When creating an API using the API Publisher, you can set its level of visibility to either Public
or Restricted by Roles
in the Add New API page.
The two visibility values mean the following:
- Public : The API is visible to all subscribers as well as anonymous users of the API store
- Restricted by Roles : The API is visible only to specific roles
When Restricted by Roles
is selected, a new field called Visible to Roles appears where you can specify the user roles that have access to the API in a comma-separated list (no spaces).
After a created API is published, it becomes available in the API Store for subscription. Given below is how visibility levels work for users in different tenant modes:
Visibility in super tenant mode
Subscribers in super tenant mode can see an API depending on its visibility level as follows:
- Anonymous users : can see APIs with
Public
visibility - Signed-up users : can see all APIs with
Public
visibility as well as APIs that areRestricted by Roles
, give that the user is assigned to the role the API is restricted by.
Visibility in multi-tenant mode
In multi tenant environment, a subscriber can see API Store URLs of existing tenants. Click a URL to browse the tenant's API Store.
A tenant's API Store is the API Store specific to the tenant domain the user belongs to. You can also access it with the URL http://<hostname>/Store?tenant=<tenantdomain.com>
. Therefore, the APIs a subscriber sees in multi tenant mode depend on their visibility levels as well as which API Store s/he is looking at. Any subscriber viewing his/her tenant's API Store can see an API depending on its visibility level as follows:
- Anonymous users: can see APIs that have
Public
visibility and created within the current user's tenant domain
- Logged in users: can see,
- APIs that have
Public
visibility and created within the current users tenant domain Restricted by Roles
APIs created within the current user's tenant domain and are allowed to be accessed by the role of the current user
- APIs that have
Go back to Creating an API page.