Creating Custom Users to Perform apictl Operations

To perform tasks using the WSO2 API Controller (apictl), a particular user must have required permissions and scopes. From WSO2 API Manager (WSO2 API-M) 3.2.0 onwards, a new role named Internal/devops has been introduced who has the ability to perform all the apictl related operations. You just need to create a new user (Refer Adding a new User to learn about adding new users), assign the role Internal/devops and use that user to perform the apictl operations.

Minimal permissions and scopes required to perform apictl operations

Further, you can create your own custom user with a custom role to perform specific set of apictl operations. Refer the below table to learn about the required permissions and scopes that are needed for each of the apictl operation.

Info

Steps to create a custom user with a custom role for your need

  • As shown in Create user roles section, you can create your own custom user role by assigning permissions and scopes that are required to perform a particular set of apictl operations by referring the table below.
  • Then, create a user as explained in Adding a new User, by assigning the custom role that you created in the above step, to that user.
  • Now you can login to apictl (using apictl login <env-name> command) and perform the particular set of operations as per your need.
Operation Minimal Permissions Minimal Scopes
add env - -
remove env - -
get envs - -
login API Create or API Publish or API Subscribe -
logout API Create or API Publish or API Subscribe -
get APIs API Create or API Publish or API Subscribe apim:api_import_export
delete API API Create apim:api_import_export
change-status API API Publish apim:api_import_export
import api API Create to import an API in CREATED state,
Both API Create and API Publish to import an API in PUBLISHED state
apim:api_import_export
export api - apim:api_import_export
export-apis - apim:api_import_export
get api-products - apim:api_product_import_export
delete api-product API Publish apim:api_product_import_export
import api-product API Publish apim:api_product_import_export
export api-product - apim:api_product_import_export,
apim:api_import_export
list apps - apim:app_import_export
delete app API Subscribe apim:app_import_export
import app API Subscribe apim:app_import_export
export app - apim:app_import_export
get keys API Subscribe apim:app_manage,
apim:sub_manage,
apim:api_product_import_export

or
apim:app_manage,
apim:sub_manage,
apim:api_import_export

or
apim:app_manage,
apim:sub_manage,
apim:api_view
Top