POST /api/apis

Defines an API from scratch, based on an existing service, or based on an API description document.

The API can be defined in three ways:

Note: If you're creating an API by uploading an API description document from an external URL, the URL must be trusted. If the domain isn't trusted, this operation returns 403 Forbidden. To check the site settings for the developer portal, if you're a Site Admin, you can run the GET /api/tenants/{FedmemberID} operation and check the ForwardProxyAllowedHosts parameter. The default, *, allows all domains, but if it's set to specific domains, the upload domain must be on the list. If you need a domain to be added to the trusted list, contact a Site Admin.

You can also define the API with different patterns:

To make changes to the API once you've created it, use one of the following:

New in API Platform Version: 8.1

Note: When creating an API using this API operation, you can specify deployment zones for the new API. This functionality isn't currently covered by the user interface (as of version 8.3) but is supported by the API. See Sample Request Body #6 below.

Authorization Roles/Permissions: Must be logged in. Must have permission to add an API. The user who adds the API automatically becomes the first API Administrator.

This topic includes the following sections:

HTTP Method

POST

Back to top

URL

https://{hostname}/api/apis

Back to top

Sample Request

The examples below show several variations of adding an API by providing different optional values.

Request URL

https://{hostname}/api/apis

Sample request headers

POST /api/apis HTTP/1.1
Host: {hostname}
Accept: application/vnd.soa.v81+json
Content-Type: application/vnd.soa.v81+json; charset=UTF-8
X-Csrf-Token_acmepaymentscorp":"TokenID%3D8ed70a13-8469-11e8-b37a-b155e4eabeb8%2CexpirationTime%3D153...

Sample request body #1

Creates an API by uploading a Swagger document, previously uploaded to the Dropbox using the POST /api/dropbox/readfiledetails operation.

{
  "DLDescriptor":{
    "ServiceDescriptorReference":{
      "ServiceName":"Swagger_Petstore",
      "FileName":"swagger_petstore.json",
      "DropboxFileId":1053
    }
  }
}

Sample request body #2

Creates an API with only the API name provided, so the API Admin can add the details later. Corresponds to the "Create API from Scratch" option in the UI. No target endpoint specified.

{
  "APIVersionInfo":{
    "Name":"ACME Payments API"
  },
  "AddAPIImplementationRequest":{
    "CreateMechanism":"PROXY"
  }
}

Sample request body #3

Creates an API with only the API name provided, so the API Admin can add the details later. Corresponds to the "Create API from Scratch" option in the UI. This example includes the optional target endpoint URL.

{
  "APIVersionInfo":{
    "Name":"ACME Payments API"
  },
  "AddAPIImplementationRequest":{
    "ProxyImplementationRequest":{
      "TargetEndpointURL":[
        "http://www.acmepayments.com/api"
      ]
    }
  }
}

Sample request body #4: Upload RAML file

Creates an API by referencing a specific RAML service previously uploaded to the Dropbox using the POST /api/dropbox/readfiledetails operation.

{
  "DLDescriptor":{
    "ServiceDescriptorReference":{
      "DropboxFileId":1024,
      "FileName":"ACMEPaymentsCorpAPI.raml",
      "ServiceName":"ACME_Payments_Corp_API"
    }
  }
}

Sample request body #5: Upload RAML file in ZIP file

Creates an API by referencing a specific RAML file in a subfolder of a ZIP file previously uploaded to the Dropbox using the POST /api/dropbox/readfiledetails operation. When you use that operation to upload a ZIP file that includes multiple services, the list of services is returned in the response, and you can pick the one you want. See Sample request body #2 for an example and illustration.

{
  "DLDescriptor":{
    "ServiceDescriptorReference":{
      "ServiceName":"Aria_API",
      "FileName":"RAMLDocs/ACMEPaymentsCorpAPI.raml",
      "DropboxFileId":1054
    }
  }
}

Sample request body #6: Include deployment zone specifications

Specifies two deployment zones for the API.

{
  "APIVersionInfo": {
    "Name": "NewAPI_WithDZ"
  },
  "AddAPIImplementationRequest": {
    "ProxyImplementationRequest": {
      "TargetEndpointURL": "http://httpstat.us"
    },
    "APIImplementationDeployments": {
      "DeploymentZonesHostingInfo": [{
        "DeploymentZoneEndpoint": [{
          "DeploymentZoneID": "83c0f1b8-b0fb-4195-86db-e9f2a95132f5.acmepaymentscorp",
          "EndpointPath": "/",
          "Protocol": "https",
          "Public": true
        }, {
          "DeploymentZoneID": "83c0f1b8-b0fb-4195-86db-e9f2a95132f5.acmepaymentscorp",
          "Protocol": "http",
          "ListenerName": "httplistener2",
          "EndpointHostName": "acmepaymentscorp",
          "EndpointPath": "/http"
        }],
        "DeploymentZoneID": "83c0f1b8-b0fb-4195-86db-e9f2a95132f5.acmepaymentscorp"
      }]
    },
    "CreateMechanism": "PROXY"
  },
  "classifiers": {}
}

Sample request body #7: Add API with pattern of Physical Service

Adds an API choosing a pattern of Physical Service. In this example, the API definition only includes the name; no API description document was uploaded. An API can be defined either way (by uploading an API description document, or not) regardless of the API's pattern.

To view the response, see Sample response body #2.

{
  "APIVersionInfo":{
    "Name":"ACME Payments API Physical Service"
  },
  "AddAPIImplementationRequest":{
    "CreateMechanism":"PHYSICAL_SERVICE"
  }
}

Back to top

Request Headers

For general information on request header values, refer to HTTP Request Headers.

Header Description
Accept application/vnd.soa.v81+json, application/vnd.soa.v81+xml
Content-Type

Any one of the following media types is valid for the request Content-Type:

application/vnd.soa.v81+json or application/vnd.soa.v81+xml

X-Csrf-Token_{fedmemberID} The CSRF prevention header; may or may not be required, depending on platform settings. See CSRF Prevention on the Platform. By default, the CSRF header is not required for GET operations and is required for all others, with a few exceptions relating to user login.

Back to top

Request Parameters

Parameter Parm Type Data Type Required Description
addAPIRequest Body addAPIRequest Required

Contains information about a request to add an API or API version.

The only property required is the API name.

Properties supported in the AddAPIImplementRequest (part of this object) when creating an API are:

  • ImplementationCode
  • CreateMechanism (see CreateMechanism values)
  • ProxyImplementationRequest (if CreateMechanism is PROXY)

The DropboxFileId is returned by the POST /api/dropbox/readfiledetails operation which is run first to upload an individual or ZIP file.

Back to top

Response

If successful, this operation returns HTTP status code 200, with information about the API that was added.

Back to top

Sample Response

The sample response below shows successful completion of this operation.

Sample response headers: application/vnd.soa.v81+json

HTTP/1.1 200 OK
Date: Tue, 05 Jul 2016 14:49:13 GMT
Content-Type: application/vnd.soa.v81+json
Atmo-Renew-Token: renew
Set-Cookie: Csrf-Token_acmepaymentscorp=TokenID%3Dde5b2e6a-d040-11e5-82f9-a0de4d4...

Sample response body #1: application/vnd.soa.v81+json (response to sample request #3)

{
  "APIID" : "420b17dd-f733-464c-9353-8f71467c7bae.acmepaymentscorp",
  "Name" : "ACME Payments API2",
  "Description" : "ACME Payments API2",
  "Visibility" : "Public",
  "LatestVersionID" : "3fbbf104-cacd-443b-b539-f86dd545bfad.acmepaymentscorp",
  "RatingSummary" : {
    "Five" : 0,
    "Four" : 0,
    "Three" : 0,
    "Two" : 0,
    "One" : 0
  },
  "APIVersion" : {
    "APIVersionID" : "3fbbf104-cacd-443b-b539-f86dd545bfad.acmepaymentscorp",
    "APIID" : "420b17dd-f733-464c-9353-8f71467c7bae.acmepaymentscorp",
    "Name" : "v1",
    "Description" : "ACME Payments API2",
    "Environment" : "Production",
    "Visibility" : "Public",
    "Created" : "2016-07-05T14:49:15Z",
    "Updated" : "2016-07-05T14:49:15Z",
    "State" : "com.soa.api.state.open",
    "ProductionEndpointAccessAutoApproved" : false,
    "SandboxEndpointAccessAutoApproved" : false,
    "RatingSummary" : {
      "Five" : 0,
      "Four" : 0,
      "Three" : 0,
      "Two" : 0,
      "One" : 0
    },
    "SandboxAnonymousAccessAllowed" : false,
    "ProductionAnonymousAccessAllowed" : false,
    "ResourceLevelPermissionsSupported" : false,
    "APIOwnedImplementations" : true,
    "APIDesign" : {
      "CommonDesign" : false
    }
  },
  "AdminGroupID" : "apiadmin-420b17dd-f733-464c-9353-8f71467c7bae.acmepaymentscorp",
  "Created" : "2016-07-05T14:49:15Z",
  "Updated" : "2016-07-05T14:49:15Z"
}

Sample response body #2: application/vnd.soa.v81+json (response to Sample request body #7: Add API with pattern of Physical Service)

    "APIID": "2d8d66b7-ebb7-4920-b745-070177f1d5ae.acmepaymentscorp",
    "Name": "ACME Payments API Physical Service",
    "Description": "ACME Payments API Physical Service",
    "Visibility": "Public",
    "LatestVersionID": "271a3126-24ec-4500-9741-b5ba4fd58f03.acmepaymentscorp",
    "RatingSummary": {
        "Five": 0,
        "Four": 0,
        "Three": 0,
        "Two": 0,
        "One": 0
    },
    "APIVersion": {
        "APIVersionID": "271a3126-24ec-4500-9741-b5ba4fd58f03.acmepaymentscorp",
        "APIID": "2d8d66b7-ebb7-4920-b745-070177f1d5ae.acmepaymentscorp",
        "Name": "v1",
        "Description": "ACME Payments API Physical Service",
        "Environment": "Production",
        "Visibility": "Public",
        "Created": "2017-08-07T15:16:29Z",
        "Updated": "2017-08-07T15:16:29Z",
        "State": "com.soa.api.state.open",
        "ProductionEndpointAccessAutoApproved": false,
        "SandboxEndpointAccessAutoApproved": false,
        "RatingSummary": {
            "Five": 0,
            "Four": 0,
            "Three": 0,
            "Two": 0,
            "One": 0
        },
        "SandboxAnonymousAccessAllowed": false,
        "ProductionAnonymousAccessAllowed": false,
        "ResourceLevelPermissionsSupported": false,
        "APIOwnedImplementations": true,
        "APIDesign": {
            "CommonDesign": false
        }
    },
    "AdminGroupID": "apiadmin-2d8d66b7-ebb7-4920-b745-070177f1d5ae.acmepaymentscorp",
    "Created": "2017-08-07T15:16:28Z",
    "Updated": "2017-08-07T15:16:28Z",
    "BusinessID": "tenantbusiness.acmepaymentscorp",
    "OrganizationKey": "uddi:6195a9f3-7b83-11e7-8dd9-82293556bcc5"
}

Back to top

Response Headers

For general information on response header values, refer to HTTP Response Headers.

Header Description
Content-Type application/vnd.soa.v81+json, application/vnd.soa.v81+xml
Atmo-Renew-Token renew

Back to top

Response Body

Name Type Description
API API Includes information about an API.

Back to top

Error Codes/Messages

If the call is unsuccessful an error code/message is returned. One or more examples of possible errors for this operation are shown below.

Item Value
401 Unauthorized. For example, you would get this response if you didn't include the custom X-Csrf-Token_{fedmemberID} header in the request, when it was required by the platform settings; or if you included an invalid or expired value for this header. You would also get this response for any operation that requires login (almost all) if the login cookie was missing.
403 Forbidden. This operation returns 403 if you're creating an API by uploading an API description document from an external URL, and the external URL is not a trusted domain according to the site settings. For more information, see note at top of page.
500 An error occurred processing the call.

More information about Akana API Platform API error messages.

Back to top

Related Topics