Understanding your responsibilities when using API Connect
Review the following tables to understand who is responsible for managing the different resources and features in API Connect.
For a general overview of IBM and customer responsibilities in IBM Cloud, see Shared responsibilities for IBM Cloud offerings.
Responsibility for API Connect resources
While most of the API Connect resources are managed by IBM, you are responsible for some resources that are typically managed by you. Table 1 lists the API Connect resources and notes which party is responsible for managing different aspects of each resource.
| Resource | Incident and Operations Management | Identity and Access Management | Security and Regulation Compliance | Disaster Recovery |
|---|---|---|---|---|
| Data | You | You | You | Shared |
| Application | You | You | Shared | Shared |
| Observability | Shared | Shared | Shared | IBM |
| App networking | Shared | IBM | IBM | IBM |
| Virtual storage | IBM | IBM | IBM | IBM |
| Virtual network | IBM | IBM | IBM | IBM |
| Hypervisor | IBM | IBM | IBM | IBM |
| Physical servers and memory | IBM | IBM | IBM | IBM |
| Physical storage | IBM | IBM | IBM | IBM |
| Physical network and devices | IBM | IBM | IBM | IBM |
| Facilities and Data Centers | IBM | IBM | IBM | IBM |
Responsibility for API Connect product features
Most of the responsibility for API Connect features is shared between you and IBM. Table 2 specifies each party's responsibilities for features.
| Feature | Your Responsibility | IBM's Responsibility |
|---|---|---|
| API and Product creation | Provide REST API and API Product specifications using OpenAPI files, the API Connect APIs, and the API Connect user interface | Provision and deploy the REST API using the your specifications |
| Networking | Provide the endpoints for routing API traffic; deploy and manage remote DataPower API Gateways (if desired) | Expose the API to a public or private network via the IBM managed or a self-managed DataPower API Gateway |
| API subscriptions | Enable API subscriptions as an identification/authentication method for a REST APIs and distribute appropriate keys to API subscribers | Generate and authenticate API keys |
| API security | Enable IBM-supported security mechanisms (e.g. OAuth provider/consumer, basic auth, etc) as an authentication method for a REST API | Protect published APIs via OAuth tokens, basic auth, etc |
| Actions | Configure | Integrate, generate, and activate |
| Monitoring | Monitor individual API uptime and configure necessary alerts | Integrate with IBM Cloud Log Analysis to provide customer-accessible API operational logs |
| Rate limiting | Define appropriate rate limiting rules via the API Connect Product and API YAML specifications | Enforce rate limits |
| API management | Configure API Connect using the provided interfaces and supported design specifications. | Host, provision, integrate, and implement your APIs using your API Connect-compatible specifications |
| Developer Portal | Configure authentication, manage Drupal modules, and administer Portal sites | Apply scheduled upgrades and fixes, and ensure the general availability of the Portal subsystem |