For your API delivery settings you can configure various optional features that can help you manage your APIs more efficiently, improve interoperability, gain control over API access, and enhance the overall performance of your API traffic. You can configure the delivery features at any time between registering an API and activating an API configuration version.
By default, your registered APIs are public and don't require API key authentication. You can allow API keys to govern access to an API and all its resources by making the API private. By doing so, you improve the protection of your API and gain control over quota settings. If you wish, you can still make individual resources public within your registered private API.
API privacy is closely related to API keys. When you specify an endpoint or resource as private, your API consumers can access that endpoint or resource only if they identify with an appropriate API key. You associate collections of API keys with specific private endpoints and resources in the API Keys and Traffic Management application by selecting appropriate elements in a key collection's access control list.
Because API privacy relies on API key implementation, to use this feature you must first specify the API key location on the API registration page.
By making your API configuration private, you prevent unauthenticated parties from interacting with your endpoint and its associated resources. This improves the security of your system by leveraging the API key authentication method. You can define API privacy at the endpoint level and for every individual resource within your configuration.
Before you begin, ensure that you specified an API key location for the API that you want to make private. For details, see step 5 in Register an API.
On the API Definitions page, in the Registered APIs section, click the ellipsis icon (...) associated with the API configuration you want to configure API privacy settings for.
From the menu, select Manage versions.
In the Version history panel, click the ellipsis icon (...) associated with the API configuration version you want to configure API privacy settings for.
From the list of delivery options, select API privacy settings.
On the API privacy settings page, set the Make this API switch to Private.
Optional: If you want to make some resources in your API public, in the Resource privacy settings panel, set their corresponding Make this resource switches to Public.
If you decide to reset API privacy settings for all resources to the API level at any point, you can click Reset to API settings. You can also control which individual resources inherit the top-level settings by selecting their Inherit check boxes.
Updated 5 months ago