API Products
An API product is a curated bundle of one or more gateway services published for developer consumption through the Developer Portal. API products provide a layer of abstraction between the internal service architecture and the developer-facing API catalog, allowing providers to control what developers see and how they access APIs.
Product Types
API7 supports two types of API products:
Gateway Products
Gateway products are linked to published services in API7 Gateway. When you create a gateway product, you associate it with one or more published services and their hosts. The portal automatically generates API documentation from the OpenAPI specifications attached to those services.
Changes to the underlying published services (such as route updates or new endpoints) are automatically reflected in the API product, eliminating manual synchronization.
External Products
External products represent APIs that are not managed by API7 Gateway. You provide an OpenAPI specification (JSON or YAML) and one or more server URLs. External products allow you to include third-party or legacy APIs in your developer portal catalog alongside gateway-managed APIs.
External products do not support subscriptions or credential-based authentication because API7 Gateway does not proxy their traffic.
Visibility
Each API product has a visibility setting that controls who can see it in the Developer Portal:
| Visibility | Behavior |
|---|---|
| Public | Visible to all visitors, including unauthenticated users. |
| Logged in | Visible only to authenticated developers. |
Authentication
Gateway API products can require one or more authentication methods. When a developer subscribes and creates credentials, the portal pushes the authentication configuration to the gateway data plane.
Supported authentication types:
| Type | Description |
|---|---|
| Key Authentication | Developers generate an API key and include it in requests. |
| Basic Authentication | Developers use a username and password pair. |
| DCR (Dynamic Client Registration) | Developers register OAuth 2.0 clients with an identity provider through the portal. Requires a configured DCR provider. |
You can enable multiple authentication types on a single product. The authentication configuration is locked after the product is published. To change authentication types, you must unpublish the product first.
Status Lifecycle
An API product has two statuses:
| Status | Behavior |
|---|---|
| Draft | Not visible on the Developer Portal. All fields are editable. |
| Published | Visible on the Developer Portal (subject to visibility settings). Authentication configuration is locked. |
Publishing an API product pushes its authentication rules to the gateway services it is linked to. Reverting a product to draft removes those rules and cancels all active subscriptions.
Linked Gateway Services
A gateway API product is associated with one or more published services through linked gateway services. Each link specifies:
- Gateway group: The gateway group where the service is published.
- Service: The published service to include in the product.
- Hosts: (Optional) Specific hosts to expose. If omitted, all hosts of the service are included.
The API documentation displayed to developers is derived from the OpenAPI specifications of the linked services.
Notifications
API products support event-based notifications that alert administrators and developers about subscription lifecycle events. Notification channels include email and webhooks. See Manage Subscriptions for details on configuring notifications.