Admin Authentication Providers

(Advanced users) Admin security operates by way of role-based access, just as application security. You can control which users can log in to API Creator, and further, who can create and use managed data servers and managed databases by using admin security.

Prerequisites: You should have a good understanding of the following:

You can authorize users to perform API Creator functions and to create and use managed databases by assigning a predefined role.

For more information about how to assign admin user's roles, see Manage Admin Users.

Roles for API Creator Functions

You can authorize users to perform API Creator functions by assigning one of the following predefined roles:

 Role Authorizes
System administratorHas full permissions on the entire repository.
Read-only adminCan read the entire repository.
Account adminCan access everything in their account, including creating and deleting APIs and changing authentication providers.
Account readerHas read-only permissions to information in their account, including all APIs.
Experimental ReaderHas access to only what is in their account.
Users ownerHas full permissions on all users.
Users readerHas read-only permissions on all users.
 API Documentation 

View all of the Roles

  1. Log in to API Creator as sa.
  2. Open the CA Live API Creator Admin project API.
  3. Go to Manage, Security, Details tab. The following image shows the tab for this API:

Roles for Creating Databases

You can authorize users to create and use managed databases by assigning one of the following predefined roles:

RoleAuthorizes
Data adminCan create, update, and delete managed data servers.
Data designerCan create and delete managed databases and can create, modify, and delete tables, fields, and relationships in those managed databases.

How to Control Access to API Creator using a Custom Authentication Provider

By default, the Admin user can access API Creator and create API projects. You can define additional users with privileges. However, this can be tedious when you want to enable many users, for example to create databases. In most large organizations, users are already defined in corporate store such as Lightweight Directory Access Protocol (LDAP) or Active Directory (AD).

You can control who has access to API Creator by creating a JavaScript custom authentication provider. This authentication provider can authorize users to perform the API Creator functions by assigning roles for API Creator functions and roles for creating databases.

For more information:

Use the following process to control access using a custom authentication provider:

  1. Verify the prerequisites.
  2. Upload your authentication provider.
  3. Register your authentication provider.
  4. Use your authentication provider.

Verify the Prerequisites

Warning! If the auth provider fails, you will lose access to your API Server. We recommend that you complete the following:

    • Fully test your auth provider on a test API project.
    • Make a complete backup of API Server's admin database.

Upload your Authentication Provider

Create your authentication provider and upload it.
  1. Log in to API Creator as sa.
    Note: If you are already logged in to API Creator, log out (using the gear in the upper right).
  2. Open the CA Live API Creator Admin project API.
  3. Go to Create, API Properties, Libraries, Your Libraries tab, upload your authentication provider, and save your changes.
    The following image shows these steps:

Register your Authentication Provider

Register your uploaded file as an authentication provider.
  1. Go to the Home page, Authentication Providers tab.
  2. Create a new authentication provider by clicking Add.
  3. Complete the following and then save your changes:
Authentication Method
Choose JavaScript Auth Provider as the authentication method.
Create Function
Identify the create function.
The following image shows these steps:

Use your Authentication Provider

  1. Access the CA Live API Creator Admin project API.
  2. Go to Create, API Properties, Details tab.
  3. Choose the newly registered authentication provider from the Authentication provider drop-down, and then save your changes.
    The following image shows these steps:

Test your Authentication Provider

  1. Log out of API Creator.
  2. Log back in as one of the new users hard-coded into the sample Admin Auth Provider (demo, sa, or admin).
  3. Verify that you can see APIs and perform API Creator functions.
  4. Go to Home, Authentication Providers tab and verify that the authentication providers are visible.

Sample Admin Authentication Provider

The /scs/projects/sharedlibs/src/AdminAuthProvider.js sample admin authentication provider is provided in the B2B.

More Information

For more information about how to retrieve information about an API using the endpoints your API includes, see System REST Endpoints.