Managing API Grants

API grants allow you to issue fine-grained permissions to users or groups for specific APIs.

Understanding API Grants

API grants are issued per API.

Users and groups issued grants for a specific API have the privileges to perform the associated actions on that API. See Issuing API Grants to issue API grants.

Grant Name Description Can Be Issued To Associated Actions

Manage API

People issued this grant are allowed to modify the definition of and issue grants for this API.

API Managers

APIDelete

APIViewAllDetails

APIViewPublicDetails

APIEdit

APIEditPublic

APIModifyPublishState

APIModifyLifecycleState

APIDeploy

APIGrantManageAPI

APIGrantViewAllDetails

APIGrantViewPublicDetails

APIGrantDeployAPI

View all details

People issued this grant are allowed to view all information about this API in the Management Portal.

API Managers, Gateway Managers, Plan Managers

APIViewAllDetails

View public details

People issued this grant are allowed to view the publicly available details of this API on the Developer Portal. This grant can be issued to users of any role.

API Managers, Application Developers, Plan Managers

APIViewPublicDetails

Entitle API

Users issued this grant are allowed to entitle this API to a plan for which they have entitle rights.

Users need View API granted explicitly, in addition to Entitle/Deploy/Request Subscription, to be able to view and enter the API and perform the three operations

API Managers, Plan Managers

APIEntitlementAdd

APIEntitlementEdit

APIEntitlementRemove

APIEntitlementModifyState

APIEntitlementModifyPublishState

Deploy API

API Managers with the Manage API grant already have this permission for all gateways they are allowed to view.

API Managers without the Manage API grant and Gateway Managers issued this grant are allowed to deploy or undeploy this API to a gateway for which they have deploy rights. This allows Gateway Managers to deploy this API without first receiving a request from an API Manager.

API Managers, Gateway Managers

APIDeploy

Issuing API Grants

Issue API grants to users or groups to determine what actions assignees can perform with that API. See Understanding API Grants. Grants are issued per API; repeat this task for each API you want to issue grants for.
You must be issued the Manage API grant for an API to issue grants for it.
  1. On the APIs List page, select the API for which you want to manage grants.
  2. Click the Grants icon (Grants) tab.
  3. Click the tab that corresponds to the grant you want to issue to users or groups:
    • Manage API: API Manager users issued this grant are allowed to modify the definition of and issue grants for this API.
    • View all details: API, Gateway, and Plan Manager users issued this grant are allowed to view all information about this API in the Management Portal.
    • Deploy API: Gateway Managers issued this grant are allowed to deploy or undeploy this API to a gateway for which they have deploy rights. This allows Gateway Managers to deploy this API without first receiving a request from an API Manager. API Managers already have this permission due to the Manage API grant. API Managers issue this grant to Gateway Managers for APIs that they own.
    • Entitle API: Users issued this grant are allowed to entitle this API to a plan for which they have entitle rights.
    • View public details: Users issued this grant are allowed to view the publicly available details of this API on the Developer Portal. This grant can be issued to users of any role.
  4. Click Add Grantee.
    The Add Grantee dialog appears.
  5. From the Add Grantee dialog, select the user(s) or group(s) to which you want to issue the grant. You can select multiple users and groups.

    Note:

    You cannot select users or groups that already have this grant; they are greyed out in the Add Grantee dialog.

  6. Click Add.
The user(s) or group(s) are issued the API grant you chose.