Skip to content

Commit 76b4fa4

Browse files
ShalkiWenushikaShalkiWenushika
authored
Merge pull request #1988 from senthuran16/apikey-for-webbroker-api
Add API Key support for WebBroker APIs
2 parents e184aed + b207a56 commit 76b4fa4

14 files changed

Lines changed: 1371 additions & 370 deletions

File tree

docs/rest-apis/gateway/README.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -117,6 +117,11 @@ Base URLs:
117117
- [List all WebBrokerAPIs](webbroker-api-management.md#list-all-webbrokerapis)
118118
- [Get WebBrokerAPI by id](webbroker-api-management.md#get-webbrokerapi-by-id)
119119
- [Delete a WebBrokerAPI](webbroker-api-management.md#delete-a-webbrokerapi)
120+
- [Create a new API key for a WebBroker API](webbroker-api-management.md#create-a-new-api-key-for-a-webbroker-api)
121+
- [Get the list of API keys for a WebBroker API](webbroker-api-management.md#get-the-list-of-api-keys-for-a-webbroker-api)
122+
- [Regenerate API key for a WebBroker API](webbroker-api-management.md#regenerate-api-key-for-a-webbroker-api)
123+
- [Update an API key for a WebBroker API](webbroker-api-management.md#update-an-api-key-for-a-webbroker-api)
124+
- [Revoke an API key for a WebBroker API](webbroker-api-management.md#revoke-an-api-key-for-a-webbroker-api)
120125

121126
### [Schemas](schemas.md)
122127

docs/rest-apis/gateway/webbroker-api-management.md

Lines changed: 351 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -562,3 +562,354 @@ Status Code **200**
562562
|» status|string|false|none|none|
563563
|» message|string|false|none|none|
564564
|» id|string|false|none|none|
565+
566+
## Create a new API key for a WebBroker API
567+
568+
<a id="opIdcreateWebBrokerAPIKey"></a>
569+
570+
`POST /webbroker-apis/{id}/api-keys`
571+
572+
> Code samples
573+
574+
```shell
575+
576+
curl -X POST http://localhost:9090/api/management/v0.9/webbroker-apis/{id}/api-keys \
577+
-u {username}:{password} \
578+
-H 'Content-Type: application/json' \
579+
-H 'Accept: application/json' \
580+
-d @payload.json
581+
582+
```
583+
584+
Generate a new API key for a WebBroker API in the Gateway. The key is a 32-byte random value encoded in hexadecimal, prefixed with `apip_`. Use the API Key policy on the API to validate incoming requests with this key.
585+
586+
> Payload
587+
588+
```json
589+
{
590+
"name": "my-production-key"
591+
}
592+
```
593+
594+
### Authentication
595+
596+
<aside class="warning">
597+
This operation requires <strong>Basic Auth</strong> authentication.
598+
599+
Required roles: `admin`, `consumer`
600+
601+
</aside>
602+
603+
<h3 id="create-a-new-api-key-for-a-webbroker-api-parameters">Parameters</h3>
604+
605+
|Name|In|Type|Required|Description|
606+
|---|---|---|---|---|
607+
|id|path|string|true|Unique public identifier of the WebBroker API to generate the key for|
608+
|body|body|[APIKeyCreationRequest](schemas.md#schemaapikeycreationrequest)|true|none|
609+
610+
> Example responses
611+
612+
> 201 Response
613+
614+
```json
615+
{
616+
"status": "success",
617+
"message": "API key generated successfully",
618+
"remainingApiKeyQuota": 9,
619+
"apiKey": {
620+
"name": "my-production-key",
621+
"displayName": "My Production Key",
622+
"apiKey": "apip_1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef",
623+
"apiId": "reading-list-api-v1.0",
624+
"status": "active",
625+
"createdAt": "2026-04-01T10:30:00Z",
626+
"createdBy": "admin",
627+
"expiresAt": null,
628+
"source": "local"
629+
}
630+
}
631+
```
632+
633+
<h3 id="create-a-new-api-key-for-a-webbroker-api-responses">Responses</h3>
634+
635+
|Status|Meaning|Description|Schema|
636+
|---|---|---|---|
637+
|201|[Created](https://tools.ietf.org/html/rfc7231#section-6.3.2)|API key created successfully|[APIKeyCreationResponse](schemas.md#schemaapikeycreationresponse)|
638+
|400|[Bad Request](https://tools.ietf.org/html/rfc7231#section-6.5.1)|Invalid configuration (validation failed)|[ErrorResponse](schemas.md#schemaerrorresponse)|
639+
|404|[Not Found](https://tools.ietf.org/html/rfc7231#section-6.5.4)|WebBroker API not found|[ErrorResponse](schemas.md#schemaerrorresponse)|
640+
|409|[Conflict](https://tools.ietf.org/html/rfc7231#section-6.5.8)|Conflict (duplicate key or conflicting update)|[ErrorResponse](schemas.md#schemaerrorresponse)|
641+
|500|[Internal Server Error](https://tools.ietf.org/html/rfc7231#section-6.6.1)|Internal server error|[ErrorResponse](schemas.md#schemaerrorresponse)|
642+
643+
## Get the list of API keys for a WebBroker API
644+
645+
<a id="opIdlistWebBrokerAPIKeys"></a>
646+
647+
`GET /webbroker-apis/{id}/api-keys`
648+
649+
> Code samples
650+
651+
```shell
652+
653+
curl -X GET http://localhost:9090/api/management/v0.9/webbroker-apis/{id}/api-keys \
654+
-u {username}:{password} \
655+
-H 'Accept: application/json'
656+
657+
```
658+
659+
List all API keys for a WebBroker API in the Gateway.
660+
661+
### Authentication
662+
663+
<aside class="warning">
664+
This operation requires <strong>Basic Auth</strong> authentication.
665+
666+
Required roles: `admin`, `consumer`
667+
668+
</aside>
669+
670+
<h3 id="get-the-list-of-api-keys-for-a-webbroker-api-parameters">Parameters</h3>
671+
672+
|Name|In|Type|Required|Description|
673+
|---|---|---|---|---|
674+
|id|path|string|true|Unique public identifier of the WebBroker API to retrieve the keys for|
675+
676+
> Example responses
677+
678+
> 200 Response
679+
680+
```json
681+
{
682+
"apiKeys": [
683+
{
684+
"name": "my-production-key",
685+
"displayName": "My Production Key",
686+
"apiKey": "***abcdef",
687+
"apiId": "reading-list-api-v1.0",
688+
"status": "active",
689+
"createdAt": "2026-04-01T10:30:00Z",
690+
"createdBy": "admin",
691+
"expiresAt": null,
692+
"source": "local"
693+
}
694+
],
695+
"totalCount": 3,
696+
"status": "success"
697+
}
698+
```
699+
700+
<h3 id="get-the-list-of-api-keys-for-a-webbroker-api-responses">Responses</h3>
701+
702+
|Status|Meaning|Description|Schema|
703+
|---|---|---|---|
704+
|200|[OK](https://tools.ietf.org/html/rfc7231#section-6.3.1)|List of API keys|[APIKeyListResponse](schemas.md#schemaapikeylistresponse)|
705+
|404|[Not Found](https://tools.ietf.org/html/rfc7231#section-6.5.4)|WebBroker API not found|[ErrorResponse](schemas.md#schemaerrorresponse)|
706+
|500|[Internal Server Error](https://tools.ietf.org/html/rfc7231#section-6.6.1)|Internal server error|[ErrorResponse](schemas.md#schemaerrorresponse)|
707+
708+
## Regenerate API key for a WebBroker API
709+
710+
<a id="opIdregenerateWebBrokerAPIKey"></a>
711+
712+
`POST /webbroker-apis/{id}/api-keys/{apiKeyName}/regenerate`
713+
714+
> Code samples
715+
716+
```shell
717+
718+
curl -X POST http://localhost:9090/api/management/v0.9/webbroker-apis/{id}/api-keys/{apiKeyName}/regenerate \
719+
-u {username}:{password} \
720+
-H 'Content-Type: application/json' \
721+
-H 'Accept: application/json' \
722+
-d @payload.json
723+
724+
```
725+
726+
Regenerate an existing API key for a WebBroker API in the Gateway. The previous key is revoked and replaced with a new 32-byte random value encoded in hexadecimal, prefixed with `apip_`.
727+
728+
> Payload
729+
730+
```json
731+
{}
732+
```
733+
734+
### Authentication
735+
736+
<aside class="warning">
737+
This operation requires <strong>Basic Auth</strong> authentication.
738+
739+
Required roles: `admin`, `consumer`
740+
741+
</aside>
742+
743+
<h3 id="regenerate-api-key-for-a-webbroker-api-parameters">Parameters</h3>
744+
745+
|Name|In|Type|Required|Description|
746+
|---|---|---|---|---|
747+
|id|path|string|true|Unique public identifier of the WebBroker API|
748+
|apiKeyName|path|string|true|Name of the API key to regenerate|
749+
|body|body|[APIKeyRegenerationRequest](schemas.md#schemaapikeyregenerationrequest)|true|none|
750+
751+
> Example responses
752+
753+
> 200 Response
754+
755+
```json
756+
{
757+
"status": "success",
758+
"message": "API key generated successfully",
759+
"remainingApiKeyQuota": 9,
760+
"apiKey": {
761+
"name": "my-production-key",
762+
"displayName": "My Production Key",
763+
"apiKey": "apip_1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef",
764+
"apiId": "reading-list-api-v1.0",
765+
"status": "active",
766+
"createdAt": "2026-04-01T10:30:00Z",
767+
"createdBy": "admin",
768+
"expiresAt": null,
769+
"source": "local"
770+
}
771+
}
772+
```
773+
774+
<h3 id="regenerate-api-key-for-a-webbroker-api-responses">Responses</h3>
775+
776+
|Status|Meaning|Description|Schema|
777+
|---|---|---|---|
778+
|200|[OK](https://tools.ietf.org/html/rfc7231#section-6.3.1)|API key rotated successfully|[APIKeyCreationResponse](schemas.md#schemaapikeycreationresponse)|
779+
|400|[Bad Request](https://tools.ietf.org/html/rfc7231#section-6.5.1)|Invalid configuration (validation failed)|[ErrorResponse](schemas.md#schemaerrorresponse)|
780+
|404|[Not Found](https://tools.ietf.org/html/rfc7231#section-6.5.4)|WebBroker API or API key not found|[ErrorResponse](schemas.md#schemaerrorresponse)|
781+
|500|[Internal Server Error](https://tools.ietf.org/html/rfc7231#section-6.6.1)|Internal server error|[ErrorResponse](schemas.md#schemaerrorresponse)|
782+
783+
## Update an API key for a WebBroker API
784+
785+
<a id="opIdupdateWebBrokerAPIKey"></a>
786+
787+
`PUT /webbroker-apis/{id}/api-keys/{apiKeyName}`
788+
789+
> Code samples
790+
791+
```shell
792+
793+
curl -X PUT http://localhost:9090/api/management/v0.9/webbroker-apis/{id}/api-keys/{apiKeyName} \
794+
-u {username}:{password} \
795+
-H 'Content-Type: application/json' \
796+
-H 'Accept: application/json' \
797+
-d @payload.json
798+
799+
```
800+
801+
Update an API key with a custom value instead of auto-generating one.
802+
803+
> Payload
804+
805+
```json
806+
{
807+
"displayName": "Updated",
808+
"apiKey": "custom-key-999",
809+
"issuer": "portal"
810+
}
811+
```
812+
813+
### Authentication
814+
815+
<aside class="warning">
816+
This operation requires <strong>Basic Auth</strong> authentication.
817+
818+
Required roles: `admin`, `consumer`
819+
820+
</aside>
821+
822+
<h3 id="update-an-api-key-for-a-webbroker-api-parameters">Parameters</h3>
823+
824+
|Name|In|Type|Required|Description|
825+
|---|---|---|---|---|
826+
|id|path|string|true|Unique public identifier of the WebBroker API|
827+
|apiKeyName|path|string|true|Name of the API key to update|
828+
|body|body|[APIKeyUpdateRequest](schemas.md#schemaapikeyupdaterequest)|true|none|
829+
830+
> Example responses
831+
832+
> 200 Response
833+
834+
```json
835+
{
836+
"status": "success",
837+
"message": "API key generated successfully",
838+
"remainingApiKeyQuota": 9,
839+
"apiKey": {
840+
"name": "my-production-key",
841+
"displayName": "My Production Key",
842+
"apiKey": "apip_1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef",
843+
"apiId": "reading-list-api-v1.0",
844+
"status": "active",
845+
"createdAt": "2026-04-01T10:30:00Z",
846+
"createdBy": "admin",
847+
"expiresAt": null,
848+
"source": "local"
849+
}
850+
}
851+
```
852+
853+
<h3 id="update-an-api-key-for-a-webbroker-api-responses">Responses</h3>
854+
855+
|Status|Meaning|Description|Schema|
856+
|---|---|---|---|
857+
|200|[OK](https://tools.ietf.org/html/rfc7231#section-6.3.1)|API key updated successfully|[APIKeyCreationResponse](schemas.md#schemaapikeycreationresponse)|
858+
|400|[Bad Request](https://tools.ietf.org/html/rfc7231#section-6.5.1)|Invalid request (validation failed)|[ErrorResponse](schemas.md#schemaerrorresponse)|
859+
|404|[Not Found](https://tools.ietf.org/html/rfc7231#section-6.5.4)|WebBroker API or API key not found|[ErrorResponse](schemas.md#schemaerrorresponse)|
860+
|409|[Conflict](https://tools.ietf.org/html/rfc7231#section-6.5.8)|Conflict (duplicate key or conflicting update)|[ErrorResponse](schemas.md#schemaerrorresponse)|
861+
|500|[Internal Server Error](https://tools.ietf.org/html/rfc7231#section-6.6.1)|Internal server error|[ErrorResponse](schemas.md#schemaerrorresponse)|
862+
863+
## Revoke an API key for a WebBroker API
864+
865+
<a id="opIdrevokeWebBrokerAPIKey"></a>
866+
867+
`DELETE /webbroker-apis/{id}/api-keys/{apiKeyName}`
868+
869+
> Code samples
870+
871+
```shell
872+
873+
curl -X DELETE http://localhost:9090/api/management/v0.9/webbroker-apis/{id}/api-keys/{apiKeyName} \
874+
-u {username}:{password} \
875+
-H 'Accept: application/json'
876+
877+
```
878+
879+
Revoke an API key. Once revoked, it can no longer be used to authenticate requests.
880+
881+
### Authentication
882+
883+
<aside class="warning">
884+
This operation requires <strong>Basic Auth</strong> authentication.
885+
886+
Required roles: `admin`, `consumer`
887+
888+
</aside>
889+
890+
<h3 id="revoke-an-api-key-for-a-webbroker-api-parameters">Parameters</h3>
891+
892+
|Name|In|Type|Required|Description|
893+
|---|---|---|---|---|
894+
|id|path|string|true|Unique public identifier of the WebBroker API|
895+
|apiKeyName|path|string|true|Name of the API key to revoke|
896+
897+
> Example responses
898+
899+
> 200 Response
900+
901+
```json
902+
{
903+
"status": "success",
904+
"message": "API key revoked successfully"
905+
}
906+
```
907+
908+
<h3 id="revoke-an-api-key-for-a-webbroker-api-responses">Responses</h3>
909+
910+
|Status|Meaning|Description|Schema|
911+
|---|---|---|---|
912+
|200|[OK](https://tools.ietf.org/html/rfc7231#section-6.3.1)|API key revoked successfully|[APIKeyRevocationResponse](schemas.md#schemaapikeyrevocationresponse)|
913+
|400|[Bad Request](https://tools.ietf.org/html/rfc7231#section-6.5.1)|Invalid configuration (validation failed)|[ErrorResponse](schemas.md#schemaerrorresponse)|
914+
|404|[Not Found](https://tools.ietf.org/html/rfc7231#section-6.5.4)|WebBroker API not found|[ErrorResponse](schemas.md#schemaerrorresponse)|
915+
|500|[Internal Server Error](https://tools.ietf.org/html/rfc7231#section-6.6.1)|Internal server error|[ErrorResponse](schemas.md#schemaerrorresponse)|

0 commit comments

Comments
 (0)