Application Management

Portal App Usage Purposes

• Providing secure access to APIs
• Tracking and reporting API usage on an application basis
• Managing API Keys
• Managing API Product subscriptions

Portal App Management in API Manager

In API Manager, administrators can view and manage all portal applications.

Creating New Portal App

Step 1

Click the "+ Create" button in the top right on the Portal App list page

Step 2

Fill in the following information in the opened dialog:

• Account: Select the portal account the application will be linked to from the dropdown list (Required)
• Name: Application name (Required, Max: 255 characters)
• Reference ID: Unique ID of the application (Required, UUID is automatically generated)
• Description: Application description (Optional)

Step 3

Click the "Save" button

Step 4

Success message is displayed and list is updated

Portal App Detail Page

Section	Information	Description/Function
Header Section	Information is displayed in card form at the top of the page	* Account: Account name (clickable link, goes to account detail) * Name: Application name * Reference ID: Unique application ID * Description: Application description * Created Date: Creation date (in dd/MM/yyyy HH:mm:ss format) * Edit Button: To edit application information
API Keys Section	All API Keys belonging to the application are listed in this section.	* API Key: Username of the credential (used in API calls) * Enabled: Active/Passive status (with green/red dot) * Created Date: Key creation date * Expire Date: Key validity period (or "Never Expire" if none) * Actions: Revoke (Cancel) button API Key Creation: 1. Click the "Generate Key" button in the table header 2. System automatically: * Generates a unique username (UUID) * Generates a unique password (UUID) * Creates the credential in active status * Assigns the application's account and organization information 3. New key is added to the table API Key Revocation: 1. Click the "Revoke" button on the row of the key you want to cancel 2. Key's status becomes passive (enabled = false) 3. This key can no longer be used in API calls
API Products Section	API Products the application is registered to are listed in this section.	API Product: Product name Description: Product title/description Plan: Selected plan details (Free, Subscription, Metered, Tiered) Status: Registration status (APPROVED, WAITING, REJECTED, UNSUBSCRIBED) Actions: Unregister (Cancel Registration) button

bilgi

For API Product statuses added to API Product:

🟢 APPROVED: Approved, actively in use 🟡 WAITING: Waiting for approval 🔴 REJECTED: Rejected ⚫ UNSUBSCRIBED: Registration cancelled

statuses are explained on the Approval Requests page.

Cancelling API Product Registration:

• Click the "Unregister" button on the row of the product you want to cancel
• Registration status is updated to UNSUBSCRIBED
• Application can no longer access this API Product

not

This operation is done from API Manager. Portal users cannot cancel their registrations on the detail page.

My Applications in API Portal Interface

On API Portal, users can only see and manage their own applications.

Creating Application from Portal

Scenario A: User with No Applications

Step 1: When the My Applications page opens and an empty list card and "You don't have any applications yet" message appears:

• Click the "+ Create" button
• Fill in the information in the opened dialog

Step 2:

• Click the "Save" button
• When registration is completed, your first automatically created application is added to the list and your first API Key is prepared

Scenario B: User with Existing Applications

Step 1: When existing applications are listed in card/table on the list page:

• The "+ Create" button in the top right corner is always visible
• New application can be added by clicking this button

Step 2:

• App and plan are selected and registration is made

bilgi

For the steps to be taken according to the API Product's status after the registration process is completed, it is explained in detail in the API Product Access Settings section on the Approval Requests page.

Another method of creating an application on the API Portal interface is to perform operations through the "My Applications" page. This page is the central area where all management steps such as creating new applications, editing or deleting existing applications are performed.

On the API Product detail screen, only adding an existing application to the relevant API Product is possible; application editing or deletion operations are not performed here.

Additionally; when creating an application on the API Manager side, the Account / Developer section must be entered. However, since the user is already logged in with verified identity on the Portal side, applications created through Portal are automatically saved as belonging to the relevant user.

Below, the interface of the Portal My Applications page is shown as an example.

API Key (Credential) Management in API Portal Interface

API Key Structure

Each API Key has the following properties:

Property	Description
Username	Key used in API calls (in UUID format)
Password	Secret key (in UUID format)
App Id	ID of the application it belongs to
Account Id	ID of the account it belongs to
Organization Id	ID of the organization it belongs to
Enabled	Active/Passive status (true/false)
Created	Creation date
Expire Date	Validity period (optional)
Account Credential	Whether it is an account-based credential (true/false)

API Key Creation and Revocation Flow

API Key Creation Flow

1. User clicks "Generate Key" button
2. Username in UUID format is generated in the system
3. Password in UUID format is generated in the system
4. Credential object is created:
   • username: UUID
   • password: UUID
   • appId: [Application ID]
   • accountId: [Account ID]
   • organizationId: [Organization ID]
   • enabled: true
5. CredentialUpdateDTO is created:
   • credential: [Credential object]
   • accessControlList: []
   • accountCredential: true
6. POST request is sent to backend
7. Successful response is received
8. Credential list is refreshed
9. Success message is shown to user

API Key Revocation Flow

1. User clicks "Revoke" button
2. Credential object is updated:
   • enabled: false (passive)
   • Other information remains the same
3. CredentialUpdateDTO is created
4. PUT request is sent to backend
5. Successful response is received
6. Credential list is refreshed
7. Key appears in passive status (red dot)

API Product Registration Statuses

Status Descriptions:

Status	Description	Badge Color	Usage
WAITING	Waiting for approval	Yellow	Registration created, waiting for admin approval
APPROVED	Approved	Green	Application can use APIs
REJECTED	Rejected	Red	Registration rejected, application cannot use
UNSUBSCRIBED	Registration cancelled	Gray	User or admin cancelled registration

Usage Scenarios

Scenario 1: Creating a New Application (Portal User)

1. User logs into Portal
2. Goes to "My Applications" page from menu
3. Clicks "+ Create" button
4. Fills out the form:
   • App Name: "Mobile iOS App"
   • App Id: Automatic UUID
   • Description: "API access for iOS application"
5. Clicks "Save" button
6. System automatically:
   • Creates the application
   • Generates the first API Key
   • Shows success message to user
7. User sees the new application in the list

Result:

• Application is ready
• First API Key is ready to use
• Can register to API Products

Scenario 2: Registering to API Product and Usage

1. User goes to "API Products" page
2. Selects the desired API Product
3. Selects a plan (Free, Subscription, etc.)
4. Selects their application
5. Clicks "Subscribe" button
6. Registration is created (Status: WAITING)
7. Admin approves registration (Status: APPROVED)
8. User sees registration on application detail page
9. Makes API calls using their API Key

Result:

• Application can access API
• Throttling/Quota limits are applied
• Usage is tracked and reported

Scenario 3: API Key Management and Rotation

1. User goes to application detail page
2. Sees existing API Keys
3. Decides to change key for security reasons
4. Creates new key with "Generate Key"
5. Updates new key in their code
6. Tests and verifies it works
7. Revokes old key with "Revoke"

Result:

• Security increased
• Old key invalidated
• New key actively in use

Scenario 4: Application Deletion and Cleanup

1. User decides to delete an application they no longer use
2. Goes to "My Applications" page
3. Clicks menu button (⋮) of the application to be deleted
4. Clicks "Remove" option
5. Checks the application in the confirmation dialog
6. Clicks "Delete" button
7. System:
   • Deletes the application
   • Revokes all API Keys
   • Removes API Product registrations
8. Success message is shown

Result:

• Application completely deleted
• All related resources cleaned up
• API calls fail

Scenario 5: Application Management by Admin

1. Admin logs into API Manager
2. Goes to Portal Management > Portal Apps page
3. Sees all users' applications
4. Selects an application and goes to detail page
5. Checks API Product registrations
6. If necessary:
   • Creates new API Key
   • Revokes existing keys
   • Approves/rejects API Product registration
   • Cancels registration (unregister)
7. Edits application information
8. Changes are saved

Result:

• Admin can perform centralized management
• User applications are monitored
• Necessary interventions are made

Frequently Asked Questions

What is Portal App and why is it necessary?

Portal App is an application created to access APIs. Each API call is made with an API Key belonging to an application, thus usage can be tracked and controlled.

How many applications can a user create?

A user can create as many applications as they want. There is no limit.

Can I create two applications with the same name?

Yes, there can be multiple applications with the same name under the same account. Reference ID is unique in all cases.

What happens if I forget the API Key password?

Password is shown once and is not stored in the system. If forgotten, the key should be revoked and a new key should be created.

How many API Keys can there be in an application?

You can create as many API Keys as you want in an application. There is no limit.

Can I reactivate a revoked key?

No, a revoked key cannot be reactivated. A new key must be created.

Can an application register to multiple API Products?

Yes, an application can register to as many API Products as desired.

When will my WAITING status registration be approved?

Registrations are usually manually approved by admin. Approval time varies according to system policies.

Can I reapply for a REJECTED registration?

Yes, you can delete the registration and create it again. However, it is recommended to contact admin to learn the rejection reason.

What is the difference between API Manager and API Portal?

API Manager is where administrators manage all applications. API Portal is where users manage only their own applications.

Can admin interfere with my application?

Yes, admin can view, edit, and delete all applications.