External API Onboarding
Not every API you use is one you built. External APIs — third-party services, partner APIs, platform APIs — can be onboarded through Apiway to get the same metering, compliance, and governance as your own APIs.
Why Onboard External APIs?
Section titled “Why Onboard External APIs?”Without onboarding, external API calls go directly from your code to the third party. You get:
- No metering — you don’t know how much you’re consuming
- No budget control — a bug can run up unlimited costs
- No compliance — no validation against the provider’s spec
- No visibility — the API doesn’t appear in your topology
After onboarding, external API calls route through your gateway. You get full visibility and control.
How It Works
Section titled “How It Works”The consumer onboarding pipeline deploys the external API through your gateway:
curl -X POST https://core.api.apiway.net/v1/programmes/consume \ -H "Authorization: Bearer $TOKEN" \ -d '{ "name": "Stripe Payments", "specification": "<base64-encoded OAS>", "targetUrl": "https://api.stripe.com" }'The pipeline:
- Creates the API entry — The external API appears in your catalogue as a consumed API
- Uploads the OAS — The provider’s spec, for documentation and compliance baseline
- Assigns your gateway — Traffic routes through your infrastructure
- Enables features — Compliance scanning, RU metering, consumption cost guard
- Deploys — Target URL points to the external provider’s real endpoint
What’s Different from Producer Quick Deploy
Section titled “What’s Different from Producer Quick Deploy”| Aspect | Producer (your APIs) | Consumer (external APIs) |
|---|---|---|
| Recommendations | Yes — improve your design | No — you don’t own the design |
| Mock | Yes — test before backend is ready | No — real target URL |
| Verification | Yes — validate your implementation | No — no credentials yet |
| SLA | Generated from your OpenSLA | Optional — comes from the provider |
| Target URL | Your backend | External provider’s URL |
After Onboarding
Section titled “After Onboarding”Once onboarded, the external API behaves like any other API in your tenant:
- Metering — RU consumption tracked per call
- Budget controls — Set a ceiling to prevent runaway costs
- Compliance — Validate responses against the provider’s OAS
- Topology — The API appears in your dependency map
- Cost centre — Consumption cost rolls into your API-level P&L
- Governance — Subscribing to the external API requires approval
Credential Management
Section titled “Credential Management”External API credentials are managed separately — the provider issues them, you configure them in your subscription. The gateway injects credentials into outbound requests automatically. Expiry tracking ensures proactive rotation before keys expire.