Limiting access to information or services in the API Catalog
Limiting access to information or services in the API Catalog
As a system administrator, you can limit access to information and/or services available within the API Catalog and through the API Mediation Layer and check for the authorization of the user on certain endpoints.
Choose from the following use cases:
-
Use the property
apiml.catalog.hide.serviceInfo
to hide the instance URL value of all services registered to the API ML in the API Catalog.See the section Hide service information.
-
The API ML can check for the authorization of the user on certain endpoints. Access to a SAF resource is checked via an External Security Manager (ESM).
See the section SAF Resource Checking.
Hide service information
-
Open the file
zowe.yaml
. -
Configure the following properties:
-
apiml.catalog.hide.serviceInfo
This parameter is used to hide the instance URL value of all services registered to the API ML in the API Catalog. This customization can be useful when the service owner does not want to expose sensitive information such as the hostname.
Set the value of the
*apiml.catalog.hide.serviceInfo
parameter totrue
to hide the instance URL for all services registered to the API Catalog.In your Zowe YAML configuration (typically
zowe.yaml
), set this parameter by definingconfigs.apiml.catalog.hide.serviceInfo
.Follow this example to define this parameter globally.
Example:
configs:
apiml:
catalog:
hide:
serviceInfo: trueAn alternative is to define this parameter only for a high availability instance on lpar1.
Example:
haInstances:
lpar1:
configs:
apiml:
catalog:
hide:
serviceInfo: true
-
-
Restart Zowe.