So you’ve been using and getting all the benefits that GraphQL has to offer with the Arvata GraphQL server for a while now, and you keep hearing about these concepts with an API developer portal involving client→API mappings and account/API plans. What are these concepts and how can you benefit from them?
Client → API Mappings
Client → API mappings allow us to restrict access to a given API to a list of authorized clients. This is possible due to the way the Layer7 API Developer Portal integrates with the OAuth Toolkit (AKA the “OTK”) (note – we’re using Layer7 as the example deployment – you may need to adjust these steps if you’re using a different portal). This integration allows us to create “applications” via the Portal which in turn creates an OAuth client in your OAuth provider. We can then map that application/client to an API in the Portal and when we use the corresponding API key or OAuth token from that application, the mapping will be enforced at runtime during API calls.
Account/API Plans can be attached to an organization (group of applications and their APIs) or individual API and enforce rate limiting (i.e. 1 transaction/sec)/quota enforcement (i.e. 1,000 req/day), and allow you to visualize these metrics from within the Layer7 API Developer Portal’s monitoring dashboard.
Arvata Euclid offers this tight integration with the API Developer Portal out of the box, allowing you to toggle portal management of your endpoint with a simple UI switch.