Description
In API Manager 4.7.0, APIs created via the bottom-up / gateway-synchronization approach (also shown as discovered APIs) do not expose an option to enable API Key authentication, unlike APIs created via the Publisher.
For standard Publisher-created APIs, the Runtime Configuration page allows enabling application-level security options such as: OAuth2, Basic Authentication, API Key
However, for self hosted gateway-synced/discovered APIs, the Runtime Configuration page is replaced with a message indicating that runtime is managed via policies and the user is redirected to the Policies view instead. Neither API-level nor operation-level policies provide an option to enable API Key authentication
As a result, API consumers in the Developer Portal are unable to generate API keys for these APIs. Instead, they only see an “Associate API Key” option, but no option to create or manage API keys.
Steps to Reproduce
- Deploy an API using the gateway synchronization / bottom-up approach
- Open the API in the Publisher Portal (it appears as a discovered API)
- Navigate to Runtime Configurations
- Observe that the configuration UI is replaced with a message indicating runtime is managed via policies
- Click Go to Policies
- Check both: API Level Policies and Operation Level Policies
- Observe that there is no option to enable API Key authentication
- Open the Developer Portal
- Navigate to Production API Keys
- Observe: “No API Keys Found”
- Only an option to associate an existing API key, not generate one
Version
APIM-4.7.0 , API Platform Gateway-1.1.0
Environment Details (with versions)
No response
Description
In API Manager 4.7.0, APIs created via the bottom-up / gateway-synchronization approach (also shown as discovered APIs) do not expose an option to enable API Key authentication, unlike APIs created via the Publisher.
For standard Publisher-created APIs, the Runtime Configuration page allows enabling application-level security options such as: OAuth2, Basic Authentication, API Key
However, for self hosted gateway-synced/discovered APIs, the Runtime Configuration page is replaced with a message indicating that runtime is managed via policies and the user is redirected to the Policies view instead. Neither API-level nor operation-level policies provide an option to enable API Key authentication
As a result, API consumers in the Developer Portal are unable to generate API keys for these APIs. Instead, they only see an “Associate API Key” option, but no option to create or manage API keys.
Steps to Reproduce
Version
APIM-4.7.0 , API Platform Gateway-1.1.0
Environment Details (with versions)
No response