API Management

Creating and managing APIs has never been easier.

Frends includes built-in API management features that you can easily use to create and manage your APIs. With the provided tools, you can create an API using OpenAPI specification, link a Process into each endpoint and then, using our low-code Process Editor, create the logic behind each endpoint. Alternatively, the APIs can be specified as passthrough APIs, where Frends will connect the public endpoint in Frends to another API endpoint in your target system.

API Management view in Frends.

The provided monitoring tools will give you wide access to checking and filtering the logs for incoming requests for each Environment. If, and when, you want to limit who can access your APIs, our powerful API Policies provide a plethora of settings that you can use to authenticate and authorize callers to your endpoints. And finally, to get a word out that you have a new API, the API Portal will show your users exactly what your API can do.

API Creation

The API Management page in Control Panel is the central management view for all of your APIs. From here, you can create new APIs by providing OpenAPI specification for it, and then creating a new Process or linking an existing Process to each endpoint you have specified in the spec.

OpenAPI specification editor to create or edit an API.

Once the API specification is saved, you will have the API created in Frends, but none of the endpoints will yet work, because you need to link a Process to each endpoint you specified. You can either create a new Process directly from the API management view which will have the API Trigger as well as any parameters and return values defined automatically, or you can add and link an API Trigger to an existing Process, linking the Process into your API endpoint.

With Processes linked to your API, it can be activated and called using HTTP requests.

Once you have an API created, you have access to monitor the API, as well as to deploy it from the development Environment to other Environments, such as test or production. When deploying an API, the linked Processes will get deployed at the same time, and a new version will created from the API at the same time.

Linked Processes should not be deployed separately by themselves, even if they appear in the Process list normally. While technically possible, it will create a warning for you, stating that the versions of linked Processes are different than expected. It may cause errors or undefined behaviour in the API or in the Processes when executed.

To fix the warnings and possible issues generated by deploying linked Processes separately, re-deploy the API to the target Environment.

Passthrough APIs

Passthrough APIs allow you to forward requests from the Frends API endpoints to your system's provided APIs, in the case where data conversion or other logic is not needed. They are excellent to use to keep a coherence in your API branding, having all used endpoints within the same domain, without requiring much configuration or overhead from requiring to create a Process in between where nothing really happens.

Passthrough API creation view.

To configure a passthrough API, you need to have created an API to Frends, and then click Create passthrough API button in API management view. In the passthrough API editor, you can specify the target url for each API endpoint, optionally passing along parts of the original request's url or query parameters, as well as manage the headers used in the passthrough.

You can also create an All endpoints passthrough, which will always pass on the final part of the request path and query parameters to the target API without having all possible endpoints defined in the API specification. The original url and path are replaced with the target system's url and path.

API Policies

API Policies are used to authenticate API callers as well as manage the logging and throttling options for the endpoints.

API Policy for setting up API key authentication.

Creating an API Policy

In an API policy, you define the name for the policy and what API endpoints and HTTP methods it is targeting. It can either target few specific endpoints, or include implicit wildcard to match whole API and not specific endpoints or methods for them. Throttling can also be set for each endpoint. Each policy can also target multiple APIs and endpoints not defined in any API, if there are other resources under Frends environment's url you would like the policy to consider.

API authentication

To set up authentication into the policy, you can create a New identity to the policy. Options here are OAuth, private application and API key, as well as public access, which would enable anyone to access the specified endpoints without authentication.

  • OAuth here refers to external OAuth application authentication, which can be connected to Frends through Administration > OAuth applications menu.

  • Private application refers to OAuth authentication where the issuer is not defined, or is the Frends tenant itself. These can be configured under Administration > Private applications menu.

  • API key can be configured under Administration > API keys menu, which are then enabled to be used in the specified API endpoints here.

Each API authentication method also supports throttling based on the identity.

Logging configuration

Finally, you can add a logging configuration to the API policy, to define whether or not API events should be logged for the targeted endpoints in specified Environments, and what details are logged.

API logging configuration options.

These can be useful to set up separately for development, testing and production uses, both to enable better debugging capabilities but also to then reduce logged data amounts from production use as well as for privacy and security reasons.

Combining policies

Combining the freely defined targeted endpoints, public access identity rule and logging options, the policies makes it possible to define purely logging-specific policies in addition to authentication policies. If multiple policies target the same endpoints, it is possible to separate authentication, logging and throttling options into multiple policies, as well as creating global policies that set up the default values for your Environments.

API Monitoring

In order to monitor what is happening with your Frends APIs, the API monitoring page shows you all the connections made into your tenant, and what happened with them.

API logs in Frends API management.

You can easily filter the log by API operation, status code of the response, and what method was used, to figure out what is happening. The logs include events for all requests made against your tenant, and not only the specified API endpoints, so you can also see all the unsolicited attempts made against your environment.

Last updated

Was this helpful?