POST /api/apis

Defines an API from scratch, based on an existing service, or based on an API description document.

The API can be defined in three ways:

• With only API name (API details to be added later). For an example, see Example: Adding an API by providing the full API definition.
• Based on an existing service
• Based on an API description document at a referenced URL or in a file (individual file or part of a ZIP file) previously uploaded to the Dropbox using the POST /api/dropbox/readfiledetails operation (Swagger 2.0, RAML, WADL, or WSDL). For an example, see Example: Adding an API by importing an API description document.

Note: If you're creating an API by uploading an API description document from an external URL, the URL must be trusted. If the domain isn't trusted, this operation returns 403 Forbidden. To check the site settings for the Community Manager developer portal, if you're a Site Admin, you can run the GET /api/tenants/{FedmemberID} operation and check the ForwardProxyAllowedHosts parameter. The default, *, allows all domains, but if it's set to specific domains, the upload domain must be on the list. If you need a domain to be added to the trusted list, contact a Site Admin.

You can also define the API with different patterns:

• Proxy (the default)
• Orchestration
• Physical Service

To make changes to the API once you've created it, use one of the following:

• Update information about the API version, such as name and description: PUT /api/apis/versions/{ApiVersionID}/info
• Update the API design: PUT /api/apis/versions/{APIVersionID}/design

Note: When creating an API using this API operation, you can specify deployment zones for the new API. This functionality isn't currently covered by the user interface (as of version 8.3) but is supported by the API. See Sample Request Body #6 below.

Authorization Roles/Permissions: Must be logged in. Must have permission to add an API. The user who adds the API automatically becomes the first API Administrator.

This topic includes the following sections:

HTTP Method

POST

URL

https://{hostname}/api/apis

Sample Request

The examples below show several variations of adding an API by providing different optional values.

Request URL

https://{hostname}/api/apis

Sample request headers

POST /api/apis HTTP/1.1
Host: {hostname}
Accept: application/vnd.soa.v81+json
Content-Type: application/vnd.soa.v81+json; charset=UTF-8
Cookie: {cookie}
X-Csrf-Token_acmepaymentscorp: TokenID%3D8ed70a13-8469-11e8-b37a-b155e4eabeb8%2CexpirationTime%3D153...

Sample request body #1

Creates an API by uploading a Swagger document, previously uploaded to the Dropbox using the POST /api/dropbox/readfiledetails operation.

{
  "DLDescriptor":{
    "ServiceDescriptorReference":{
      "ServiceName":"Swagger_Petstore",
      "FileName":"swagger_petstore.json",
      "DropboxFileId":1053
    }
  }
}

Sample request body #2

Creates an API with only the API name provided, so the API Admin can add the details later. Corresponds to the "Create API from Scratch" option in the UI. No target endpoint specified.

{
  "APIVersionInfo":{
    "Name":"ACME Payments API"
  },
  "AddAPIImplementationRequest":{
    "CreateMechanism":"PROXY"
  }
}

Sample request body #3

Creates an API with only the API name provided, so the API Admin can add the details later. Corresponds to the "Create API from Scratch" option in the UI. This example includes the optional target endpoint URL.

To view the response, see Sample response body #1.

{
  "APIVersionInfo":{
    "Name":"ACME Payments API",
    "Visibility":"Public"
  },
  "AddAPIImplementationRequest":{
    "ProxyImplementationRequest":{
      "TargetEndpointURL":[
        "http://www.acmepayments.com/api"
      ]
    },
    "CreateMechanism":"PROXY"
  }

Sample request body #4: Upload RAML file

Creates an API by referencing a specific RAML service previously uploaded to the Dropbox using the POST /api/dropbox/readfiledetails operation.

{
  "DLDescriptor":{
    "ServiceDescriptorReference":{
      "DropboxFileId":1024,
      "FileName":"ACMEPaymentsCorpAPI.raml",
      "ServiceName":"ACME_Payments_Corp_API"
    }
  }
}

Sample request body #5: Upload RAML file in ZIP file

Creates an API by referencing a specific RAML file in a subfolder of a ZIP file previously uploaded to the Dropbox using the POST /api/dropbox/readfiledetails operation. When you use that operation to upload a ZIP file that includes multiple services, the list of services is returned in the response, and you can pick the one you want. For an example and illustration, refer to the documentation for that operation, in the section titled Sample request body #2: Postman.

{
  "DLDescriptor":{
    "ServiceDescriptorReference":{
      "ServiceName":"Aria_API",
      "FileName":"RAMLDocs/ACMEPaymentsCorpAPI.raml",
      "DropboxFileId":1054
    }
  }
}

Sample request body #6: Include deployment zone specifications

Specifies two deployment zones for the API.

{
  "APIVersionInfo": {
    "Name": "NewAPI_WithDZ"
  },
  "AddAPIImplementationRequest": {
    "ProxyImplementationRequest": {
      "TargetEndpointURL": "http://httpstat.us"
    },
    "APIImplementationDeployments": {
      "DeploymentZonesHostingInfo": [{
        "DeploymentZoneEndpoint": [{
          "DeploymentZoneID": "83c0f1b8-b0fb-4195-86db-e9f2a95132f5.acmepaymentscorp",
          "EndpointPath": "/",
          "Protocol": "https",
          "Public": true
        }, {
          "DeploymentZoneID": "83c0f1b8-b0fb-4195-86db-e9f2a95132f5.acmepaymentscorp",
          "Protocol": "http",
          "ListenerName": "httplistener2",
          "EndpointHostName": "acmepaymentscorp",
          "EndpointPath": "/http"
        }],
        "DeploymentZoneID": "83c0f1b8-b0fb-4195-86db-e9f2a95132f5.acmepaymentscorp"
      }]
    },
    "CreateMechanism": "PROXY"
  },
  "classifiers": {}
}

Sample request body #7: Add API with pattern of Physical Service

Adds an API choosing a pattern of Physical Service. In this example, the API definition only includes the name; no API description document was uploaded. An API can be defined either way (by uploading an API description document, or not) regardless of the API's pattern.

To view the response, see Sample response body #2.

{
  "APIVersionInfo":{
    "Name":"ACME Payments API Physical Service"
  },
  "AddAPIImplementationRequest":{
    "CreateMechanism":"PHYSICAL_SERVICE"
  }
}

Sample request body #8 and #9: With and without specifying an initial version number

There are two examples below; one does not specify a value for VersionName, so the default version name of v1 is used. The second specifies a custom value, so the custom value is used for the API version.

With the default value:

{
  "APIVersionInfo":{
    "Name":"API_16"
  },
  "AddAPIImplementationRequest":{
    "ProxyImplementationRequest":{
      "TargetEndpointURL":[
        "http://petstore.swagger.io/v2/swagger.json"
      ]
    },
    "CreateMechanism":"PROXY"
  }
}

With a custom value specified for VersionName (line 4):

{
  "APIVersionInfo":{
    "Name":"API_17",
    "VersionName":"API_17_Version_5"   
  },
  "AddAPIImplementationRequest":{
    "ProxyImplementationRequest":{
      "TargetEndpointURL":[
        "http://petstore.swagger.io/v2/swagger.json"
      ]
    },
    "CreateMechanism":"PROXY"
  }
}

Sample request body #10: Add API, specifying privacy

Valid in version: 2020.1.0 and later.

The example below adds an API, specifying only the following:

• API name
• Version ID of Version 1
• Visibility of Limited

To view the response, see Sample response body #3.

{
  "APIVersionInfo":{
    "Name":"Airport Status API",
    "VersionName":"Version 1",
    "Visibility":"Limited"
  },
  "AddAPIImplementationRequest":{
    "CreateMechanism":"PROXY"
  }
}

Request Headers

For general information on request header values, refer to HTTP Request Headers.

Header	Description
Accept	application/vnd.soa.v81+json, application/vnd.soa.v81+xml
Content-Type	Any one of the following media types is valid for the request Content-Type: application/vnd.soa.v81+json or application/vnd.soa.v81+xml
Cookie	AtmoAuthToken_{fedmemberid}={cookie value, which usually starts with TokenID}—The platform cookie. This is the Akana API Platform authorization token, and must be sent with every API request that requires login. For more information and an example, see Session cookies.
X-Csrf-Token_{fedmemberID}	The CSRF prevention header; may or may not be required, depending on platform settings. See CSRF Prevention on the Platform. By default, the CSRF header is not required for GET operations and is required for all others, with a few exceptions relating to user login.

Request Parameters

Parameter	Parm Type	Data Type	Required	Description
addAPIRequest	Body	addAPIRequest	Required	Contains information about a request to add an API or API version. The only property required is the API name. Properties supported in the AddAPIImplementRequest (part of this object) when creating an API are: ImplementationCode CreateMechanism (see CreateMechanism values) ProxyImplementationRequest (if CreateMechanism is PROXY) The DropboxFileId is returned by the POST /api/dropbox/readfiledetails operation which is run first to upload an individual or ZIP file.

Response

If successful, this operation returns HTTP status code 200, with information about the API that was added.

Sample Response

The sample responses below shows successful completion of this operation.

Sample response headers: application/vnd.soa.v81+json

HTTP/1.1 200 OK
Date: Tue, 05 Jul 2016 14:49:13 GMT
Content-Type: application/vnd.soa.v81+json
Atmo-Renew-Token: renew
Set-Cookie: Csrf-Token_rcoaless=TokenID%3Dde5b2e6a-d040-11e5-82f9-a0de4d4...

Sample response body #1: application/vnd.soa.v81+json (response to sample request #3)

Successful response for adding an API with only API name and Target Endpoint URL provided in the request.

{
  "APIID":"e544b792-cc51-4cf6-9ff2-032b8a61628d.acmepaymentscorp",
  "Name":"ACME Payments API",
  "Description":"ACME Payments API",
  "Visibility":"Public",
  "LatestVersionID":"a6fed208-8ed2-4a76-bbb6-639e1bdbed32.acmepaymentscorp",
  "RatingSummary":{
    "Five":0,
    "Four":0,
    "Three":0,
    "Two":0,
    "One":0
  },
  "APIVersion":{
    "APIVersionID":"a6fed208-8ed2-4a76-bbb6-639e1bdbed32.acmepaymentscorp",
    "APIID":"e544b792-cc51-4cf6-9ff2-032b8a61628d.acmepaymentscorp",
    "Name":"0.0.0",
    "Description":"ACME Payments API",
    "Environment":"Production",
    "ProductionEndpointOAuthDetailsList":[
    ],
    "SandboxEndpointOAuthDetailsList":[
    ],
    "Visibility":"Public",
    "Created":"2020-01-10T02:19:48Z",
    "Updated":"2020-01-10T02:19:48Z",
    "State":"com.soa.api.state.open",
    "ProductionEndpointAccessAutoApproved":false,
    "SandboxEndpointAccessAutoApproved":false,
    "RatingSummary":{
      "Five":0,
      "Four":0,
      "Three":0,
      "Two":0,
      "One":0
    },
    "SandboxAnonymousAccessAllowed":false,
    "ProductionAnonymousAccessAllowed":false,
    "ResourceLevelPermissionsSupported":false,
    "APIOwnedImplementations":true,
    "APIDesign":{
      "CommonDesign":false
    }
  },
  "AdminGroupID":"apiadmin-e544b792-cc51-4cf6-9ff2-032b8a61628d.acmepaymentscorp",
  "Created":"2020-01-10T02:19:48Z",
  "Updated":"2020-01-10T02:19:48Z",
  "BusinessID":"tenantbusiness.acmepaymentscorp",
  "OrganizationKey":"uddi:ac5bc66b-334f-11ea-ad63-b428a6ab3cdf"
}

Sample response body #2: application/vnd.soa.v81+json (response to Sample request body #7)

Successful response for adding an API with pattern of Physical Service.

{
  "APIID":"2d8d66b7-ebb7-4920-b745-070177f1d5ae.acmepaymentscorp",
  "Name":"ACME Payments API Physical Service",
  "Description":"ACME Payments API Physical Service",
  "Visibility":"Public",
  "LatestVersionID":"271a3126-24ec-4500-9741-b5ba4fd58f03.acmepaymentscorp",
  "RatingSummary":{
    "Five":0,
    "Four":0,
    "Three":0,
    "Two":0,
    "One":0
  },
  "APIVersion":{
    "APIVersionID":"271a3126-24ec-4500-9741-b5ba4fd58f03.acmepaymentscorp",
    "APIID":"2d8d66b7-ebb7-4920-b745-070177f1d5ae.acmepaymentscorp",
    "Name":"v1",
    "Description":"ACME Payments API Physical Service",
    "Environment":"Production",
    "Visibility":"Public",
    "Created":"2017-08-07T15:16:29Z",
    "Updated":"2017-08-07T15:16:29Z",
    "State":"com.soa.api.state.open",
    "ProductionEndpointAccessAutoApproved":false,
    "SandboxEndpointAccessAutoApproved":false,
    "RatingSummary":{
      "Five":0,
      "Four":0,
      "Three":0,
      "Two":0,
      "One":0
    },
    "SandboxAnonymousAccessAllowed":false,
    "ProductionAnonymousAccessAllowed":false,
    "ResourceLevelPermissionsSupported":false,
    "APIOwnedImplementations":true,
    "APIDesign":{
      "CommonDesign":false
    }
  },
  "AdminGroupID":"apiadmin-2d8d66b7-ebb7-4920-b745-070177f1d5ae.acmepaymentscorp",
  "Created":"2017-08-07T15:16:28Z",
  "Updated":"2017-08-07T15:16:28Z",
  "BusinessID":"tenantbusiness.acmepaymentscorp",
  "OrganizationKey":"uddi:6195a9f3-7b83-11e7-8dd9-82293556bcc5"
}

Sample response body #3 (response to Sample request body #10)

Successful response for adding an API with custom privacy setting and custom Name (Version ID in the Community Manager developer portal user interface).

{
  "APIID" : "6c2c2c58-b140-45de-a3b9-f77540e16b6b.acmepaymentscorp",
  "Name" : "Airport Status API",
  "Description" : "Airport Status API",
  "Visibility" : "Limited",
  "LatestVersionID" : "0a9b6505-7dbe-4b47-b1b5-557a88d348f1.acmepaymentscorp",
  "RatingSummary" : {
    "Five" : 0,
    "Four" : 0,
    "Three" : 0,
    "Two" : 0,
    "One" : 0
  },
  "APIVersion" : {
    "APIVersionID" : "0a9b6505-7dbe-4b47-b1b5-557a88d348f1.acmepaymentscorp",
    "APIID" : "6c2c2c58-b140-45de-a3b9-f77540e16b6b.acmepaymentscorp",
    "Name" : "Version 1",
    "Description" : "Airport Status API",
    "Environment" : "Production",
    "ProductionEndpointOAuthDetailsList" : [ ],
    "SandboxEndpointOAuthDetailsList" : [ ],
    "Visibility" : "Limited",
    "Created" : "2020-01-10T01:45:59Z",
    "Updated" : "2020-01-10T01:45:59Z",
    "State" : "com.soa.api.state.open",
    "ProductionEndpointAccessAutoApproved" : false,
    "SandboxEndpointAccessAutoApproved" : false,
    "RatingSummary" : {
      "Five" : 0,
      "Four" : 0,
      "Three" : 0,
      "Two" : 0,
      "One" : 0
    },
    "SandboxAnonymousAccessAllowed" : false,
    "ProductionAnonymousAccessAllowed" : false,
    "ResourceLevelPermissionsSupported" : false,
    "APIOwnedImplementations" : true,
    "APIDesign" : {
      "CommonDesign" : false
    }
  },
  "AdminGroupID" : "apiadmin-6c2c2c58-b140-45de-a3b9-f77540e16b6b.acmepaymentscorp",
  "Created" : "2020-01-10T01:45:59Z",
  "Updated" : "2020-01-10T01:45:59Z",
  "BusinessID" : "tenantbusiness.acmepaymentscorp",
  "OrganizationKey" : "uddi:f2ebafce-334a-11ea-ad63-b428a6ab3cdf"
}

Response Headers

For general information on response header values, refer to HTTP Response Headers.

Header	Description
Content-Type	application/vnd.soa.v81+json, application/vnd.soa.v81+xml
Atmo-Renew-Token	renew

Response Body

Name	Type	Description
API	API	Contains information about an API.

Error Codes/Messages

If the call is unsuccessful an error code/message is returned. One or more examples of possible errors for this operation are shown below.

Item	Value
401	Unauthorized. For example, you would get this response if you didn't include the custom X-Csrf-Token_{fedmemberID} header in the request, when it was required by the platform settings; or if you included an invalid or expired value for this header. You would also get this response for any operation that requires login (almost all) if the login cookie was missing.
403	Forbidden. This operation returns 403 if you're creating an API by uploading an API description document from an external URL, and the external URL is not a trusted domain according to the site settings. For more information, see note at top of page.
500	An error occurred processing the call.

More information about Akana API Platform API error messages.

Related Topics