This is about API visibility on the API Gateway, when created from Portal (and optional the other way around).
We have 15 Business Units defined in API Gateway, and mapped this on Portal using the following:
On API Gateway
/APIs/<entity name>/<business unit name>/<project 1>/policy1
each <business unit name> folder is made available to users through a dedicated BU role
On API Portal
- We have 15 organizations created, one per BU
- We have 15 generic account mapping all 15 BUs. Those accounts have roles:
organizationAdmin, registeredUser, ApiOwner and ApiOwner-***-***-xxxxxxx (API owner group)
- Each generic BU account is mapped to corresponding organization.
- Each organization has an Account Representative' being the generic account.
- We have 15 API Owner Groups, in order to segregate and restrict API views from one BU to others.
API segregation is ok (or seems to be).
Now the problem as seen from Policy Manager
- When creating an API on the Policy Manager and set it as 'Portal Managed Servive', the API is created on the Portal and set to 'Public'.
- None is able to see it, whether it is disabled or enabled, because it needs to be put in an API Owner Group.
- In order for all BUs to see a 'Public' API, we need to create an additional API Owner Group and associate all BUs to it.
Q: is there a way to automagically modifiy API so that it ends up into an API Owner Group instead of being set to Public ?
And the problem as seen from Portal:
- When creating an API, it ends up at the root level directory on the API Gateway
- Because developers are 'jailed' into their own directory (see above), they can't see what's on the root node
- Gibing right to see root node is a no-go as all users at some point could see published APIs coming to the API Gateway.
Q: is there a way to modify Portal behavior so that an extra path being inserted while sending it to the API Gateway ?
Q: is this the right way to go when dealing with multiple BU ?