Consider the following rules and guidelines when you work with managed API groups:
•Enabling the API-level JSON web token authentication while creating an API group overrides all the operation-level authentications. You can't change the authentication type while creating a managed API group.
•If the managed API group is in the created or inactive state, you can remove the JSON web token authentication from that particular API group. Select an operation-level authentication policy to activate the managed API group.
If the managed API group is not in the created or inactive state, you can't remove the JSON web token authentication from that particular API group. You must create another managed API group without JSON web token authentication.
•If an associated rate limit policy is disabled for an operation in an API group, the disabled policy is removed automatically from the operation while activating its managed API group.
•You can't activate a managed API group if it contains a disabled API-level rate limit policy. Edit the managed API group to associate a valid API-level rate limit policy, and then activate the managed API group.
•If a user-defined rate limit policy is selected at the API level and the operation level inherits the API-level rate limit policy, API Center displays the selected policy name along with its configuration during the design of a REST API, managed API, or managed API group. If no policy is selected at the API level or operation level, API Center displays the organization level rate limit policy as selected along with its configuration.