Publishing to API Stores
- Former user (Deleted)
While an API is the published interface, a corresponding service running in the back-end handles its actual implementation. APIs have their own lifecycle, independent from the back-end service they rely on. This section covers the following:
The default API lifecycle
The default API lifecycle has the following stages:
- CREATED: API metadata is saved, but it is not visible to subscribers yet, nor deployed to the API Gateway.
- PUBLISHED: API is visible in API Store, and eventually published if the
Propagate Changes to API Gatewayoption is selected at publishing time. - DEPRECATED: API is still deployed into API Gateway (available at runtime to existing users), but not visible to subscribers. An API is automatically deprecated when a new version is published.
- RETIRED: API is unpublished from the API gateway and deleted from the store.
- BLOCKED: Access is temporarily blocked. Runtime calls are blocked and the API is not shown in the API store anymore.
The diagram below shows the general API and backend service life cycle elements.
Figure: API and backend service life cycle elements
API Publisher has a separate tab called Lifecycle using which you can publish APIs to the API Store, depreciate, retire and perform other operations to an API. The Life Cycle tab is only visible to and manageable by a user who is assigned the publisher role. For instructions on creating a user with the publisher role, refer to section User Management .
Let's take a look at how to perform some common life cycle operations on an API.
Publishing an API
- Log in to the API Publisher (https://<HostName>:9443/store) as a user who has the publisher role assigned.Â
- Click on the API you want to publish.
The API's overview window opens. Click the Life Cycle tab, which displays the API's available states.
Â
To publish the API, select the PUBLISHED state from the drop-down list. You get three check boxes to select as follows:
Propagate Changes to API Gateway
Used to define an API proxy in the API Gateway runtime component, allowing the API to be exposed to the consumers via the API Gateway. If this option is left unselected, the API metadata will not change and you will have to manually configure the API Gateway according to the information published in the API Store.
Deprecate Old Versions
If selected, any prior versions of the API will be set to the DEPRECATED state automatically.
Require Re-Subscription
Invalidates current user subscriptions, forcing users to subscribe again.
- Select the necessary options and click the Update button to publish the API to the API Store.Â
Similarly, you can deprecate, retire and block APIs.Â
Publishing to multiple external API stores
API publishers can share an API to application developers who are subscribed to multiple tenant-specific API Stores. This allows them to expose APIs to a wider community.Â
After publishing an API to external stores, it will be visible to the users of those stores. However, to subscribe to the API, the users must visit the original publisher's store.
 Follow the steps below to configure:
Uncomment theÂ
<ExternalAPIStores>element in<AM_Home>/repository/conf/api-manager.xmlfile of the API Publisher node, and configure an<ExternalAPIStores>element for each external API store that you need to publish APIs to. For example,
<ExternalAPIStores> <ExternalAPIStore id="Store1" type="wso2"> <StoreURL>http://localhost:9763/store</StoreURL> <DisplayName>Store1</DisplayName> <Endpoint>http://localhost:9763/store</Endpoint> <Username>xxxx</Username> <Password>xxxx</Password> </ExternalAPIStore> </ExternalAPIStores>Note the following in the configuration above:
Element/Attribute Description idThe external store identifier, which is a unique value. typeType of the Store. APIM 1.5.0 release supports only WSO2-specific API Stores. Other types will be supported in future releases. <StoreURL>URL of the API store of the current APIM deployment. This is the URL to the API in the original publisher's store. APIs that are published to external stores will be redirected to this URL. <DisplayName>The name of the Store that is displayed in the publisher UI. <Endpoint>URL of the API Store. <Username>&<Password>Credentials of a user who has permissions to create and publish APIs.
To secure the user credentials given above, add a secure vault configuration as follows:
For each external API Store, add a configuration similar to the one below in
<AM_HOME>/repository/conf/security/cipher-tool.propertiesfile.Â
ExternalAPIStores.ExternalAPIStore.Password_{store_id}=api-manager.xml//APIManager/ExternalAPIStores/ExternalAPIStore[@name='External_Store_id_defined_in_api-manager.xml']/Password,trueAdd the following configuration to
<AM_HOME>/repository/conf/security/cipher-text.propertiesfile:
ExternalAPIStores.ExternalAPIStore.Password_{store_id}=[user_password]Generate encrypted values for the passwords  using the cipher tool.
Use the encrypted password in the configuration in step 1.
Start the API Manager and create an API.
Click on the newly created API to see a new tab called External API Stores added to the API Publisher console.Â
Â
Note the following:
- You can select multiple external API stores and click Save to publish your API to them.Â
- I f the API creator updates the API after publication to external stores, either the creator or a publisher can simply push those changes to the published stores by selecting the stores and clicking Save again.Â
- If the API creator deletes the API, each external store that it is published to will receive a request to delete the API.
Log in to an external user store that the API is published to and note the API advertised in its storefront. Click this API.
A link appears as View Publisher Store and it directs you to the original publisher’s store through which you can subscribe to the API.
Next, see how to manage subscriptions and access tokens in Managing API Usage .