Version: 3.9.x

Manage API Products

API products are the primary way to expose APIs to developers through the Developer Portal. This guide covers how to create, configure, and publish API products using the Provider Portal Admin API.

Prerequisites

Create a token by following Obtain a Token from the Dashboard and export it:

export API_KEY="a7ee-xxxxxxxxxxxxx"

Create a Gateway API Product

A gateway API product links to published services in API7 Gateway, automatically generating API documentation from their OpenAPI specifications.

Using Admin API

Send a request to create a gateway API product:

curl -k "https://localhost:7443/api/api_products?portal_id={portal_id}" \
  -H "X-API-KEY: ${API_KEY}" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Payments API",
    "desc": "Payment processing APIs for developers",
    "type": "gateway",
    "visibility": "public",
    "subscription_auto_approval": false,
    "auth": {
      "key-auth": {}
    },
    "linked_gateway_services": [
      {
        "gateway_group_id": "<gateway-group-id>",
        "service_id": "<service-id>",
        "linked_hosts": ["payments.example.com"]
      }
    ]
  }'

If you are not running locally, replace localhost with your Dashboard host. The -k flag is required if the Dashboard uses a self-signed TLS certificate.

❶ name is the display name shown to developers in the Developer Portal.

❷ type: "gateway" creates a gateway-managed API product. Use external for APIs not managed by API7 Gateway.

❸ visibility controls who can see the API product. Use public for all developers or logged_in for authenticated developers only.

❹ subscription_auto_approval: false requires administrators to approve subscription requests.

❺ auth defines the authentication types enabled for the API product, such as key-auth, basic-auth, and dcr.

❻ linked_gateway_services lists the published services included in the API product.

Prerequisites for Gateway Products

Before linking a service to an API product:

The service must be published to a gateway group.
The service should have an OpenAPI specification uploaded. This provides the API documentation displayed to developers.
Do not enable authentication plugins (such as key-auth or basic-auth) directly on the service. API product authentication configuration handles this. Mixing both can cause authentication conflicts.

Create an External API Product

An external API product represents APIs not managed by API7 Gateway. You provide an OpenAPI specification and server URLs.

curl -k "https://localhost:7443/api/api_products?portal_id={portal_id}" \
  -H "X-API-KEY: ${API_KEY}" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Legacy Billing API",
    "desc": "Documentation for the legacy billing system",
    "type": "external",
    "visibility": "public",
    "raw_openapi": "<openapi-spec-as-string>",
    "server_urls": ["https://billing.internal.example.com"]
  }'

External products do not support subscriptions, credentials, or authentication because API7 Gateway does not proxy their traffic.

Configure Authentication

Gateway API products support the following authentication types:

Key Authentication

{
  "auth": {
    "key-auth": {}
  }
}

Developers create API keys in their applications and include them in API requests.

Basic Authentication

{
  "auth": {
    "basic-auth": {}
  }
}

Developers create username/password credentials and use HTTP Basic Authentication.

DCR (Dynamic Client Registration)

{
  "auth": {
    "dcr": {
      "dcr_provider_id": "<dcr-provider-id>"
    }
  }
}

Developers register OAuth 2.0 clients through the portal. Requires a configured DCR provider.

You can enable multiple authentication types simultaneously:

{
  "auth": {
    "key-auth": {},
    "basic-auth": {},
    "dcr": {
      "dcr_provider_id": "<dcr-provider-id>"
    }
  }
}

caution

Authentication configuration is locked after the product is published. To change authentication types, unpublish the product first. Unpublishing cancels all active subscriptions.

Link Gateway Services

Add linked services when creating or updating a gateway API product. Each linked service specifies a gateway group, service, and optionally specific hosts:

curl -k -X PATCH "https://localhost:7443/api/api_products/{product_id}?portal_id={portal_id}" \
  -H "X-API-KEY: ${API_KEY}" \
  -H "Content-Type: application/json" \
  -d '[
    {
      "op": "replace",
      "path": "/linked_gateway_services",
      "value": [
        {
          "gateway_group_id": "<gateway-group-id>",
          "service_id": "<service-id>",
          "linked_hosts": ["api.example.com"]
        },
        {
          "gateway_group_id": "<gateway-group-id>",
          "service_id": "<another-service-id>"
        }
      ]
    }
  ]'

A service can only be linked to one API product. Attempting to link a service that is already associated with another product results in an error.

Publish and Unpublish

Publish

Publishing makes the API product visible on the Developer Portal and pushes authentication configuration to the linked gateway services:

curl -k -X PATCH "https://localhost:7443/api/api_products/{product_id}?portal_id={portal_id}" \
  -H "X-API-KEY: ${API_KEY}" \
  -H "Content-Type: application/json" \
  -d '[
    {
      "op": "replace",
      "path": "/status",
      "value": "published"
    }
  ]'

Unpublish (Revert to Draft)

Reverting to draft removes the product from the Developer Portal, removes authentication rules from the gateway, and deletes all active subscriptions:

curl -k -X PATCH "https://localhost:7443/api/api_products/{product_id}?portal_id={portal_id}" \
  -H "X-API-KEY: ${API_KEY}" \
  -H "Content-Type: application/json" \
  -d '[
    {
      "op": "replace",
      "path": "/status",
      "value": "draft"
    }
  ]'

Configure Notifications

API products support notifications for subscription lifecycle events. Configure contact points and events:

curl -k -X PATCH "https://localhost:7443/api/api_products/{product_id}?portal_id={portal_id}" \
  -H "X-API-KEY: ${API_KEY}" \
  -H "Content-Type: application/json" \
  -d '[
    {
      "op": "replace",
      "path": "/notifications",
      "value": [
        {
          "event": "subscription_approval_created",
          "type": "email",
          "contact_point_ids": ["<contact-point-id>"]
        },
        {
          "event": "subscription_approval_accepted",
          "type": "webhook",
          "contact_point_ids": ["<webhook-contact-point-id>"]
        }
      ]
    }
  ]'

Supported notification events:

Event	Trigger
`subscription_approval_created`	A developer submits a subscription request.
`subscription_approval_accepted`	An administrator approves a subscription.
`subscription_approval_rejected`	An administrator rejects a subscription.
`subscription_approval_cancelled`	A subscription is cancelled.

Delete an API Product

Deleting an API product also deletes all associated subscriptions, pending approvals, and removes authentication rules from linked gateway services:

curl -k -X DELETE "https://localhost:7443/api/api_products/{product_id}?portal_id={portal_id}" \
  -H "X-API-KEY: ${API_KEY}"

Prerequisites​

Create a Gateway API Product​

Using Admin API​

Prerequisites for Gateway Products​

Create an External API Product​

Configure Authentication​

Key Authentication​

Basic Authentication​

DCR (Dynamic Client Registration)​

Link Gateway Services​

Publish and Unpublish​

Publish​

Unpublish (Revert to Draft)​

Configure Notifications​

Delete an API Product​

Additional Resources​