Version: latest

Manage API Products

API products are the primary way to expose APIs to developers through the Developer Portal. This guide covers how to create, configure, and publish API products using the Admin API and ADC.

Create a Gateway API Product

A gateway API product links to published services in API7 Gateway, automatically generating API documentation from their OpenAPI specifications.

Using Admin API

Send a request to create a gateway API product:

curl "https://{ADMIN_API_URL}/api/portals/{portal_id}/api_products" \
  -H "Authorization: Bearer $API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Payments API",
    "desc": "Payment processing APIs for developers",
    "type": "gateway",
    "visibility": "public",
    "subscription_auto_approval": false,
    "auth": {
      "key_auth": {}
    },
    "linked_gateway_services": [
      {
        "gateway_group_id": "<gateway-group-id>",
        "service_id": "<service-id>",
        "linked_hosts": ["payments.example.com"]
      }
    ]
  }'

Key parameters:

Parameter	Required	Description
`name`	Yes	Display name for the API product.
`type`	Yes	`gateway` for gateway-managed services, `external` for external APIs.
`visibility`	Yes	`public` (shown as Public in the UI — visible to all) or `logged_in` (shown as Logged in in the UI — visible to authenticated developers only).
`auth`	No	Authentication types to enable. Supports `key_auth`, `basic_auth`, and `dcr`.
`subscription_auto_approval`	No	Set to `true` to auto-approve subscription requests. Default is `false`.
`linked_gateway_services`	No	Array of gateway services to include in the product.

Prerequisites for Gateway Products

Before linking a service to an API product:

The service must be published to a gateway group.
The service should have an OpenAPI specification uploaded. This provides the API documentation displayed to developers.
Do not enable authentication plugins (such as key-auth or basic-auth) directly on the service. API product authentication configuration handles this. Mixing both can cause authentication conflicts.

Create an External API Product

An external API product represents APIs not managed by API7 Gateway. You provide an OpenAPI specification and server URLs.

curl "https://{ADMIN_API_URL}/api/portals/{portal_id}/api_products" \
  -H "Authorization: Bearer $API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Legacy Billing API",
    "desc": "Documentation for the legacy billing system",
    "type": "external",
    "visibility": "public",
    "raw_openapi": "<openapi-spec-as-string>",
    "server_urls": ["https://billing.internal.example.com"]
  }'

External products do not support subscriptions, credentials, or authentication because API7 Gateway does not proxy their traffic.

Configure Authentication

Gateway API products support the following authentication types:

Key Authentication

{
  "auth": {
    "key_auth": {}
  }
}

Developers create API keys in their applications and include them in API requests.

Basic Authentication

{
  "auth": {
    "basic_auth": {}
  }
}

Developers create username/password credentials and use HTTP Basic Authentication.

DCR (Dynamic Client Registration)

{
  "auth": {
    "dcr": {
      "dcr_provider_id": "<dcr-provider-id>"
    }
  }
}

Developers register OAuth 2.0 clients through the portal. Requires a configured DCR provider.

You can enable multiple authentication types simultaneously:

{
  "auth": {
    "key_auth": {},
    "basic_auth": {},
    "dcr": {
      "dcr_provider_id": "<dcr-provider-id>"
    }
  }
}

caution

Authentication configuration is locked after the product is published. To change authentication types, unpublish the product first. Unpublishing cancels all active subscriptions.

Link Gateway Services

Add linked services when creating or updating a gateway API product. Each linked service specifies a gateway group, service, and optionally specific hosts:

curl -X PUT "https://{ADMIN_API_URL}/api/portals/{portal_id}/api_products/{product_id}" \
  -H "Authorization: Bearer $API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "linked_gateway_services": [
      {
        "gateway_group_id": "<gateway-group-id>",
        "service_id": "<service-id>",
        "linked_hosts": ["api.example.com"]
      },
      {
        "gateway_group_id": "<gateway-group-id>",
        "service_id": "<another-service-id>"
      }
    ]
  }'

A service can only be linked to one API product. Attempting to link a service that is already associated with another product results in an error.

Publish and Unpublish

Publish

Publishing makes the API product visible on the Developer Portal and pushes authentication configuration to the linked gateway services:

curl -X PUT "https://{ADMIN_API_URL}/api/portals/{portal_id}/api_products/{product_id}" \
  -H "Authorization: Bearer $API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "status": "published"
  }'

Unpublish (Revert to Draft)

Reverting to draft removes the product from the Developer Portal, removes authentication rules from the gateway, and deletes all active subscriptions:

curl -X PUT "https://{ADMIN_API_URL}/api/portals/{portal_id}/api_products/{product_id}" \
  -H "Authorization: Bearer $API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "status": "draft"
  }'

Configure Notifications

API products support notifications for subscription lifecycle events. Configure contact points and events:

curl -X PUT "https://{ADMIN_API_URL}/api/portals/{portal_id}/api_products/{product_id}" \
  -H "Authorization: Bearer $API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "notifications": [
      {
        "event": "subscription_approval_created",
        "type": "email",
        "contact_point_ids": ["<contact-point-id>"]
      },
      {
        "event": "subscription_approval_accepted",
        "type": "webhook",
        "contact_point_ids": ["<webhook-contact-point-id>"]
      }
    ]
  }'

Supported notification events:

Event	Trigger
`subscription_approval_created`	A developer submits a subscription request.
`subscription_approval_accepted`	An administrator approves a subscription.
`subscription_approval_rejected`	An administrator rejects a subscription.
`subscription_approval_cancelled`	A subscription is cancelled.

Delete an API Product

Deleting an API product also deletes all associated subscriptions, pending approvals, and removes authentication rules from linked gateway services:

curl -X DELETE "https://{ADMIN_API_URL}/api/portals/{portal_id}/api_products/{product_id}" \
  -H "Authorization: Bearer $API_TOKEN"

Create a Gateway API Product​

Using Admin API​

Prerequisites for Gateway Products​

Create an External API Product​

Configure Authentication​

Key Authentication​

Basic Authentication​

DCR (Dynamic Client Registration)​

Link Gateway Services​

Publish and Unpublish​

Publish​

Unpublish (Revert to Draft)​

Configure Notifications​

Delete an API Product​

Additional Resources​