Subscribing to APIs
A subscription grants a consumer access to a deployed API. It manages credentials, rate limits, RU quotas, and entitlements.
Creating a Subscription
Section titled “Creating a Subscription”curl -X POST https://core.api.apiway.net/v1/subscriptions \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d '{ "apiId": "payments-v1", "slaTier": "standard" }'Navigate to the API in the Developer Portal, click Subscribe, select your SLA tier, and confirm.
What a Subscription Includes
Section titled “What a Subscription Includes”| Component | Description |
|---|---|
| Credentials | OAuth client (ID + secret) or API key — provisioned automatically |
| Entitlements | Scopes granted based on the SLA tier and API operations |
| Rate limit | Requests per time window (configurable per tier) |
| RU quota | Resource unit budget for metered billing |
| RU period | Billing cycle — daily, monthly, quarterly, annual, or pay-as-you-go |
| Alert threshold | Percentage of RU quota that triggers a soft warning |
SLA Tiers
Section titled “SLA Tiers”Producers can define multiple SLA tiers using OpenSLA:
| Tier | Rate Limit | RU Quota | Price |
|---|---|---|---|
| Free | 10 req/min | 1,000 RU/month | Free |
| Standard | 100 req/min | 50,000 RU/month | Per-unit pricing |
| Enterprise | 1,000 req/min | Unlimited | Custom |
When subscribing, consumers select a tier — or Apiway recommends one based on estimated usage.
Subscription Lifecycle
Section titled “Subscription Lifecycle”| State | Meaning |
|---|---|
| Pending | Awaiting governance approval |
| Active | Credentials provisioned, API callable |
| Suspended | Temporarily blocked (e.g., budget exhausted) |
| Cancelled | Access revoked, credentials invalidated |
Credential Management
Section titled “Credential Management”Credentials are owned by the subscription — one credential set per subscription. The gateway injects credentials into the runtime context automatically.
Key Rotation
Section titled “Key Rotation”- Generate new credentials for the subscription
- Update your application configuration with the new credentials
- Revoke old credentials
Apiway tracks credential expiry and can notify consumers when rotation is recommended.
External API Subscriptions
Section titled “External API Subscriptions”When subscribing to an API from another organisation (via the API Economy marketplace):
- The OAS is copied into your tenant
- The copy goes through your governance flow
- On approval, the external API is deployed through your gateway
- Metering and compliance apply as if it were your own API
This maintains full tenant isolation — no cross-tenant data access.