Cloud-native API Administration with Red Hat 3scale API Management
- SectionCreating User Accounts for the 3Scale Admin Portal
- Guided Exercise: Creating User Accounts for the 3Scale Admin Portal
- Securing APIs with API Keys and API Key-pair Authentication
- Guided Exercise: Securing APIs with API Keys and API Key-pair Authentication
- Securing APIs with Red Hat Single Sign-on and OAuth
- Guided Exercise: Securing APIs with Red Hat Single Sign-on and OAuth
- Quiz: Securing APIs with Red Hat 3scale API Management
- Summary
Abstract
| Goal | Secure access to APIs by using various mechanisms. |
| Objectives |
|
| Sections |
|
After completing this section, you should be able to create and configure Admin Portal users.
With Red Hat 3scale API Management you can have different types of users that administer your APIs by using the Admin Portal. These users manage the APIs and the Admin Portal and are not the same as the developer users, the people consuming your APIs.
Users administering APIs can have different roles:
- Role
admin Users with this role have unrestricted access to the Admin Portal and can invite other members.
- Role
member Users with this role have limited access to the Admin Portal.
You can create member users with limited permissions to share the administration tasks for your APIs.
For example, an organization might have one or more administrators with the admin role.
An administrator can create users for the sales department with the member role, and limited permissions to access only the billing section in the Admin Portal.
Also, an administrator can create users with access permission to a specific product.
This means that for example the API development team might access only the products related to the API versioning strategy.
If your organization has departments that are independently developing their APIs, then you can provide a stronger administrative separation by creating a tenant per department. This way, you can isolate administration tasks at the department level.
You can find the tools to manage Admin Portal users in the page in the menu.
 |
To create new users you can:
Invite new users by sending an email invitation.
Use Single Sign On (SSO) integration. 3scale API Management supports Red Hat Single Sign On (RHSSO) and Auth0 integrations.
In both cases, new users have the member role by default, and need additional permissions to do any work in the Admin Portal.
You can configure member users to have fine-grained permissions in the Admin Portal.
To update user permissions you must navigate to in the page and select the user you want to configure.
There you can update the user role to be admin or configure the member permissions.
There are two sets of access permissions that you can configure:
The first set of permissions applies at the Admin Portal level:
Manage content from the Developer Portal
Manage customer billing
Update settings in the following sections: , , , , and
With the second set of permissions, which have finer granularity, you can grant a user access to specific products in the following Admin Portal sections:
Developer accounts and applications
Access to analytics information
Product and backend configuration
Policies and policy chains
The product level access permissions can either be granted to all current and future products, or only to a subset of the available products.
As an Admin Portal user, you can subscribe to events related to the following 3scale API Management interactions.
- Accounts
Notify developer account events.
- Billing
Notify payment and billing events.
- Applications
Notify application and application plan events.
- Services, also known as products
Product deletion notifications.
- API usage alerts
Notify API usage information.
You can configure your notification preferences by navigating to in the page.
Users with the admin role have access to all the available types of notifications.
Users with the member role can only receive notifications that relate to the access permission they have.
Users receive notifications by mail. Notifications also show in the notifications section in the page.
 |
You can interact with 3scale API Management by using the following APIs:
Billing API
Account Management API
Analytics API
Policy Registry API
Service Management API
Depending on the API you want to use you need a different type of token.
Access Tokens provide read-only or read-write access to the following 3scale management APIs.
Billing API
Account Management API
Analytics API
Policy Registry API
Service Tokens provide per product access to the Service Management API.
Access tokens belong to the Admin Portal user, whereas service tokens are associated to the product. Therefore, different users will have their own access tokens, but they will share the service token for a product if they have access permission to that product.
As an Admin Portal user, you can create and edit the permissions for your own access tokens from the section in the page.
If your user has a member role then you can only create tokens for the APIs you have access to.
You can use access tokens and service tokens to explore the different 3scale API Management administration APIs in the page.
 |
References
For more information, refer to the Inviting users and managing rights chapter in the Red Hat 3scale API Management Admin Portal Guide at https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management/2.11/html-single/admin_portal_guide/index#inviting-users-managing-rights
