What Anypoint API Manager Is

Anypoint API Manager (API Manager) is a component of Anypoint Platform that enables you to manage, govern, and secure APIs. It leverages the runtime capabilities of API Gateway and Anypoint Service Mesh, both of which enforce policies, collect and track analytics data, manage proxies, provide encryption and authentication, and manage applications.

API Manager is tightly integrated with the following tools:

Before using API Manager, familiarize yourself with the user interface and the tasks you can perform therein.

What API Manager Looks Like

To access API Manager, log in to Anypoint Platform and select API Manager from the main menu:

80%
1 The environment selector. Anypoint Platform enables you to create and manage separate deployment environments for APIs and applications. API Manager displays all environments except design environments. For details, see Switching Environments.
2 Navigation menu:
  • API Groups

    An API group is an API asset that enables organizations to publish a group of API instances as a single unit. For details, see API Groups.

  • Automated Policies

    Policy automation enables security architects and administrators to secure and govern every API running in an environment. For details, see Automated Policies.

  • Client Applications

    Applications are external services that consume APIs. For details about applications and their related contracts, see View API Instance Contracts.

  • Custom Policies

    Custom policies are policies that anyone can develop and apply to their APIs, with the intention of extending existing functionality or defining new functionality. This option is available in the UI only for Mule 3 implementations; Mule 4 custom policies are available in Exchange. For details, see Getting Started with Custom Policies Development.

  • Analytics

    API analytics provide insight into how your APIs are being used and how they are performing. For details, see Reviewing Analytics Usage.

3 The Manage API button. Enables you to add an existing API instance from Exchange, to upload a RAML/OAS/SOAP definition, or to import a configuration ZIP file exported from API Manager. For details, see Getting Started with Managing an API.
4 The Promote from environment button. Enables you to promote an API from any environment to the current environment. For details, see Promoting an API Instance to Another Environment.
5 Search. Enables you to search for managed APIs via the API search field. Note that searches are case-sensitive. Filter search results by selecting All, Favorites, or Active.
6 The Environment information button, available only to administrator users. Enables administrators to display a dialog with information about the current environment, such as environment credentials. Use environment credentials to provision the Anypoint Service Mesh adapter or to configure Studio to sync with your environment.
7 The API version of each API. Clicking the API version number navigates you to the API Settings view, where you manage the following:
8 The tracking registration status of each API: Active, Inactive, Deploying, or Unregistered.

A status of Unregistered means that Anypoint Platform has never tracked the endpoint for this API version. Either you have entered a URL for an API or proxy that is not yet deployed, or you have declared an endpoint that is hosted somewhere other than an API Gateway and need to proxy that endpoint so that the platform can track it.

The endpoint must have a tracking registration status of Active for governance policies and SLA tiers to function.

9 The number of contracted client applications for each API. For details, see Client Applications and Contracts.

API Manager Components, Concepts, and Features

Policies

Policies enable you to enforce regulations to help manage security, control traffic, and improve adaptability of your APIs. For example, a policy can control authentication, access, allotted consumption, and service level access (SLA).

API Manager supports the following types of policies:

  • Default policies

  • Custom policies

For details, see Policies.

SLA Tiers

Service Level Access (SLA) tiers are categories of user access that you define for an API. The tier definition combined with an SLA-based policy determines whether access to the API at a certain level requires your approval. The tier definition also can limit the number of requests an application can make to the API. To enforce SLA tiers, you need to apply a rate-limiting or throttling policy that is SLA-based.

For details, see Reviewing SLA Tiers Concepts.

Client Providers (Identity Providers)

You use client providers to enforce security and regulations in your business organization. Client providers authorize client applications.

For details about using client providers, see Configure Multiple Client Providers for Client Management.

Contracts

Contracts define how client applications consume APIs. A client application requests access in Exchange. Either the owner of the API instance approves the request in API Manager or the approval is automatic, depending on configuration.

Contracts are enforced with either of the following:

  • SLA enforcement policies

  • Client enforcement policies

For details about enforcement policies, see Client Applications and Contracts.

API Alerts

An API alert (different from a Runtime Manager alert) is an alarm that flags one of the following:

  • The API request violates a policy.

  • Requests received by the API exceed a given number within a specified period of time.

  • The API returns a specified HTTP error code.

  • The API response time exceeds a specified timeout value.

API Manager triggers alerts when states change from desirable to undesirable or vice versa. When an alert is triggered, API Manager sends an email notification to you and to anyone else you specify in the configuration.

For details, see Reviewing Alerts Concepts.

API Assets

API assets, published by Exchange, are the components that comprise applications. Components include any of the following:

  • APIs (OAS, RAML, RAML fragments, HTTP, WSDL, and custom)

  • API groups

  • Policies

  • Examples

  • Templates

  • Modules

  • Connectors

For details about sharing assets via a private Exchange or an Exchange public portal, see Share Assets.

API Console

When you create or edit APIs in API Manager, use API Console to expose and test your API specification. You can test RAML and OAS APIs when you manage the API as an endpoint with proxy. The console flow is already included and enabled (by default) in the API specification when you download an out-of-the-box proxy for your Mule application.

Starting with Mule 4, you can enable access to API Console and modify the API Console path from API Manager. API Console access from API Manager is disabled by default. For information about how to enable API Console access from API Manager, see Creating an API Instance by Importing from Exchange.

API Groups

An API group is a collection of API instances that act as a single unit, so that applications can access them using one client ID. API groups are created in API Manager and published to Exchange.

For details, see API Groups.

API Instances

The API Manager dashboard shows key information about a deployed API instance:

dashboard legend

For details, see API Instance.

Autodiscovery Schemes

Through autodiscovery schemes, API Manager can track the API throughout the life cycle as you modify, version, deploy, govern, and publish it.

Business Groups

A system administrator groups individuals within an organization into business groups. Each group has its own Exchange API assets and its own environments.

For details, see Business Groups.

Environments

Anypoint Platform enables you to create and manage separate deployment environments for APIs and applications. These environments are independent from each other and enable you to test your applications under the same conditions as in your production environment.

The support for environments in strategic components of Anypoint Platform eliminates the need to construct version names to reflect an environment. Restricting access to and managing environments is also simplified. Permissions to access APIs are environment-based.

For details, see Environments.

Was this article helpful?

💙 Thanks for your feedback!

Edit on GitHub