Re: [Architecture] [APIM] Support for API Products from API Controller

[Wasura Wattearachchi]

Hi,

Thank you for your opinion @Uvindra Dias Jayasinha .

When discussing the functionality to Generate keys (tokens) for API Products,
currently we have the “apictl gen-keys” command to generate keys for *APIs*.
It requires --name (-n), --version (-v), --provider (-r) and --environment
(-e) flags to be mandatory. Basically, here, the corresponding API will be
searched by name, version (since one API can have many versions) and
provider, in the corresponding environment, and an application named
default-apictl-app
will be created (if not already exists) and subscribed to the API, and a
key was generated.

The above current logic should change as follows in order to incorporate
the functionality to generate keys for API Products as well.


   1.

   Make the flag --version (-v) optional since API Products do not have
   versions.
   2.

   When a user is trying to get a key for an API (since the version is
   optional now) search by --name (-n) and --provider (-r) in the
   corresponding --environment (-e),
   1.

  If more than one APIs have been retrieved while searching, it means
  that the API we searched has more than one version. So, display a message
  (error) to the user stating “ versions of the
  same API are available. Please specify the API version and try again”
  2.

  If only one API has been retrieved while searching, then subscribe
  the application to it and generate a key.
  3.

   When the user is trying to get a key for an API Product, since API
   Products do not have versions, we can directly search by the --name (-n)
   and --provider (-r) in the corresponding --environment (-e) and retrieve
   the API Product, then subscribe the application to it and generate a key.


I appreciate any thoughts and feedback on this as well.

Thank you!

On Thu, Apr 16, 2020 at 11:20 AM Uvindra Dias Jayasinha 
wrote:

> Great analysis Wasura.
>
> The unique thing to keep in mind regarding API Products is that they have
> two different personas when viewed from the perspective of the API
> Publisher and the API Subscriber. To the API Publisher, an API Product is a
> different entity from that of an API. The dependence of a given API Product
> upon one or more underlying APIs is evident. However from the perspective
> of the API Subscriber, an API Product is no different from an API. In fact
> the API Subscriber cannot tell the difference between the two.
>
> Keeping this in mind, see my comments inline.
>
> On Thu, 16 Apr 2020 at 10:13, Wasura Wattearachchi 
> wrote:
>
>> Hi all,
>>
>> This is regarding the issue
>>  which requests
>> to support listing and generating tokens for API Products through API
>> Controller (apictl). Currently, we do not support any functionality related
>> to API Products from API Controller side. Thus, we can introduce the
>> following four (4) functionalities as a new feature (rather than a fix to
>> the above-stated issue) in order to improve API Controller, additional to
>> what has been requested in the above issue.
>>
>>
>>1.
>>
>>Import API Products
>>2.
>>
>>Export API Products
>>3.
>>
>>List API Products
>>4.
>>
>>Generate keys (tokens) for API Products
>>
>>
>> Approaches
>>
>> Here, we can identify two (2) approaches for importing/exporting API
>> Products.
>>
>> Approach 1 - Import/export without the dependant APIs
>>
>>1.
>>
>>Import API Products
>>
>> Allow to import an API Product only if the dependent APIs have been
>> already imported/created inside the API Manager. The main task here is
>> to check whether the required resources to create the API Product are with
>> the APIs in the API Manager.
>>
>>1.
>>
>>Export API Products
>>
>> Allow to export/download an API Product without the related APIs inside
>> the archive file.
>>
>
> +1 to Approach 1. Since it is clear that an API Product is dependent upon
> an API(s), I think it's okay to mandate that the API(s) already have been
> imported as a prerequisite. This simplifies the implementation of the
> apictl and does not require changing the existing API import/export
> functionality.
>
>>
>> Approach 2 - Import/export with the dependant APIs
>>
>>1.
>>
>>Import API Products
>>
>> Give freedom to the user to import an API Product along with the related
>> APIs (archived together) only if the dependent APIs have not been
>> already imported/created inside the API Manager. If the user tries to
>> import an already imported API/APIs when importing the API Product, an
>> error should be displayed.
>>
>>1.
>>
>>Export API Products
>>
>> Allow to export/download an API Product with the dependent APIs inside
>> the archive file.
>>
>> Comparison of Approach 1 and 2
>>
>> Approach 1
>>
>> Approach 2
>>
>>-
>>
>>Advantage
>>
>> Basically our rule would be "If you need to create a CI/CD process for
>> an API Product, you should already have performed CI/CD 

Re: [Architecture] [APIM] Multiple Key Manager support

[Ishara Cooray]

Hi Tharindu,
We have changed the rest API tagging convention in publisher and devportal
REST APIs since 3.0.0 to use a common tag without separating as Collection
and Individual.
Shall we use the same convention here?
So that all of these will fall under the Key Manager tag.

Regarding the new table definition, if there is no specific reason in
APIM_KEYMGT_MAPPING and APIM_KEY_MANAGER names I would prefer to use and AM
instead of APIM
WDYT?


Thanks & Regards,
Ishara Cooray
Associate Technical Lead
Mobile : +9477 262 9512
WSO2, Inc. | http://wso2.com/
Lean . Enterprise . Middleware


On Thu, Apr 16, 2020 at 11:14 PM Tharindu Dharmarathna 
wrote:

> Hi All,
> Please find the database diagram on Implementation.
>
> [image: db diagram.png]
>
> let us know any feedback on this.
>
> Thanks & Regards
>
> On Thu, Apr 16, 2020 at 10:29 PM Tharindu Dharmarathna 
> wrote:
>
>> Hi Farasath,
>>
>> The authentication on those endpoints depends on the implementation
>> implemented for the specific oauth provider, there will be configuration
>> key value elements will be asked from user to retrieve those details.
>>
>> On Thu, Apr 16, 2020 at 6:34 PM Farasath Ahamed 
>> wrote:
>>
>>>
>>>
>>> On Tue, Apr 14, 2020 at 10:13 PM Tharindu Dharmarathna <
>>> tharin...@wso2.com> wrote:
>>>
 Hi All,

 We are going to implement Multiple Oauth provider support to WSO2 API
 Management. From this feature, dev portal users can create their Oauth
 Application on Pre-Defined OAuth providers.

 1. Tenant Admin Create Oauth Provider from the Admin portal by
 providing OAuth provider details.

- Client Registration endpoint
- Introspection Endpoint
- Scope Management Endpoint
- Token Endpoint
- Revoke Endpoint
- Endpoint Security Details
- Token Validation Regex.

 Just a suggestion, most OAuth/OIDC providers expose a .wellknown
>>> configuration endpoint that gives some of these endpoints. For example,
>>> https://accounts.google.com/.well-known/openid-configuration
>>> Maybe we can support populating the URLs from using that endpoint as
>>> well in addition to configuring manually.
>>>
>>> 2. Application developer creates the application defining the Oauth
 Provider type.
 3. Application developer Generates the keys from UI.

- Checks for the Consumer Key Generation can be done in the
Specific Oauth Provider.
-  Generate the Oauth App on Oauth Provider and retrieves the Oauth
Application Details.

 4. Application Developer Retrieves the Application details from the UI.

- Check for the Oauth provider selected.
- Retrieve the Oauth App details from the Respective OAuth Provider
selected.

 5. Generating Oauth Token

- Token Generation call will directly proxy into the token endpoint
of Respective Oauth Provider.

 6. Validating the Token.

- Generated Token from Oauth Providers contains a specific change
related to the Token.
- Before validating the token we checking the Token was resided to
which Oauth provider by checking from the Token Validation Regex given.
- Token get validate from elected Oauth Provider and then retrieve
the information related to the Token.

 7. Delete the Application

- Oauth Application will remove from Respective Oauth Provider
assigned.


 I appreciate any thoughts and feedback on this.

>>>
>>> Also, some of the endpoints exposed by OAuth providers will be protected
>>> with different auth mechanisms. How do we plan to handle this?
>>>
>>>


 Thanks

 *Tharindu Dharmarathna*Technical Lead
 WSO2 Inc.; http://wso2.com
 lean.enterprise.middleware
 mobile: *+94779109091*
 ___
 Architecture mailing list
 Architecture@wso2.org
 https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

>>>
>>>
>>> --
>>> Farasath Ahamed
>>> Associate Technical Lead, WSO2 Inc.: http://wso2.com
>>> Mobile: +94777603866
>>> Blog: https://farasath.blogspot.com / https://medium.com/@farasath
>>> Twitter: @farazath619 
>>> 
>>>
>>>
>>>
>>> ___
>>> Architecture mailing list
>>> Architecture@wso2.org
>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>
>>
>>
>> --
>>
>> *Tharindu Dharmarathna*Technical Lead
>> WSO2 Inc.; http://wso2.com
>> lean.enterprise.middleware
>>
>> mobile: *+94779109091*
>>
>
>
> --
>
> *Tharindu Dharmarathna*Technical Lead
> WSO2 Inc.; http://wso2.com
> lean.enterprise.middleware
>
> mobile: *+94779109091*
> ___
> Architecture mailing list
> Architecture@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>

Re: [Architecture] [APIM] Multiple Key Manager support

[Tharindu Dharmarathna]

Hi All,
Please find the database diagram on Implementation.

[image: db diagram.png]

let us know any feedback on this.

Thanks & Regards

On Thu, Apr 16, 2020 at 10:29 PM Tharindu Dharmarathna 
wrote:

> Hi Farasath,
>
> The authentication on those endpoints depends on the implementation
> implemented for the specific oauth provider, there will be configuration
> key value elements will be asked from user to retrieve those details.
>
> On Thu, Apr 16, 2020 at 6:34 PM Farasath Ahamed 
> wrote:
>
>>
>>
>> On Tue, Apr 14, 2020 at 10:13 PM Tharindu Dharmarathna <
>> tharin...@wso2.com> wrote:
>>
>>> Hi All,
>>>
>>> We are going to implement Multiple Oauth provider support to WSO2 API
>>> Management. From this feature, dev portal users can create their Oauth
>>> Application on Pre-Defined OAuth providers.
>>>
>>> 1. Tenant Admin Create Oauth Provider from the Admin portal by providing
>>> OAuth provider details.
>>>
>>>- Client Registration endpoint
>>>- Introspection Endpoint
>>>- Scope Management Endpoint
>>>- Token Endpoint
>>>- Revoke Endpoint
>>>- Endpoint Security Details
>>>- Token Validation Regex.
>>>
>>> Just a suggestion, most OAuth/OIDC providers expose a .wellknown
>> configuration endpoint that gives some of these endpoints. For example,
>> https://accounts.google.com/.well-known/openid-configuration
>> Maybe we can support populating the URLs from using that endpoint as well
>> in addition to configuring manually.
>>
>> 2. Application developer creates the application defining the Oauth
>>> Provider type.
>>> 3. Application developer Generates the keys from UI.
>>>
>>>- Checks for the Consumer Key Generation can be done in the Specific
>>>Oauth Provider.
>>>-  Generate the Oauth App on Oauth Provider and retrieves the Oauth
>>>Application Details.
>>>
>>> 4. Application Developer Retrieves the Application details from the UI.
>>>
>>>- Check for the Oauth provider selected.
>>>- Retrieve the Oauth App details from the Respective OAuth Provider
>>>selected.
>>>
>>> 5. Generating Oauth Token
>>>
>>>- Token Generation call will directly proxy into the token endpoint
>>>of Respective Oauth Provider.
>>>
>>> 6. Validating the Token.
>>>
>>>- Generated Token from Oauth Providers contains a specific change
>>>related to the Token.
>>>- Before validating the token we checking the Token was resided to
>>>which Oauth provider by checking from the Token Validation Regex given.
>>>- Token get validate from elected Oauth Provider and then retrieve
>>>the information related to the Token.
>>>
>>> 7. Delete the Application
>>>
>>>- Oauth Application will remove from Respective Oauth Provider
>>>assigned.
>>>
>>>
>>> I appreciate any thoughts and feedback on this.
>>>
>>
>> Also, some of the endpoints exposed by OAuth providers will be protected
>> with different auth mechanisms. How do we plan to handle this?
>>
>>
>>>
>>>
>>> Thanks
>>>
>>> *Tharindu Dharmarathna*Technical Lead
>>> WSO2 Inc.; http://wso2.com
>>> lean.enterprise.middleware
>>> mobile: *+94779109091*
>>> ___
>>> Architecture mailing list
>>> Architecture@wso2.org
>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>
>>
>>
>> --
>> Farasath Ahamed
>> Associate Technical Lead, WSO2 Inc.: http://wso2.com
>> Mobile: +94777603866
>> Blog: https://farasath.blogspot.com / https://medium.com/@farasath
>> Twitter: @farazath619 
>> 
>>
>>
>>
>> ___
>> Architecture mailing list
>> Architecture@wso2.org
>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>
>
>
> --
>
> *Tharindu Dharmarathna*Technical Lead
> WSO2 Inc.; http://wso2.com
> lean.enterprise.middleware
>
> mobile: *+94779109091*
>


-- 

*Tharindu Dharmarathna*Technical Lead
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware

mobile: *+94779109091*
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] [APIM] Multiple Key Manager support

[Tharindu Dharmarathna]

Hi Farasath,

The authentication on those endpoints depends on the implementation
implemented for the specific oauth provider, there will be configuration
key value elements will be asked from user to retrieve those details.

On Thu, Apr 16, 2020 at 6:34 PM Farasath Ahamed  wrote:

>
>
> On Tue, Apr 14, 2020 at 10:13 PM Tharindu Dharmarathna 
> wrote:
>
>> Hi All,
>>
>> We are going to implement Multiple Oauth provider support to WSO2 API
>> Management. From this feature, dev portal users can create their Oauth
>> Application on Pre-Defined OAuth providers.
>>
>> 1. Tenant Admin Create Oauth Provider from the Admin portal by providing
>> OAuth provider details.
>>
>>- Client Registration endpoint
>>- Introspection Endpoint
>>- Scope Management Endpoint
>>- Token Endpoint
>>- Revoke Endpoint
>>- Endpoint Security Details
>>- Token Validation Regex.
>>
>> Just a suggestion, most OAuth/OIDC providers expose a .wellknown
> configuration endpoint that gives some of these endpoints. For example,
> https://accounts.google.com/.well-known/openid-configuration
> Maybe we can support populating the URLs from using that endpoint as well
> in addition to configuring manually.
>
> 2. Application developer creates the application defining the Oauth
>> Provider type.
>> 3. Application developer Generates the keys from UI.
>>
>>- Checks for the Consumer Key Generation can be done in the Specific
>>Oauth Provider.
>>-  Generate the Oauth App on Oauth Provider and retrieves the Oauth
>>Application Details.
>>
>> 4. Application Developer Retrieves the Application details from the UI.
>>
>>- Check for the Oauth provider selected.
>>- Retrieve the Oauth App details from the Respective OAuth Provider
>>selected.
>>
>> 5. Generating Oauth Token
>>
>>- Token Generation call will directly proxy into the token endpoint
>>of Respective Oauth Provider.
>>
>> 6. Validating the Token.
>>
>>- Generated Token from Oauth Providers contains a specific change
>>related to the Token.
>>- Before validating the token we checking the Token was resided to
>>which Oauth provider by checking from the Token Validation Regex given.
>>- Token get validate from elected Oauth Provider and then retrieve
>>the information related to the Token.
>>
>> 7. Delete the Application
>>
>>- Oauth Application will remove from Respective Oauth Provider
>>assigned.
>>
>>
>> I appreciate any thoughts and feedback on this.
>>
>
> Also, some of the endpoints exposed by OAuth providers will be protected
> with different auth mechanisms. How do we plan to handle this?
>
>
>>
>>
>> Thanks
>>
>> *Tharindu Dharmarathna*Technical Lead
>> WSO2 Inc.; http://wso2.com
>> lean.enterprise.middleware
>> mobile: *+94779109091*
>> ___
>> Architecture mailing list
>> Architecture@wso2.org
>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>
>
>
> --
> Farasath Ahamed
> Associate Technical Lead, WSO2 Inc.: http://wso2.com
> Mobile: +94777603866
> Blog: https://farasath.blogspot.com / https://medium.com/@farasath
> Twitter: @farazath619 
> 
>
>
>
> ___
> Architecture mailing list
> Architecture@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>


-- 

*Tharindu Dharmarathna*Technical Lead
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware

mobile: *+94779109091*
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] [APIM] Multiple Key Manager support

[Sanjeewa Malalgoda]

I checked this API definition and it looks good for me. Please check inline
comments.
However I believe this configuration won't be that simple when it comes to
real implementation. As an example we will think about basic auth secured
DCR, OAuth protected scope registration endpoint etc. We will need to
collect a lot more parameters. So we will be able to have key-values kind
of things for that.

On Thu, Apr 16, 2020 at 12:36 PM Tharindu Dharmarathna 
wrote:

> Hi All,
>
> Hi All,
>
> Please find the Admin Rest API model for Registering the Key Managers from
> Admin API.
>
> ##
> # The "Key Manager Collection" resource API
> ##
>   /key-managers:
>
> #-
> # Retrieve all key managers
> #-
> get:
>   x-scope: apim:admin_operations
>   summary: Get all Key managers
>   description: |
> Get all Key managers
>   tags:
> - Key Manager (Collection)
>   responses:
> 200:
>   description: |
> OK.
> KeyManagers returned
>   schema:
> $ref: '#/definitions/KeyManagerList'
>
> #-
> # Add a Key Manager
> #-
> post:
>   x-scope: apim:admin_operations
>   summary: Add a new API Key Manager
>   description: |
> Add a new API Key Manager
>   parameters:
> - in: body
>   name: body
>   description: |
> Key Manager object that should to be added
>   required: true
>   schema:
> $ref: '#/definitions/KeyManager'
>   tags:
> - Key Manager (Individual)
>   responses:
> 201:
>   description: |
> Created.
> Successful response with the newly created object as entity in
> the body.
>   schema:
> $ref: '#/definitions/KeyManager'
> 400:
>   description: |
> Bad Request.
> Invalid request or validation error
>   schema:
> $ref: '#/definitions/Error'
>
>   ##
>   # The "Individual KeyManager" resource APIs
>   ##
>
>   /key-managers/{keyManagerId}:
>
>   #-
>   # Update a Key Manager
>   #-
> put:
>   x-scope: apim:admin_operations
>   summary: Update a Key Manager
>   description: |
> Update a Key Manager by keyManager id
>   parameters:
> - $ref: '#/parameters/keyManagerId'
> - in: body
>   name: body
>   description: |
> Key Manager object with updated information
>   required: true
>   schema:
> $ref: '#/definitions/KeyManager'
>   tags:
> - Key Manager (Individual)
>   responses:
> 200:
>   description: |
> OK.
> Label updated.
>   schema:
> $ref: '#/definitions/KeyManager'
> 400:
>   description: |
> Bad Request.
> Invalid request or validation error.
>   schema:
> $ref: '#/definitions/Error'
> 404:
>   description: |
> Not Found.
> The resource to be updated does not exist.
>   schema:
> $ref: '#/definitions/Error'
>   #-
>   # Delete a Key Manager
>   #-
> delete:
>   x-scope: apim:admin_operations
>   summary: Delete a Key Manager
>   description: |
> Delete a Key Manager by keyManager id
>   parameters:
> - $ref: '#/parameters/keyManagerId'
> - $ref: '#/parameters/If-Match'
> - $ref: '#/parameters/If-Unmodified-Since'
>
Do we need If-Match etc here?

>   tags:
> - Key Manager (Individual)
>   responses:
> 200:
>   description: |
> OK.
> Key Manager successfully deleted.
> 404:
>   description: |
> Not Found.
> Key Manager to be deleted does not exist.
>   schema:
> $ref: '#/definitions/Error'
>
>   #-
>   # The KeyManager resource
>   #-
>   KeyManager:
> title: Key Manager
> required:
> - name
> - type
> properties:
>   id:
> type: string
> example: "01234567-0123-0123-0123-012345678901"
>   name:
> type: string
> example: "WSO2 IS"
>   type:
> type: string
>  

Re: [Architecture] [APIM] Multiple Key Manager support

[Farasath Ahamed]

On Tue, Apr 14, 2020 at 10:13 PM Tharindu Dharmarathna 
wrote:

> Hi All,
>
> We are going to implement Multiple Oauth provider support to WSO2 API
> Management. From this feature, dev portal users can create their Oauth
> Application on Pre-Defined OAuth providers.
>
> 1. Tenant Admin Create Oauth Provider from the Admin portal by providing
> OAuth provider details.
>
>- Client Registration endpoint
>- Introspection Endpoint
>- Scope Management Endpoint
>- Token Endpoint
>- Revoke Endpoint
>- Endpoint Security Details
>- Token Validation Regex.
>
> Just a suggestion, most OAuth/OIDC providers expose a .wellknown
configuration endpoint that gives some of these endpoints. For example,
https://accounts.google.com/.well-known/openid-configuration
Maybe we can support populating the URLs from using that endpoint as well
in addition to configuring manually.

2. Application developer creates the application defining the Oauth
> Provider type.
> 3. Application developer Generates the keys from UI.
>
>- Checks for the Consumer Key Generation can be done in the Specific
>Oauth Provider.
>-  Generate the Oauth App on Oauth Provider and retrieves the Oauth
>Application Details.
>
> 4. Application Developer Retrieves the Application details from the UI.
>
>- Check for the Oauth provider selected.
>- Retrieve the Oauth App details from the Respective OAuth Provider
>selected.
>
> 5. Generating Oauth Token
>
>- Token Generation call will directly proxy into the token endpoint of
>Respective Oauth Provider.
>
> 6. Validating the Token.
>
>- Generated Token from Oauth Providers contains a specific change
>related to the Token.
>- Before validating the token we checking the Token was resided to
>which Oauth provider by checking from the Token Validation Regex given.
>- Token get validate from elected Oauth Provider and then retrieve the
>information related to the Token.
>
> 7. Delete the Application
>
>- Oauth Application will remove from Respective Oauth Provider
>assigned.
>
>
> I appreciate any thoughts and feedback on this.
>

Also, some of the endpoints exposed by OAuth providers will be protected
with different auth mechanisms. How do we plan to handle this?


>
>
> Thanks
>
> *Tharindu Dharmarathna*Technical Lead
> WSO2 Inc.; http://wso2.com
> lean.enterprise.middleware
> mobile: *+94779109091*
> ___
> Architecture mailing list
> Architecture@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>


-- 
Farasath Ahamed
Associate Technical Lead, WSO2 Inc.: http://wso2.com
Mobile: +94777603866
Blog: https://farasath.blogspot.com / https://medium.com/@farasath
Twitter: @farazath619 

___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

[Architecture] [APIM] Admin Portal revamping

[Chathuranga Siriwardhana]

Hi all,

We are going to revamp the WSO2 APIM Admin Portal. Following changes are to
be done.

1. Convert the Admin Portal to a React + Rest API App.

Currently, the Admin Portal is a Jaggery App. @Chathuranga Siriwardhana
 is working on this.

2. Converting the Admin Portal to a Web App.

@Kavishka Fernando  is working on this and will be
removing jaggery as a dependent component from the revamped admin portal.


Applying a new skin to the revamped Admin Portal is also suggested.

A dedicated feature branch [1] on the carbon-apimgt repository is available
for the implementations.

[1] https://github.com/wso2/carbon-apimgt/tree/admin_portal_revamp

Best Regards,
-- 
*Chathuranga Siriwardhana *| Software Engineer | WSO2 Inc.
(m) +94713604485 | Email: chathuran...@wso2.com

___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] [APIM] Multiple Key Manager support

[Tharindu Dharmarathna]

Hi All,

Hi All,

Please find the Admin Rest API model for Registering the Key Managers from
Admin API.

##
# The "Key Manager Collection" resource API
##
  /key-managers:

#-
# Retrieve all key managers
#-
get:
  x-scope: apim:admin_operations
  summary: Get all Key managers
  description: |
Get all Key managers
  tags:
- Key Manager (Collection)
  responses:
200:
  description: |
OK.
KeyManagers returned
  schema:
$ref: '#/definitions/KeyManagerList'

#-
# Add a Key Manager
#-
post:
  x-scope: apim:admin_operations
  summary: Add a new API Key Manager
  description: |
Add a new API Key Manager
  parameters:
- in: body
  name: body
  description: |
Key Manager object that should to be added
  required: true
  schema:
$ref: '#/definitions/KeyManager'
  tags:
- Key Manager (Individual)
  responses:
201:
  description: |
Created.
Successful response with the newly created object as entity in
the body.
  schema:
$ref: '#/definitions/KeyManager'
400:
  description: |
Bad Request.
Invalid request or validation error
  schema:
$ref: '#/definitions/Error'

  ##
  # The "Individual KeyManager" resource APIs
  ##

  /key-managers/{keyManagerId}:

  #-
  # Update a Key Manager
  #-
put:
  x-scope: apim:admin_operations
  summary: Update a Key Manager
  description: |
Update a Key Manager by keyManager id
  parameters:
- $ref: '#/parameters/keyManagerId'
- in: body
  name: body
  description: |
Key Manager object with updated information
  required: true
  schema:
$ref: '#/definitions/KeyManager'
  tags:
- Key Manager (Individual)
  responses:
200:
  description: |
OK.
Label updated.
  schema:
$ref: '#/definitions/KeyManager'
400:
  description: |
Bad Request.
Invalid request or validation error.
  schema:
$ref: '#/definitions/Error'
404:
  description: |
Not Found.
The resource to be updated does not exist.
  schema:
$ref: '#/definitions/Error'
  #-
  # Delete a Key Manager
  #-
delete:
  x-scope: apim:admin_operations
  summary: Delete a Key Manager
  description: |
Delete a Key Manager by keyManager id
  parameters:
- $ref: '#/parameters/keyManagerId'
- $ref: '#/parameters/If-Match'
- $ref: '#/parameters/If-Unmodified-Since'
  tags:
- Key Manager (Individual)
  responses:
200:
  description: |
OK.
Key Manager successfully deleted.
404:
  description: |
Not Found.
Key Manager to be deleted does not exist.
  schema:
$ref: '#/definitions/Error'

  #-
  # The KeyManager resource
  #-
  KeyManager:
title: Key Manager
required:
- name
- type
properties:
  id:
type: string
example: "01234567-0123-0123-0123-012345678901"
  name:
type: string
example: "WSO2 IS"
  type:
type: string
example: "IS"
  description:
type: string
example: "This is a key manager for Developers"
  introspection_endpoint:
type: string
example: ""
  dynamic_client_registration_endpoint:
type: string
example: ""
  token_endpoint:
type: string
example: ""
  scope_management_endpoint:
type: string
example: ""
  available_grant_types:
type: array
items:
  type: string
  example: "client_credentials"
  enabled:
type: boolean
example: true
  additionalProperties:
type: object


  #-
  # The KeyManager List resource
  #-