The administrator portal is a platform to manage and administer properties and functionality of the ColdFusion API Manager. Through the administrator portal, you can manage all published APIs, and their functional and non-functional information.
As an administrator, you can perform the following tasks:
To log in to the administrator portal:
If you want to change the password, navigate to <API Manager Installation Directory>/conf and open the file password.properties. Change the password in the file. You can only change the default administrator password using the password.properties file.
Steps to reset admin password:
1. Edit the password.properties file at <apimanager_home/conf>with entries as:
adminname=<User name while installing API Manager>
adminpassword=<Your new preferred password>
2. Make readDefault to true in default_conf.xml.
3. Restart "ColdFusion 2016 API Manager" service.
You cannot delete or edit this account to remove administrator privileges.
You cannot change the password of other users except the default user.
You can change the logo and title on the header area of the administrator portal.
Navigate to the <API Manager Installation Directory>/wwwroot/portal/conf folder and open the file config.json. Modify the following properties:
{
"headerTitle": "API Manager Portal",
"adminHeaderTitle": "API Manager Administrator",
"headerLogoPath": "images/CF-Logo.png"
}
You can configure the settings for the API Manager server from the following screens:
API Proxy
In an enterprise, you communicate with existing and new customers. Consumers use a range of devices from phones to desktops. One of the ways to interact with the devices is through an API. But, there are some concerns, for example, security, availability, and monitoring of the APIs. In such situations, you define an API proxy. An API proxy performs the following:
An API proxy makes your API independent from your back end services. Whenever you change your back end services, for example, changes in code, the application runs without interruptions.
In the Context Root field, enter the name of the context root. A context root identifies an application on the server. For example, if your application's context root is mycontextroot, and the application is hosted on http://localhost:5100, you can access the application at http://localhost:5100/mycontextroot.
Publishers use portals to create APIs for subscribers to consume. On a portal, a publisher can create the APIs and can restrict the APIs to certain nodes. Portals can run on multiple nodes. On the other hand, you can configure an API proxy on any node.
The Datastore is a distributed configuration system and an in-memory cache used in the API Manager. The API Datastore has the following advantages:
Configure the settings for the number of API requests for which to generate metrics. For more information, refer to Metrics and Logging.
In the Cluster Name field, enter the name of the cluster. The analytics of these requests are then published into a portal. For more details, refer to Setting up Cluster Support.
In Analytics Server configuration, the client can sniff the rest of the cluster, which adds nodes that the cluster can use. To enable the feature, select Sniff.
When you select Sniff and specify an Analytic Server address in the configuration, the API Manager finds out the other cluster members and load balances them in a round-robin fashion.
In the Maximum Actions Per Bulk Request field, enter the number of API requests that are collectively sent to the analytic server for metrics calculation and visualization. If you enter 1000 in the field, no more than 1000 requests can be sent to the server.
The default value is 1000 actions per bulk request. This means that whenever, 1000 requests are received by the API Manager, a bulk request is dispatched to the Analytics server.
You can configure the OAuth2 settings on this screen. This protocol allows third-party applications to grant limited access to an HTTP REST service, either on behalf of a resource owner, or by allowing the third-party application to obtain access on its own behalf.
A user store is a database to store information about users and user roles. The database stores login id, password, first name, last name, email address, and so on.
You can create a user store through LDAP or a database connection, such as, JDBC and ODBC. The API Manager comes with an internal user store.
To add a user store:
You can create a user store using JDBC. You can create a connection string in the database to store the information that an application uses to connect to the database.
| Field | Description |
| Name | The name identifies the user store. |
| Logon Identifier | The unique identifier for a user store. Prefix this identifier when you log in to a portal. |
| Description | The information about the user store. |
| Disabled check-box | Select to enable users in the store access consumer applications. |
| Field | Description |
| Database Server Name | The name of the host from where the database runs. |
| Database Port | The port number of the database server. |
| Database User Name | The name of the user that has permission to a table. |
| Database User Password | The password of the user. |
| Database Name | The name of the database server that contains the table. |
| JDBC Driver | The name of the class of the JDBC driver. |
| JDBC Connection URL | The URL of the JDBC driver. For more information, refer to the JDBC Driver documentation. |
| Datasource Path | The path to the source of JDBC data. For example, jdbc/SampleDataSource. |
| Initial JNDI Properties | The list of JNDI standard environment properties. |
| Field | Description |
| User Table | The name of the table that contains the user accounts. |
| Key Column | The value of the column that uniquely identifies the rows in the table. |
| User First Name Column | The first name of the user. |
| User Last Name Column | The last name of the user. |
| User Email Column | The email of the user. |
| Password Column | The name of the column in the table that holds the values of the passwords of a user. |
| Roles Table | The name of the table in the database that contain user roles. |
| Roles Table Key Column | The name of the table that contains the mapping between users and their roles. |
| User Roles Mapping Table User Key Column | The value of the column that associates user account in the table. |
| User Roles Mapping Table Role Key Column | The value of the column that associates roles of users in the table. |
| Field | Description |
| Maximum Idle Connections | The maximum number of connections to the database that can be idle. |
| Minimum Idle Connections | The minimum number of connections to the database that can be idle. |
| Connection Wait Timeout | The time (in milliseconds) that the pool can wait for a connection before it times out. |
| Maximum Active Connections | The maximum number of connections that are allocated from the pool concurrently. |
| Idle Connection Evict Timeout | The time (in milliseconds) to wait before removing an idle connection. |
| Field | Description |
| Enable writing empty string | Select this check-box to write an empty string instead of a null value in columns defined as not-null in the table schema. |
| Name Quoting | Select this check-box if you want the column names for the database to be within quotes. |
| Validate Connection Query | The SQL query to validate the database connection. |
You can configure the API Manager to leverage an LDAP server for user authentication. In this case, the LDAP server creates and manages users.
| Field | Description |
| Name | The name of the user store. The name identifies this user store. |
| Logon Identifier | The identifier of the user store in LDAP. |
| Description | The information about this user store. |
| Disabled | Select this check-box to enable users in the store access the consumer applications. |
| Field | Description |
| Host | The name or IP address of the LDAP server. |
| TCP Port | The port number of the LDAP server. This port is the same as the port on which the LDAP listens for SSL connections. |
| User Bind DN | The bind Distinguished Name (DN) to connect to the LDAP server. The bind DN is the user on the external LDAP server permitted to search the LDAP directory within the defined search base. The role of the bind DN is to query the directory using the LDAP query filter and search for a user. For example, some possible bind DNs are cn=administrator, cn=Users, dc=domain, or c=com. |
| User Bind DN Password | The password to connect to the LDAP server. |
| SSL/TLS Enabled | Select this check-box to use a secure connection. |
| StartTLS Enabled | Select this check-box to allow an application to send secure requests to an LDAP server. |
| Base Contexts | The points in the LDAP tree for searching the tree. |
| Failover Servers | The name of all the servers that act as failover servers. For example, "ldap://ldap.example.com:389/" represents a list of failover servers. If the primary server fails, Java Naming and Directory Interface (JNDI) connects to the next available server in the list. |
| Field | Description |
| User Configuration | The object classes for creating user objects in LDAP. An object class represents the type of data in an LDAP. An objects class contains attributes of an entry in an LDAP. An objectclass is defined in a schema. |
| LDAP Filter for Retrieving Accounts | The filter attribute to retrieve user accounts from LDAP. |
| Account User Name Attributes | The attribute or attributes that represent a user name of an account. An attribute authenticates a user name in an LDAP entry. |
| User First Name Attribute | The attribute that represents the first name of the user in an LDAP account. |
| User Last Name Attribute | The attribute that represents the last name of the user in an LDAP account. |
| User Email Attribute | The attribute that represents the email of the user in an LDAP account. |
| Group Configuration | The object classes for creating groups in LDAP. |
| LDAP Filter for Retrieving Groups | The filter attribute to retrieve user groups from LDAP. |
| Group Name Attribute | The attribute that represents the name of the group in an LDAP account. |
| Group Membership Attribute | The attribute that contains users in an LDAP group. |
| Field | Description |
| Use Paged Result Control | Select this check-box to ensure that the LDAP uses paged results instead of Virtual List View (VLV) when retrieving user accounts. VLV lets you query a large directory in chunks. For example, let there be a directory with a large number of users, "ou": dc=demo,dc=local + ou=DemoGroups (100,000 groups) + ou=DemoUsers (100,000 users) If you want to present the information in the user group "ou" in a scrollable or paged window in an application, retrieving 1000 pages of 100 results each is an inefficient way. This method is resource-intensive and wastes bandwidth. On the other hand, VLV queries a large data-set with a sorting rule. For example, using VLV, you can sort the first 50 users ordered by organizationName in an LDAP. |
| LDAP Referral Handling | Either follow or ignore LDAP referrals. LDAP referrals enable an LDAP tree to be distributed across multiple LDAP servers. Therefore, an LDAP server can reference other LDAP servers even though it does not store the full Directory Information Tree (DIT). When you browse a particular directory, an LDAP server returns referrals after referring you to another server in the tree. |
User management in the API Manager involves defining and managing users, roles, and their access levels. You can add or delete users, assign roles, search for users, manage user stores, and import external users from LDAP or database connection.
To add a user:
In the API Manager, an application or a resource can be available to a consumer at different levels of service. SLA configuration enforces access control through rate limiting and throttling. Throttling tiers limit the number of hits to an API over a certain time, due to monetization of the API, security restrictions, infrastructure issues, and so on.
For example, you can set throttling tiers to the APIs to limit access to it accordingly. Each tier defines a maximum number of requests per day or week or month.
You can also set the rate limit for an SLA per second or minute or hour.
You can then add your own tiers to the API Manager using the instructions below:
Select the rate limiting algorithm. In API manager, two types of algorithms can be used to limit the rate: Rolling and Fixed.
In fixed window algorithm, the period is considered from the starting of the time unit to the end of the time unit. For example, a period is considered as 0-60 seconds for a minute irrespective of the time frame at which the API request has been made.
In rolling window algorithm, the period is considered from the fraction of the time at which the request has been made to the end of the time unit. For example, if two requests for API calls are made at 30th second and 40th second of a minute it is considered as two requests from 30th second of that minute up to the 30th second of next minute.
For more details, refer to Rate-limiting.
In the SLA Name field, enter the name of the new SLA.
In the Rate Limit field, enter the API request rate limit in the SLA. You can only limit an API request rate to number of requests per second, minute, or hour.
In the Throttle Limit field, enter the API throttle limit in the SLA. You can only limit an API request rate to number of requests per second, minute, or hour.
Select the type of throttle limit- Hard or Soft.
You can see a list of all clusters configured in API Manager. You can also see a cluster's proxy port, portal port, and so on.
Set the maximum response size to define the maximum size, in bytes, of the response that can be stored in the output cache. Also specify the timeout, in seconds.
If you want to discover REST services published in a ColdFusion non-InVM environment, configure the ColdFusion server on the CF Discovery Server Configuration page.
The API Manager sends notifications for any alerts or user events that require attention. You can configure the settings for email notifications for publishers and consumers.
To enable Transport Level Security (TSL) on the connection to the mail server, select the Enable TLS connection to mail server check-box. Transport Layer Security (TLS) is a protocol that ensures privacy between applications and their users within a network. When a server and client communicate, TLS ensures security of the communication.
In this page, choose the modules for which you want to generate debug logs. For example,
You can enable debugging for specific sections that you want to debug. For example, if you want to check for any issues while creating an API, enable the Publisher check-box in the Portal section.
This way you can manage your debug logs properly.
Analytics dashboard helps you view the number of APIs that are run from a node, the number of API requests, and system statistics. The API Manager collects information as APIs process information. If you see a sudden spike on a graph or chart, you can take immediate measures.
By clicking a particular data (for example, API name or Publisher name or field in graph), you can filter the entire dashboard on that field.
Click Analytics to display the dashboard.
There are three types of dashboards in the Administrator portal:
You can view the node IP and port on which an API runs. You can also view the number of requests by the API. Hover the pointer on the visualization to see the details.
You can view the avarage response time (in milliseconds) of an API, and the average incoming and outgoing data (in KB) of the API.
You can view a line graph of the count of API requests. You can further filter the data according to the time range, for example, today, this week, this month, last minutes, last 30 minutes, last 5 years, and so on. Hover the pointer on an point on the axis to view the number of API requests within the time range.
You can view the average response time of an API using this visualization. This time is in milliseconds. You can filter the data according to a time range.
Publisher APIs: On the Publisher APIs dashboard, you can see the details of each API from a publisher, the number of APIs, the number of publishers, the response times for APIs, and so on.
You can filter the requests and whole dashboard on the publishers.
Hover the pointer on a pie chart or a line chart to view more details.
| 1 | Pie-chart for the number of API requests by publishers. |
| 2 | The number of API requests by a publisher. |
| 3 | The number of API requests. |
| 4 | The number of APIs. |
| 5 | The number of nodes in a cluster that contains the APIs. |
| 6 | The number of publishers. |
Publishers: On the Publishers dashboard, you can see the visualization of the number of API requests, the number of publishers, average data consumption per publisher, and so on.
You can filter the requests and whole dashboard on the publishers.
Hover the pointer on a pie chart or a line chart to view more details.
| 1 | Pie-chart for the number of API requests by publishers. |
| 2 | The number of nodes in a cluster that contains the APIs. |
| 3 | The number of API requests. |
| 4 | The unique count of publishers that have made at least one request within the time range. |
| 5 | The number of API requests from all publishers. |
| 6 | The number of API requests by publishers according to time-range. |
You can create your custom visualizations and save it for further analysis. Follow the steps below to create a visualization:
In the Analytics page, you can filter the results according to a time range.
There are three ways options:
You can filter the dashboard according to fields and get complete analytic report of an API's activity. When you apply a filter, the dashboard changes accordingly and you can view the graphical results.
To filter dashboard information according to fields:
Twitter™ and Facebook posts are not covered under the terms of Creative Commons.
