Register and configure your APIs to leverage the built-in versioning system and create new API configurations based on the already existing ones. After registration you can enable additional delivery options designed to improve the manageability, interoperability, and performance of your system.
You can enter API details in two ways:
- Import API endpoint and resource information from an API definition file, see Import API definition file.
- Enter API endpoint and resource information manually—follow the steps below.
Log in to Akamai Control Center with your user name and password.
Go to ☰ > CDN > API definitions.
On the API Definitions page, click Register an API.
Enter a name for your API.
Optional: You can enter a description with relevant details about your API.
Optional: In the API base path field, enter the base path on which your API serves content in the following format:
/basePathwhere basePath is a URL prefix relative to the host root for all API paths.
The base path is case-sensitive. This means that, for example, /basePath and /BasePath denote two different API configurations.
For details on how to define parameters and use wildcards see Parameters and wildcards use in the base path field.
Optional: In the Categories field, enter or select categories to serve as API filters on the main page.
From the Access control group menu, select the group of users who can view or edit an API.
You can select only the ACGs for which you have a role with at least the API Definitions URL Path Editor permission in Identity and Access Management.
The ACG selection impacts the hostname selection in the subsequent steps of API registration. Each ACG has a set of hostnames tied to it via a property configuration. For more information, see Access control group (ACG) model.
From the API hostnames menu, select at least one hostname for publishing your API through Akamai.
Each hostname available for selection has its associated access control group in parentheses.
Data appears in the API endpoint URL(s) area.
Optional: If your API contains non-Bot Manager Premier resources, you can turn the Case-sensitive URLs and parameters switch on.
By default, this switch is set to off. Akamai then disregards the case of these elements in incoming requests: base path, resource path, parameter name, parameter value.
For bot management, if an API is case-sensitive and a bot operator changes a path’s or parameter’s case in a request, the API doesn’t match the request format and bot detections don’t apply. This may open an evasion path. Disabling the case-sensitivity helps you avoid these potential bot evasions.
Optional: If your API uses GraphQL to describe content and deliver it to clients in a structured form, set the GraphQL API switch to Yes.
Then you can configure GraphQL query and body parameters and set GraphQL-specific caching instructions.
Optional: If you want to include path segment parameters in match criteria, turn the Match on path segment parameters switch on.
Use only if you include all desired parameters as part of your API registration. Otherwise a request with an unregistered parameter may not be covered as expected.
If your API uses versioning, from the API version location menu select the location of the version value in incoming requests.
You may use wildcards (*) to broaden the number of acceptable version values. For example, in the Accept header case, you may allow API consumers to send requests of any content type: application/*; version=1. In the base path case, you may allow all requests regardless of the version: api/v*/
If you selected Base path for the API version location,
Enter the version value in the Base path field.
For example: api/v1/
If you selected Header for the API version location,
For example: API-Version or Accept.
For example: 1.
When you use the Accept header to indicate both the version and the acceptable content type, the value is usually longer and may look like one of the following examples:
If you selected Query parameter for the API version location,
For example: version
For example: 1
The full URL with the query parameter could look like this:
Optional: If your API uses API keys for authentication:
a. In the API key location area, select the location for your API key.
b. Depending on your selection, enter the name of a Header, Cookie, or Query parameter where the API key is located.
Akamai uses API keys for user quota and reports. For more information on the keys see About API keys and traffic management.
If you decide to use API keys for your API configuration, to make productive use of the security benefits that the keys provide, your API consumers should make only secure (HTTPS) requests to your API.
API key authentication is one of the two protection methods that API Gateway provides. You can also use JSON web tokens to improve security. To optimize the performance of your system, it’s best to implement one protection method per API configuration.
Updated 2 months ago