Basics | Glossary of Terms

Glossary of Terms

Key terminology used in the platform.

alert: A type of Dashboard item designed to inform app or API administrators about an issue such as an SLA (Service Level Agreement) violation.
anonymous user: A user who is browsing the platform without logging in. Anonymous users can see public content but cannot post to Boards, write comments or ratings, or create resources such as apps.
API: A key resource in the Community Platform. An API provides a business with a way of using the Internet to extend business capabilities to connect with new customers in new ways. In this context an API is a Web service exposed outside the enterprise, typically using RESTful design principles, and often with JSON content.
API access request: A specific type of Connection Request. An API access request governs the relationship between an app and an API for the life of the connection. When an app team member requests a connection to an API on behalf of the app, the API administrator is notified of the pending request and can respond accordingly. The administrator can approve or deny the request.
API Administrator: One of the roles defined in the Community Platform is that of the API Admin. Each API must have at least one Admin, and can have more. The API Admin approves or rejects connection requests, moderates the API's Board, views and manages alerts and trouble tickets, and manages documents, policies, and other information associated with the API. The API Admin can also view performance and usage data for the entire API, and can invite others to be Admins for the same API.
API Board: The API Board allows any member to post discussions pertaining to a specific API, or create trouble tickets pertaining to issues associated with the operation of a particular API.; Navigation: APIs > API Name > Board
API Gateway: The SOA Software API Gateway provides service integration and gateway services for APIs. It bundles SOA Software Policy Manager with one or more message handling intermediaries.
app: An app (application) is a piece of software that delivers specific capabilities to its users. In the context of the Community Platform, an app is a piece of software that consumes one or more APIs.
App Board: The App Board allows development team members to create private discussions with other team members pertaining to their specific application development projects. Team members can also create trouble tickets pertaining to issues associated with application development.; Navigation: My Apps > App Name > Board
App ID: When an app developer registers an app in the platform, it is assigned an App ID. The App ID is a unique identifier for your app within the platform. All API calls include the App ID.
app team member: One of the roles defined in the Community Platform is that of the app team member. Each app most have at least one team member and can have more. An app team member initiates contract requests, such as API access requests, moderates the app's Board, and views and manages trouble tickets relating to the app. The app team member can also view performance and usage data for the app's API usage, and can invite others to be team members for the same app. All app team members have the same rights.
Board: In the Community Platform, every resource, such as an app or API, has a Board that displays all feed entries for the resource. Users with approved connections to the resource can post items to the resource's Board according to privileges. For example, a member of a specific app team can post items to the Board for that app. Users with approved connections also see relevant Board items in their personal home Feed.
Board item: An individual entry on a resource's Board. A Board item can be an Alert, API Access Request (Contract Request), Discussion, Group Membership Invitation, or Ticket.
bpel file: A bpel file is a Business Process Execution Language file. BPEL itself is an abbreviation for Web Services Business Process Execution Language (WS-BPEL), an OASIS standard executable language which is a standard format for specifying actions within a business process, used by webservices. When the Site Admin or Business Admin creates an export file from the platform, such as an API export file, the export ZIP file (package file) includes BPEL files.
Business Administrator: One of the roles defined in the Community Platform is that of the Business Administrator. A business can own one or more APIs and apps, and must have at least one Administrator. The Business Administrator automatically has administrator rights over all the APIs and apps owned by the business as well as all the users who are part of the business. For more information, see What roles can a Business Administrator perform?
Certificate Authority: A Certificate Authority (CA) issues certificates and guarantees the validity of the binding between the certificate owner and its public key. The CA is a trusted authority, and any certificate issued by the CA identifies the owner of the certificate. Therefore the private key that corresponds to the public key in the certificate is deemed to be known only by the specific owner. Two Certificate Authority options are supported. The Platform Tenant (Host) provides a simplified version of a Certificate Authority that can issue and renew X.509 certificates, or the app developer can import a certificate that was issued outside the platform.; Navigation: My Apps > Details > Security
connection: A relationship between resources in the Community Platform—such as the API access relationship between an app and an API that it's using.
connection request: A workflow process that governs the relationship between two resources for the life of the connection. It is a request to establish a connection between resources; for example, an API access request or a follow request.
container: An SOA Software container instance performs a specific web service management function in an API Gateway deployment. Instances have a unique Instance Name, Description, and Listener configuration relative to the deployment requirements.
Dashboard: The user's Dashboard, also called home page or feed, is the first page the user sees after logging in. The Dashboard includes information relating to apps and APIs the user is associated with. An individual user's Dashboard is an aggregation of all the Board items from all the resources that the user is following. An individual user can modify the types of information that are displayed on his/her Dashboard. See also Dashboard entry.; Navigation: Dashboard tab.
Dashboard entry/item: An informational item that appears on a user's Dashboard. The entries on a specific user's Dashboard are Board items for resources the user is following. A Dashboard entry can be any of the following: Alert, API Access Request (Contract Request), Discussion, Group Membership Invitation, or Ticket.
developer: A developer of an app that will consume an API.
discussion: In the Community Platform, an authorized user can create a discussion topic about a resource (app or API) on the resource's Board. A discussion is typically, but not necessarily, created by someone other than the owner or administrator of the resource. Discussion entries are not threaded; users comment on the original item rather than on the comments/replies to the original item. Users can, however, mark or unmark the discussion itself and/or one or more discussion comments.; Each discussion has a title and one or more comments. The visibility of a discussion is controlled by the visibility of the resource it's associated with; for example, a discussion about a Limited (Private) API can only be seen by administrators and Private API Group members associated with that API.
environment: Ap app/API contract can apply either to the Sandbox environment, which is a testing area, or the production environment.
export: A Site Admin or Business Admin can output all the information about one or more of certain resources, or an entire business, to an export file. The information can then be imported into another platform instance. Information is exported to a specially formulated ZIP file called a package file.; Full export is only available to a Site Admin or Business Admin. An API Admin can export an API.
follow request: A specific type of Connection Request used to establish a "follow" relationship between a user and a resource that can be followed. Currently, only apps, APIs, and groups can be followed.
group: 1) The term "group" is used in many instances to refer to any of the following types of groups in the Community Platform: app teams, Private API groups, API Administrator groups, Site Administrator groups, or independent groups.; 2) "Group" is sometimes used specifically to mean a Private API Group.
HMAC: The HMAC hashing algorithm uses a symmetric key to create a hash for message security. HMAC can be used with cryptographic hash algorithms such as MD5 or SHA-1.
import: When information is exported from one instance of the platform to an export file (package file), it can be imported to another instance of the platform.; Only a Site Admin or Business Admin has permission to perform functions relating to import.
independent group: A group that exists independently of any single app or API. Any authorized user can create an independent group, and becomes the first administrator. The administrator can then invite other members and can remove members and change a member's role. There are three roles; admin, leader, and member. All members can see resources the group is linked to. Admins have full rights over the group..
JSON: An acronym for JavaScript Object Notation, JSON uses a subset of the JavaScript syntax to describe an object clearly and succinctly. One of the advantages of JSON over XML for API messages is that message content conveyed in the JSON format is much more concise than the same content conveyed in XML, consuming less bandwidth.
leader: In the context of a Private API Group, a leader is a senior group member. A leader can invite additional members to the group and can change another member's status, from member to leader or vice versa.
license: A License is a tailored API access package designed by the Business Admin/API Admin and offered to the app developer. A license includes one or more license terms, each of which can include multiple scopes, giving access to specifically designated operations, and multiple quality of service (QoS) policies, and also one or more legal agreements applicable to the license.; For more information on the License feature, see Licenses: Feature Overview.
license term: A license term defines the access that is being offered in a license (scope) and the level of access (QoS policy). Each license term includes one or more scopes plus, optionally, the quality of service limits/policies to be applied to all scopes in the license term. Scopes apply to both visibility and access; policies apply only to access. To have any impact, a license term must include at least one scope.
mark: Users can give positive feedback to items such as discussion topics and associated comments, reviews, and other resources such as tickets, using the Mark function. Choosing Mark provides positive feedback, in the same way as "Like" in Facebook®. The Mark value toggles on and off, so a user can mark or unmark a discussion comment. In the user interface, the mark icon is a thumbs-up, and the unmark icon is a closed fist.
member: In the context of a Private API Group, a group member has access to all information relating to the Private API and the group, including tickets and discussions. Members cannot invite additional members or change the status of other members. A member can be promoted to leader status by the API Admin or by another leader.
membership request (invitation): An invitation to another individual, whether a registered user or not, to join a Community Platform group or team such as an app team. API Administrators can invite others to be API Administrators; app team members can invite others to the app team. A Site Administrator, Private API Administrator, or Independent Group member can also issue a membership request in the same way.
My APIs: The My APIs quick filter provides a list of APIs that a member who is an API Provider has added. Each API includes functional and usage documentation, and download files.; Navigation: My APIs quick filter
My Apps: The My Apps quick filter is a dashboard that displays all the apps defined by a member. The dashboard is used to manage your app workflow from setup to a live production site.; Navigation: My Apps quick filter
OpenID: OpenID is an open decentralized standard for authenticating users. It can be used for access control and allows users to log on to different services with the same digital identity where these services trust the authentication body. OpenID simplifies the authentication process because there is only one username and password to remember. For more information, see What is OpenID?
package file: The ZIP file that is created as a result of using the export function. The package file can be imported into another instance of the platform by a Site Admin or API Admin.
Policy Manager: SOA Software Policy Manager is the core product that provides the underlying infrastructure for the platform. Message handling intermediaries integrate with Policy Manager which attaches policies and provides a policy decision point as well as the policy administration point.; The Policy Manager console is the user interface for the SOA Software API Gateway.
Private API: Private APIs are visible to members who have been invited to join a Private API Group. Once a member has accepted a Private API invitation, the Private API is displayed with a unique icon.
Private API Group: A group associated with a Limited (Private) API and created by an API admin for that API. Each member has a group member role, either as member or leader. Each group can have multiple leaders as well as members.
proxy API: When you set up your API on the Community Platform and choose to use the Proxy feature, all traffic to your API endpoints is channeled via the platform. This offers significant benefits, including the ability to apply policies and monitor traffic at the proxy.
production environment URL: A unique gateway URL (service endpoint) that provides access to the production endpoint of an API. The production endpoint URL becomes available when you request production access, and go live after production access has been approved.; Navigation: My Apps > Apps
Public Key Integration: The Public Key Integration section of My Apps > App Details > Security allows you to use Public Key Infrastructure (PKI) for secure message signing. When you initially create your app, a shared secret is generated by default. If you would like to override the shared secret, you can upload a Certificate Signing Request (CSR). The Certificate Authority associated with the platform will generate a public/private key pair using the uploaded CSR.; Navigation: My Apps > Details > Security
QoS (quality of service) policy: A QoS policy defines the level of service being offered to an app that is accessing an API; for example, the number of transactions per minute that are allowed for the app. In the platform, QoS policies are tied to license terms.
resource: In the Community Platform, a Resource is an item, such as an App or API, which has its own Board and set of activities.
role: Within a Private API Group, each group member has a role, either as Member or Leader. The Private API Admin cam invite team members and designate roles.; Within an independent group, each group member has a role, either as Member, Admin, or Leader. An Admin can invite or remove other team members and designate roles.; Other roles on the platform include App Team Member, Site Administrator, API Administrator, and Site User.
sandbox endpoint URL: A unique gateway URL (service endpoint) that provides access to an APIs sandbox environment. The Sandbox Endpoint URL becomes available after requesting access an API using the Request API Access Wizard.; Navigation: Add APIs in My Apps > API Management, or Request API Access in My Apps.
scope: A subset of a license. A scope is the bridge between the top level of the hierarchy, which is a license, and the bottom level, an operation. At the business level, the Business Admin defines the scope with a name and basic attributes. Then, at the API level, the API Admin assigns specific operations to one or more scopes for the API. These operations are included in any license that the scope is assigned to.
Search: The Search function provides a full-text search capability that allows members and visitors to find information about APIs, and also Board posts, tickets, and alerts.; Navigation: Search text box
security domain: An application or collection of applications that all share, and trust, common security. The same security mechanism is used for all within the security domain, for authentication, authorization, and/or session management. A user who is authorized on one part of the security domain is considered authorized for other parts.; In a tenant/partner scenario, all tenants share the same security domain and are considered to be trusted. So, for example, app owners on one tenant have access to API information on another tenant seamlessly and without any additional security authorization.
SHA-1: SHA-1 is a cryptographic hash function, broadly used and trusted.; When you hash a value with SHA-1, the hash function returns a 160-bit string. This is the message digest. The value is hashed and sent with the message; at the receipt point, the value is hashed again, and the two hash values are compared. When the two hash values match, it is a secure, reliable indication that the message hasn't changed; the message at the receipt point is an accurate duplication of the message at the send point.
SHA-256: Part of the SHA-2 family of algorithms developed by the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA) to succeed SHA-1. Each is named according to the number of bits in the output; so, whereas SHA-1 has 160 bits in the hash output, SHA-256 has 256.
Shared Secret: A shared secret is a value generated for an app developer within the secure environment of the platform. The shared secret is known only to the app developer and the platform, and is used for authentication in secure send/receive communications.; Navigation: My Apps > Details > Security
site administrator: An individual who has responsibility for keeping the site running smoothly. The Site Admin has access to additional parts of the user interface for configuration and monitoring purposes. There can be more than one site administrator. For more information, see What functions are available to the Site Administrator in the platform?
SSL: A cryptograpic protocol used to add security to messages by encryption. SSL uses X.509 certificates and asymmetric security. The session key is used to encrypt the messages. SSL offers encryption and identification.
tag: A tag is essentially a keyword or key phrase that's added to a piece of content, or information associated with a resource, to assist in search results. Several different types of resources can have tags assigned to them; for example, apps, APIs, groups, and tickets. Multiple tags are separated by commas.; For example, if an app is a movie general knowledge game, the app owner might assign tags of movie, game, general knowledge.
target API: If an API is using the platform as a proxy, the TargetAPI is used to define the destination ("next-hop") endpoint for the API.
tenant: The tenant is a distinct developer portal and community that is logical separated from any other communities that may be hosted in the same product instance.; The Tenant is managed by the Site Administrator.
ticket: A type of feed entry, representing a trouble ticket created to raise an issue with a resource (app or API) or a connection. Tickets are typically created by a consumer of an API. Any member of the community can comment on a ticket, but it can only be marked as Resolved by the original creator or by an administrator of the target resource. For example, if Joe writes a ticket about an issue with the SkyBlue API, only Joe or the SkyBlue API Admin can mark the ticket as Resolved.
Trusted Certificate Authority: A Trusted Certificate Authority (CA) is a third party identity that is qualified with a specified level of trust. Trusted CA Certificates are used when an identity is being validated as the entity it claims to be. Certificates imported into the Platform Tenant (i.e., Host) must be issued by a Trusted Authority. Trusted CA Certificates must be configured prior to importing X.509 certificates for applications running on the platform.; Navigation: My Apps > Details > Security
unmark: To unmark a discussion, ticket, or other resource means to remove a mark previously placed on the resource. In the user interface, the mark icon is a thumbs-up, and the unmark icon is a closed fist.
version: Each app or API on the platform much have at least one version, and can have multiple versions. When a user creates an app or API on the platform, the first version is created automatically; when using the API it's important to complete both actions. If there is only one app or API version, deleting that version also deletes the app or API.
visibility: A setting that controls the types of users who can see an object, such as an app, API, or group, and its associated items such as discussions and tickets. See below: visibility (API) and visibility (app).
visibility (API): A setting that controls the types of users who can see an API and its associated items such as discussions and tickets. Possible values are Public or Limited. A discussion about a Limited (Private) API can only be seen by administrators and Private API Group members associated with that API. Members must be either invited to a Private API Group associated with the API or invited to be an Administrator for the API, and must then accept the invitation, before they even see the API in the Community Platform.
visibility (app): A setting that controls the types of users who can see an app and its associated items such as discussions and tickets. Possible values are Public, meaning that anyone can see information about the app, or Limited, meaning that only app team members can see it.
visibility scope: In the context of the Licenses feature, an individual user's visibility scope includes the set of licenses to which the user has been invited (due to the user's group membership). The user sees those licenses and can apply for API access with one or more of them. Operations that have been assigned to a scope that are included in a license a specific user has not been invited to are not visible to that user in the API documentation, and the user does not see the license and cannot request API access with that license.
workflow action: Certain types of activities on the platform must be done in a specific sequence. These are often managed by workflows. Each workflow action changes the state of the resource. Some examples of workflow actions are: requesting or approving an API contract, sending a group membership invitation, or changing the status of a ticket.