APIkit and APIkit for SOAP are toolkits that facilitate REST or SOAP API development: handling error conditions and setting status codes, and generating flows for RESTful calls or SOAP API requests. For RAML-based API simulation, APIkit also sets up the APIkit Console simulator. You develop APIs based on one of the following modeling languages:
You can reference an external RAML or WSDL design, import the design into Studio, or build the RAML or WSDL within Studio using the text editor. After simulating calls to the API, you can build out the framework of the design by adding to the flows generated by APIkit. For example, you can add web services, document, test, and enforce best practices, such as exception handling.
The best practice for API design with APIkit is first to design the RAML or WSDL interface outside Studio. For RAML development, MuleSoft recommends using API Designer. Next, you import the file into a Studio project to construct your main and backend flows. Alternatively, you can design the backend first by adding an API to an existing Studio project.
After designing an API to the RAML specification using APIkit, you can apply policies to the API in Anypoint Platform.
The following limitations apply:
APIkit for SOAP works only on Mule EE runtime 3.8.0 or later.
APIkit for SOAP does not download protected resources from the web.
For example, a WSDL file behind a schema model, such as Basic Authentication, is not supported. You need to manually download the WSDL file and all dependencies, such as XSD, and select those files locally.
In API Gateway Runtime 2.x and earlier, APIkit is designed to work very tightly with RAML interfaces, but does not automatically import the following items from the RAML definition:
The protocol, URI host, and path defined in the RAML file are disregarded in favor of the ones that you define in the APIkit project’s HTTP Connector.
In API Gateway Runtime 2.x and earlier, to build out security for an API that matches the securitySchemes defined in the interface, use the following workarounds:
Build security directly into your APIkit project using basic authentication filters on your listener connector, Mule’s Security Manager capabilities, or the OAuth 2.0 feature of Anypoint Enterprise Security.
Apply security policies using the runtime policy management capabilities.
APIkit Console does not support the Client Credentials and Resource Owner Password Credentials grant types in the embedded APIkit Console. To use these grant types, access the APIkit Console from a web browser. APIkit Console does not support scopes.