Use the REST API page to create an operation for an API.
The following image shows the REST API page with the operations area selected and the operations panel displayed:
1REST API metadata area. Define the metadata of the REST API asset.
2API Policies area. Configure the policies of the API.
3Operations area. Create operations.
4Operation panel. Define the metadata of an operation.
5Operation tabs. Define the parameters, request, and response, map an Application Integration process, and configure operational policies and a response timeout for an operation.
To create an operation, you perform the following tasks:
1Define the operation metadata.
2Define the operation parameters.
3Define the operation request.
4Define the operation response.
5Map an Application Integration process to the operation.
6Configure operational policies.
7Configure a response timeout.
Repeat the steps to create as many operations as needed for an API.
Step1. Define the operation metadata
Define the metadata of an API operation on the operation panel.
1In the Operations area of the REST API page, click +, or on the right panel of the REST API page, click Create a New Operation.
2In the Operation Name field, enter a name for the operation.
The name must be between 2 and 28 characters, including ASCII letters, digits, and underscores.
3Optionally, in the Description field, enter a description.
4From the request methods list, select the request method.
5In the Operation endpoint field, enter a URL in the following format: /{operation name}/{path parameter key}/
The operation endpoint path must be unique for an HTTP verb.
6Click Save.
Step 2. Define operation parameters
Define the parameters of an API operation on the Parameters tab of the operation panel.
1On the operation panel, click Parameters.
2Click +.
3In the Key field, enter a name for the parameter.
4From the Type list, select the parameter type.
If you select Path, you can't add a value, the Required field is True by default and you can't change it. If you select Query, you can add a value, the Required field is True by default and you can change it.
5From the Data Type list, select a data type.
6Optionally, in the Description field, enter a description.
7Add as many parameters to the operation as required. To delete a parameter, click Delete on the row of the parameter.
8Click Save.
Step 3. Define the operation request
Define the operation request on the operation panel, including the header type and the request attributes. You can define the request body by adding attributes or by defining attributes in a JSON script.
1On the operation panel, click Request.
2In the Headers area, click +.
3In the Name field, enter a name for the header.
4From the type list, select a header type.
5Optionally, in the Description field, enter a description.
6Optionally, in the Default Value field, enter a value.
7To add request body attributes, in the Body area, click +.
8In the Field Name field, enter a name for the attribute. Assign a meaningful name, such as Order, Quantity, or Status.
9From the Data Type list, select a data type. If you select Array, from the Array Type list, select an array type. If you select Object, you can add as many child objects or fields under it as required.
10Optionally, in the Description field, enter a description.
11Optionally, select Required to make the attribute required. By default, the attribute isn't required.
12Click Add.
13Add as many attributes to the request body as required. The order of the attributes determines their order in the request body. Move up or move down the attributes as needed. To delete a request header or an attribute, click the Actions menu on the row of the header or attribute and then click Delete.
14To define the request attributes in a JSON script, click JSON and add the request body fields as required. You must provide the fields according to the JSON format displayed on the JSON tab.
15Click Save.
Step 4. Define the operation response
Define the operation response on the operation panel, including the header type and the response attributes. You can define the response body by adding attributes or by defining attributes in a JSON script.
1On the operation panel, click Response.
2In the Headers area, click +.
3In the Name field, enter a name for the header.
4From the type list, select a header type.
5Optionally, in the Description field, enter a description.
6Optionally, in the Default Value field, enter a value.
7To add response body attributes, in the Body area, click +.
8In the Field Name field, enter a name for the attribute. You can't assign objects with the same name in the response body as the objects in the request body.
9From the Data Type list, select a data type. If you select Array, from the Array Type list, select an array type. If you select Object, you can add as many child objects or fields under it as required.
10Optionally, in the Description field, enter a description.
11Optionally, select Required to make the attribute required. By default, the attribute isn't required.
12Click Add.
13Add as many attributes to the response body as required. The order of the attributes determines their order in the response body. Move up or move down the attributes as needed. To delete a response header or an attribute, click the Actions menu on the row of the header or attribute and then click Delete.
14Optionally, to edit a response code, click Edit Responses. Select a response code from the Response Code list, edit the description in the Description field as needed, and click OK.
The default response code is 200 OK.
15To define the response attributes in a JSON script, click JSON and add the response body fields as required. You must provide the fields according to the JSON format displayed in the JSON tab.
16Click Save.
Step 5. Map an Application Integration process to the operation
Map an Application Integration process to the operation on the operation panel. You can create a new process and map it to the operation or map an existing process.
If you map an existing process, the process input fields must match the API request fields, the process output fields must match the API response fields, and the response code of the Application Integration process must match the response code of the API response.
Note: If you choose to generate a new process and use the same name for a request field and response field of a primitive data type, the process gets generated. However, when you edit the process, an error occurs. You must update the field names and generate the process again. If the conflicting field names are of a complex data type, the process does not get generated. You must update the field names and generate the process again. To avoid issues, always use unique names for the request fields and response fields.
1On the operation panel, click Implementation.
To generate a new process, perform the following steps:
aSelect Generate new.
bIn the Name field, enter a name for the process.
The name can't exceed 80 characters, start with a number, or contain special characters.
cClick Browse, select a project or folder where the process must be created, and then click Select.
dOptionally, in the Notes field, enter a description of the process.
eClick Generate.
API Center maps the API request to the process input in the Input Mapping area and the API response to the process output in the Output Mapping area.
To select an existing process, perform the following steps:
aSelect Map existing.
bClick Browse, select the Application Integration process that you want to map, and then click Select. If any input or output mappings are updated after you map the process, click the Refresh button to refresh the process.
API Center maps the API request to the process input in the Input Mapping area and the API response to the process output in the Output Mapping area.
cOptionally, in the Notes field, enter a description of the process.
2Click Save.
Step 6. Configure operational policies
Configure policies for an API operation on the operation panel. You can configure security, privacy, rate limit, and response caching policies for an operation.
For more information about policies, see API policies.
1On the operation panel, click Policies.
2To associate a security policy, in the Authentication tab, select one of the following options:
- Inherit. Selected by default, the operation uses the same security policy as the API.
- Use existing. Assign an existing security policy to the operation.
- Create new. Create a new security policy for the operation. Assign one or more authentication methods to the operation to use as the security policy. You can't use anonymous authentication with any other authentication method.
- None. Select an authentication at the time of creating a managed API.
3To associate a rate limit policy to an operation while creating or updating a managed API, in the Rate Limit tab, select a rate limit policy from the existing list.
The values of selected rate limit policy appear. If you leave the field blank, the organization level rate limit policy values are shown and applied.
4To associate a response caching policy, in the Response Caching tab, select one of the following options:
- Use existing. Assign an existing response caching policy to the operation.
- Create new. Create a new response caching policy for the operation. In the Caching Timeout field, enter a timeout value from 1 through 3600 seconds.
- None. Select a response caching policy at the time of creating a managed API.
5To associate a privacy policy, in the Privacy Settings tab, select one of the following options:
- Inherit. Selected by default, the operation uses the same Personally Identifiable Information (PII) policy as the API.
- Use existing. Assign an existing Personally Identifiable Information (PII) policy to the operation.
- Create new. Create a new Personally Identifiable Information (PII) policy for the operation. For each type of information that you want to protect, select the action to take for the request and the response. You can select different actions for the request and the response.
Select one of the following actions:
▪ Block. Block the request or response and issue a message that the message was blocked because of a potential privacy policy breach in the request or the response.
▪ No action. Don't take any action.
▪ Warning. Issue a warning message that there was a privacy policy leakage in the request or the response. Don't block the request or response.
- None. Select a privacy policy at the time of creating a managed API.
6Optionally, in the Notes fields, describe the policies.
7Click Save.
Step 7. Configure a response timeout
Configure a response timeout for an operation on the REST API page. If a response isn't received within the specified time, the request times out. The operation response timeout takes precedence over the organization response timeout.
1On the operation panel, click Configuration.
2In the Timeout field, enter a timeout value between 1 and 180 seconds.
