API Development

Axway API Manager and portal introduction

Use Case

As an API owner, I want to make weather information available in a programmable way. The marketing department wants to automate its mailings for bank services information. They have noticed that people react differently depending on the weather, for example, they only save for a rainy day, if it is a rainy day. They require an API that provides them a forecast so they know when to schedule a mailing and they need an API that gives them the current weather. The requirement is for Bangkok at the moment, it might be needed for other cities in the future.


You have found an API at openweather since you are expecting more departments to be needing this API and your company policy is to have a “time to hello, world!” less than 10 minutes you want to make a simplified version of the complex API available from the internal developer portal.

Access to backend API:

Your API key = 7369b7d2c2cd0aed3e2cacd6d6686e4 (this key is currently not valid)

Reading through the documentation you have found a method for getting the current weather in bangkok


And you have found a method for getting a five-day forecast in Bangkok.



In this practice you will use the API manager (as the security team or the API provider) and you will use the developer portal as an API consumer.

Login as a API consumer 
<developer portal url>
Login: developer 
Password: developer

Login as a API provider
<API manager url>
Login: apiadmin
Password: xxxxx
Organisation: API development

Task 1, create a manual backend API using API manager

Login to Apimanager

apiadmin and password

Add a new Backend API with the New API button, select New to create a manual API add backend api

Creating a Backend API

create backend api

The steps to do are:

•    Give your backend API a name.
•   Put in the basepath http://api.openweathermap.org
•   The resource path is /data

Next, we will define the two methods we will offer the company. backend first method

The first method is to get the five-day forecast:

•    Put in the name (forecast)
•   Verb = get
•   Path = /2.5/forecast
•   Response: string
Define a parameter 
•   Name = id
•   You can help developers so they know the 16069350 gets the Bangkok information

The next method is to obtain the current forecast.backend second method

The same information as before, but the path is /2.5/weather/, the naming of the method can be current weather (or give it a local name).

•    Put in a name (current)
•   Verb = get
•   Path = /2.5/weather
•   Response: string
Define a parameter 
•   Name = id
•   You can help developers so they know the 16069350 gets the Bangkok information

Congratulations! You have now set up the backend system, your backend API and let’s make it available by virtualizing the API as a front-end API.

Creating a frontend API


The main menu adds a Frontend API from the API menu, use New API from backend API


The first tab shows how your new API will be found, you will need API REST guidelines to make sure this is handled in a structured way, for now, we will make the API available under api.yourcompany.com/weather We can define the inbound security, for now, we will keep it an open API choose <pass Through>

Select how the security for your backend API (outbound) is done:frontend_outbound

The API Key is provided previously Press edit to change

The API key field name used from weatherunderground is called


-Put in the API key
-The backend api is expecting the API key in a query string

Go to the API tab and see how you will make the API available in your company give it a name and tell people a little about it in the summary.frontend_API

Great! Select Save, the API is now available in the API development organization!

Log in to the developer portal and go to the API page. See if you can find your new API, and select it Select one of the methods in your API, put in bangkok as your city id Use the Try it out button.

You will get an error back saying that Bangkok is not an ID! Try the same with 1609350 Try the other method and see if you spot the differences. frontend_inbound

Copy the Request URL from the portal and paste it into a new collection and request in postman. Press send (if there is no response, try to put the URL in a browser once to load the certificates) Postman_weather_nokey

Use case: Add Security

As an API owner, I want to add security so I can restrict access to my API.

Your API is the most used API in the company; random people are even starting to use it to avoid work when the weather is nice. Security has asked you to restrict access and to implement API keys. Return to the API Manager and select the Frontend API you have created.

Go to the inbound tab and select API key for inbound security. the default value for the API key is KeyId feel free to change it (use the same naming in the postman test) Select OK addSecurity

The API is now secured, so we can make it available for other organizations in the bank: From the Frontend API list select the API and from the Managed selected menu select publish to make this API available for other organizations. Publish

Go back to the Portal, refresh the browser, and see if you can get access to the API. At this point in time, access is only available to registered apps. There are multiple ways to create Apps, we will explore the self-service capabilities of the dev portal.

Select the Applications tab on the developer portal +Create application for a new application, give it an application name and select the Weather API. Select Save Application


To generate Keys for the application, select the application you just created. Select Edit the application


And press generate keys appsmakekeys

The developer portal shows the key immediately. (make a copy of the key in your notepad)

Return to the API tab, select the Weather API. Select the key from the API key dropdown and now test the API again.

Try the same with your Postman client, without a key you will not get a response if you press send (for this demo we haven’t defined status codes)

update the Postman request with the same key you used for the demo Postman_weather_apikey

Swagger spec

Return to the API portal From the API tab, select the Weather API and download the Swagger Spec to a folder on the local computer. Open a new browser tab and go to: http://editor.swagger.io/#/ Select file and import file to import your swagger file in the online editor. can you find your own comments and information on the requests???

(there is no option to try the API at the moment since your API gateway is local).

READ MORE: Deploying API Gateway in Kubernetes in Helm charts.

Provide restricted access for Mark from the Marketing department.

as a developer from the marketing department, I want to use the API so that I can check on the weather for my marketing campaigns

You got an email from Mark saying he has lost access to his API, you will need to help him get a key. To control and govern APIs we need to use APIManager.

Login back to APIManager and select the Clients menu. clients

From the organization’s tab, create a new organization “marketing” give it a random email address and add the new API to the organization.



Press “generate code” this will allow people to self-register on the portal with the created code. For now, we will help Mark a little and set up his account for him.

From the application developer tab in the client’s menu, create a new user, create any name, but assure you select the marketing organization.


IMPORTANT: after you press Create scroll down and select change password.

Select a password and write this down (or use mark/mark) clients_pw   Mark can now log in from the developer portal and create his own application

go to the developer and sign out the current user –login as per the user you just created mark/mark

  • Go the Application tab
  • Pretend to be mark and create application
  • choose an application name for instance marks weather app
  • select the weather api
  • press save application

We have the application-defined, but there is no Keys jet!

  • select marks weather app
  • select edit the application under the API Keys section.
  • under the API keys section feel free to generate a few keys

Go back to your Postman application and check if the new key works.

As an API owner, I want to restrict traffic to my API so that I secure my backend systems from misuse

Mark has been abusing the API we need to limit his usage.

Go back to the API manager GUI where we govern the usage of our APIs From the clients menu we can find the same application which mark created in the applications tab


Read through the details and see if you find the keys which Mark just created on the developer portal

From the Quota tab we will set a very low quota select override default quota.

quotasetSelect the weather API Throttle all methods 2 messages every 1 Minute

Go back to your Postman application and check if the new key works. press Send 3 times. Why does it only work two times ? 🙂

You have come to the end of the weather API exercise!

Use case: New Zealand business information

As an API team, I want to easily make external APIs available as internal APIs so that we can accelerate internal development and keep full control and visibility.

You have been asked to make the New Zealand business number API available as a re-usable API within the Bank. The API is documented in the Swagger format on the New Zealand developer portal you can download the file directly https://github.com/harvthe/SimpleApis/blob/master/nzbnv3

We will use the API Manager GUI to setup the new API

To begin: add new API from Backend API menu, from the API menu. Select – Import Swagger API


From the next menu, upload the swagger file (nzbnv3)

Provide a name for the new backend API new zealand business numbers API. Press import to start the import process. For details check on how all methods have been imported automatically Now, we need to virtualize this API by making it available as Fontend API Select New API from the frontend menu. Select from existing backend API and search for the New Zealand business numbers API.


For inbound authentication select pass through Provide a resource path according to your standards v1/newZealandFor outbound keep as (we are not going to connect to the backend) In the API tab, check the API name, and change if desired. Change the version of your API to 1.0 In the API summary note that this is a fake API. At the API methods, check if all methods have been integrated Since this is using an HTTPS service, we need to check if the server certificates have been loaded under trusted certificates Select Save. Check on the developer portal on how this API is documented and how SDKs are now generated for easy integration into your applications!

API Challenge for bonus points!

The light on the table is controlled by the APIs from Axway Australia. Find the color of your team below and see if you can expose the API in your own organization and change the color of your team as per the table below.

Download the demo Swagger file. Use the previous instructions to load this API as a Swagger. This time from the frontend API menu setup the Outbound authentication profile using the keys below (in the header) with the ID APIKey choose the API key of your team. For your inbound security, choose whatever you feel is quickest! Set the color of the light through your own API by using your developer portal or postman, whatever works for you!


Team numberColorAPIKey
team 1red9f0ad9f09ads0f9as0
team 2blue355235324234
team 3Yellow
team 4brown
team 5pink
team 6white
team 7orange
team 8green