Creating Custom Users to Perform API Controller Operations¶
To perform tasks using the API Controller, a particular user must have required permissions and scopes. From API Manager 3.2.0 onwards, a new role named Internal/devops
has been introduced who has the ability to perform all the API Controller related operations. You just need to create a new user (Refer Adding a new User to learn about adding new users), assign the role Internal/devops
and use that user to perform the API Controller operations.
Minimal Permissions and Scopes Required to Perform API Controller Operations¶
Further, you can create your own custom user with a custom role to perform specific set of API Controller operations. Refer the below table to learn about the required permissions and scopes that are needed for each of the API Controller operation.
Info
Steps to create a custom user with a custom role for your need
- As shown in Create user roles section, you can create your own custom user role by assigning permissions and scopes that are required to perform a particular set of API Controller operations by referring the table below.
- Then, create a user as explained in Adding a new User, by assigning the custom role that you created in the above step, to that user.
- Now you can login to the API Controller (using
apictl login <env-name>
command) and perform the particular set of operations as per your need.
Operation | Minimal Permissions | Minimal Scopes |
---|---|---|
add-env | - | - |
remove-env | - | - |
list env | - | - |
login | API Create or API Publish or API Subscribe | - |
logout | API Create or API Publish or API Subscribe | - |
list apis | API Create or API Publish or API Subscribe | apim:api_import_export |
delete api | API Create | apim:api_import_export |
change-status api | API Publish | apim:api_import_export |
import-api | API Create to import an API in CREATED state, Both API Create and API Publish to import an API in PUBLISHED state |
apim:api_import_export |
export-api | - | apim:api_import_export |
export-apis | - | apim:api_import_export |
list api-products | - | apim:api_product_import_export |
delete api-product | API Publish | apim:api_product_import_export |
import api-product | API Publish | apim:api_product_import_export |
export api-product | - | apim:api_product_import_export, apim:api_import_export |
list apps | - | apim:app_import_export |
delete app | API Subscribe | apim:app_import_export |
import-app | API Subscribe | apim:app_import_export |
export-app | - | apim:app_import_export |
get-keys | API Subscribe | apim:app_manage, apim:sub_manage, apim:api_product_import_export or apim:app_manage, apim:sub_manage, apim:api_import_export or apim:app_manage, apim:sub_manage, apim:api_view |