During the Design process, the API Manager enables publishers to restrict the visibility of a particular API to a select group of individuals.
Visibility of published APIs defaults to "Public" (see figure 1). That means anybody using the API Store can see the API.
If an API should be only seen by a select group of individuals, it should be marked as "Restricted by roles". The publisher will then specify the particular role(s) to which he wishes to grant access. The visibility of the API will then be restricted to only those individuals that have the specified role(s) (see figure 2). Further information regarding roles is given below.
The visibility of a restricted API will follow these rules:
- API creators (those that have access to Publisher) can see all APIs in the store. By definition, if a user's roles grant him or her permission to access Publisher, then his or her roles also grant him or her access to view and edit all APIs within the Store.
- Anonymous users can only see public APIs.
- Logged-in users can see all public APIs, as well as all restricted APIs that are visible to roles to which they are members.
To specify more than one role, separate each role name with a comma. There should be no spaces between the comma and the next role name. An individual must pertain to roles listed in order to see the API in the store.
BYU-specific roles are mapped to GRO groups (via LDAP). The format for a BYU role name is "BYU/<gro group name>". Not all GRO groups are visible within the API Manager. If you have a group that you would like include in the API Manager, please speak with an API Manager administrator (email@example.com).
The current list of visible GRO groups is as follows:
- "BRENT_MOORE–BDM4" - (two dashes between the name and the NetID) - All employees reporting to Brent Moore.
- "DOUGLAS_WALKER–DJW5" – (two dashes between the name and the NetID) - All employees reporting to Doug Walker.
- "MATT_WILKINSON–MJW8" - (two dashes between the name and the NetID) - All employees reporting to Matt Wilkinson.
- "WSO2 Publisher Access" - All people that have access to Publisher. As explained above, this group will already have access to see all APIs. Nonetheless, restricting visibility to only this group can be helpful, as it can be used to keep those who don't have access to Publisher from seeing a particular API.