2.1.9 Manage Application Subscriptions - Axway-API-Management-Plus/apim-cli GitHub Wiki

Quite often, it might be the case, that an API-Developer already has one or more Test-Applications, maybe including already configured API-Keys, Client-IDs, etc. and he is using this, in his local test-client, such as Postman, Curl, whatever.
To better support this use-case and avoid a user to create an Application-Subscription manually, he can now control Application-Subscriptions from within the API-Configuration file.

Example:

{
   "name":"API with some Apps",
   "path":"/api/with/some/apps",
   "state":"published",
   "version":"1.0.0",
   "organization":"API Development",
   "applications":[
      { "name":"Client App 1" },
      { "name":"Client App 2" },
      { "apiKey":"App with API-Key XYZ" },
      { "extClientId":"App with external ClientID 123" },
      { "oauthClientId":"App with internal ClientID 123" }  
   ]
}

As shown, the subscription to an API can be created based on the:

  • App-Name
  • one of the API-Keys of an application
  • one of the OAuth-Client-Ids of an application
  • one of the External-Client-Ids of an application

Parameter: clientAppsMode

Very important notes: The handling of configured applications can be controlled with the parameter: clientAppsMode which can have one of the following values:

  • ignore:
    All of the configured client-applications are ignored
  • replace:
    Potentially existing application-subscriptions will be replaced by the ones configured in the API-Config file. Using this mode lead to the fact, that all applications not configured for an API will be removed from the API during deployment. This is relevant if additional applications are added for instance via the API-Portal.
  • add:
    Existing application-subscriptions will stay untouched and only apps configured in the file will be added.

More to note:
If an application can't be found based on the configured criteria, the tool will log a Warning-Message, continue and end without an error.
If an application is belonging to an organization, not having access to this API a Warning-Message is logged, the Application-Subscription is ignored and the tool will end without an error.
Please make sure, your configured applications belong to an organization having access to this API. Learn more how to do that.

When changing the name of an application or removing an API-Key/Client-ID/Ext-Client from the API-Manager Configuration, please keep it in sync with the API-Config-File. If not, an additional re-deployment would not be able to find this Application anymore, considers this as a difference between Desired & Actual and therefore removes the subscription. This will be logged as a Warning.

Grant Permission to single Application.

Some cases API Administrator wants to grant access to single application without manipulating api-config.json

Commands to grant permission to an application based on organization name, API id and application id

apim api grant-access -u apiadmin -p xxxxx -h 10.129.61.129 -orgName "API Development 4172" -id 653aebcf-b4a2-4972-8050-a4e49a95c8c1 -appId 84dec0c4-ede7-4bac-ad88-65e8db23770b -force

Commands to grant permission to an application based on organization name, API Name and application name

apim api grant-access -u apiadmin -p xxxxx -h 10.129.61.129 -orgName "API Development 4172" -n petstore -appName TestApp -force

Commands to grant permission to an application based on organization id, API id and application id

apim api grant-access -u apiadmin -p xxxxx -h 10.129.61.129 -orgId  ed3a381e-0c00-47d1-a296-ff56abcfa07a -id 653aebcf-b4a2-4972-8050-a4e49a95c8c1 -appId 84dec0c4-ede7-4bac-ad88-65e8db23770b -force

Revoke Permission to single Application.

Revoke an API Access for single application

Commands to revoke permission to an application based on organization name, API id and application id

apim api revoke-access -u apiadmin -p xxxxx -h 10.129.61.129 -orgName "API Development 4172" -id 653aebcf-b4a2-4972-8050-a4e49a95c8c1 -appId 84dec0c4-ede7-4bac-ad88-65e8db23770b -force

Commands to revoke permission to an applicatoin based on organization name, API Name and application name

apim api revoke-access -u apiadmin -p xxxxx -h 10.129.61.129 -orgName "API Development 4172" -n petstore -appName TestApp -force

Commands to revoke permission to an application based on organization id, API id and application id

apim api revoke-access -u apiadmin -p xxxxx -h 10.129.61.129 -orgId  ed3a381e-0c00-47d1-a296-ff56abcfa07a -id 653aebcf-b4a2-4972-8050-a4e49a95c8c1 -appId 84dec0c4-ede7-4bac-ad88-65e8db23770b -force