note that you can invoke
TestAPI2again but when you invoke
TestAPI1, it gives a message that the requested API is temporarily blocked. Neither the API creator nor any subscriber can invoke the API until the block is removed.
Tip: You might still be able to invoke an API within 15 minutes after blocking a subscription, until the cache is renewed.
- Back in the API Store, click the APPLICATIONS menu, select the application that you used to subscribe to the two APIs earlier, click its Subscriptions tab, and note that your subscription is now blocked.
You can go to the API Publisher and unblock the subscription anytime. You have subscribed to two APIs, blocked subscription to one and tested that you cannot invoke the blocked API.