This blog demonstrates the API governance feature using CLI in API Connect v10.0.6+.
This example was done on APIC on AWS, similar steps can be applied for different setups of APIC.
APIC CLI login
Login to API Connect Manager UI, navigate to the Download Toolkit section, and download the Toolkit credentials.
Then open the MyProfile dropdown menu and click the My API keys to find or create an API Key.
To log in via CLI, run the following commands.
# Set the credential:
apic client-creds:set /tmp/credentials.json
# Login with API key
User01-Mac ~ % apic login --sso -s https://platform-api.eu-central-a.apiconnect.automation.ibm.com --context provider
Please copy and paste the url https://platform-api.eu-central-a.apiconnect.automation.ibm.com/manager/auth/manager/sign-in/?from=TOOLKIT to a browser to start the authentication process.
Do you want to open the url in default browser? [y/n]: n
API Key? acae519a-a8ff-43ce-xxxxxxx-xxxxxxx
Logged into platform-api.eu-central-a.apiconnect.automation.ibm.com successfully
CLI commands
apic login --sso -s <server_url> --context provider
apic login --sso -s https://platform-api.eu-central-a.apiconnect.automation.ibm.com --context provider
Here we used apiKey as this aws version of APIC, in different cases, you might use a user credential.
- List organizations in APIC
apic orgs:list -s <server_url> --my
apic orgs:list -s https://platform-api.eu-central-a.apiconnect.automation.ibm.com --my
apic -m governance rulesets:list --org <target_org> --server <server_url>
apic -m governance rulesets:list --org tech-sales --server https://platform-api.eu-central-a.apiconnect.automation.ibm.com
Sample APIs to use
Validating and Testing
https://www.ibm.com/docs/en/api-connect/saas?topic=governance-validating-api-document-by-using-toolkit-cli
Validate one or more draft APIs (stored files) Using CLI:
apic --mode governance compliance:validate --org <target_org> --server <server_url> --rulesets <ruleset_name_1>,<ruleset_name_2> API_FILE
apic --mode governance compliance:validate --org tech-sales --server https://platform-api.eu-central-a.apiconnect.automation.ibm.com --rulesets t3-group5-ruleset C:\github\Automation\Integration\API_Connect\API_governance\src\Good-API.yaml
Pass Results
Failed Results
Validate one or more draft APIs (stored in the management server) Using CLI;
Create a JSON COMPLIANCE_REQUEST_FILE that specifies the location of the draft APIs and the rulesets to use during validation.
{
"apiUrls":[
"https://api-manager.eu-central-a.apiconnect.automation.ibm.com/api/orgs/f6e89292-9043-4fb9-a282-734532fc2727/drafts/draft-apis/e6744256-b0eb-4d6e-9140-153bb6fe9152",
"https://api-manager.eu-central-a.apiconnect.automation.ibm.com/api/orgs/f6e89292-9043-4fb9-a282-734532fc2727/drafts/draft-apis/cb72c958-7741-435d-b3e1-d8787827447a"],
"config" : {
"rulesets": [
{
"rulesetName": "t3-group5-ruleset",
"disabled": ["info-contact"]
}
]
}
}
To get Draft API Url
apic draft-apis:list-all --org <target_org> --server <server_url>
apic draft-apis:list-all --server https://platform-api.eu-central-a.apiconnect.automation.ibm.com --org tech-sales
To get Published API URLs
apic apis:list-all --scope catalog --catalog <target_catalog> --org <target_org> --server <server_url>
apic apis:list-all --scope catalog --catalog t3-group5-api-gov --server https://platform-api.eu-central-a.apiconnect.automation.ibm.com --org tech-sales
Testing our 2 APIs againt the custom ruleset:
apic --mode governance compliance:validate_all --org <target_org> --server <server_url> COMPLIANCE_REQUEST_FILE
apic --mode governance compliance:validate_all --org tech-sales --server https://platform-api.eu-central-a.apiconnect.automation.ibm.com c:\Users\ZZ00DP832\validate.json
Validating a Catalog using CLI
TBD
Create new ruleset/rules
Create new ruleset
https://www.ibm.com/docs/en/api-connect/saas?topic=apis-configuring-api-governance-in-api-manager#api_governance_config_apim__create-cli
apic -m governance rulesets:create --org <target_org> --server <server_url> RULESET_FILE
apic -m governance rulesets:create --org tech-sales --server https://platform-api.eu-central-a.apiconnect.automation.ibm.com c:\Users\ZZ00DP832\ruleset.yaml
Try it with UI:
Refer to this blog to try API Governance using API Manager UI API Governance Exercising - API Manager UI