Apiman Manager Production Guide
We assume that you have configured and started a standalone Keycloak instance.
You can find the default Apiman realm definition in your distro zip:
Note your Keycloak auth endpoint for subsequent steps.
In the newer versions of Keycloak this will be something similar to:
In older versions of Keycloak (or its product equivalents), something similar to:
The production guide assumes you are installing into WildFly 23.0.2.Final.
The instructions are slightly different if you are using some other platform (Tomcat, older WildFly versions, EAP, etc).
The Apiman Manager backend supports a range of RDBMSes, and Apiman can initialise and update them on your behalf using Liquibase.
However, you will need to create a database with appropriate credentials and permissions for Apiman to use.
On a separate server, install a production-ready database such as PostgreSQL or MySQL.
Create a database:
apiman. For example,
CREATE DATABASE apiman;
Make sure your DB is accessible remotely, and enable whatever security options you need (SSL, users/passwords, etc.).
We recommend using different users for Keycloak and Apiman, and permissioning them appropriately (e.g. create a
sa_apimanaccount and a
After creating the
apimandatabase, you can initialize it:
Automatically (Liquibase): start up Apiman with the correct configuration, and Liquibase will initialise the database on your behalf.
Manually (DDL): the Apiman DDLs for databases can be found in the quickstart overlay ZIP file, or you can grab them directly from GitHub.
Manually (Liquibase): run the
liquibasecommand-line tool against your database. You can find the master Liquibase log at
If you are using Docker, you can find images for a standalone Apiman Manager.
Alternatively, we have a full Docker Compose distribution that breaks Apiman down into its components.
The easiest way to install just the API Manager is to download and install the Apiman quickstart overlay ZIP and then remove the extraneous components.
Follow that up with a few configuration modifications, and you should have the Manager running in no time!
Here are the steps you should take to install a standalone API Manager:
Download and unpack WildFly
Unpack Apiman into WildFly
Remove unused Apiman deployments from standalone/deployments
Delete the following deployments:
The API Manager has a REST based API which the User Interface uses for all actions taken. It can also be used directly for automation and/or integration purposes. This API is protected by Keycloak authentication.
There are multiple ways you can tell Apiman where your Keycloak instance is. For this example, we will assume you have initialised Keycloak with the default Apiman realm.
Please refer to the dedicated guide for the full set of options, but in short, you must set at least the following environment variables (or system property equivalents).
|For a production setup, we recommend changing the Keycloak client secrets; the guide above explains how to do that.|
export APIMAN_AUTH_URL=<URL to the Keycloak auth server>
For example, if Keycloak is running on localhost port
Hopefully you’ve already created and initialized the database in the earlier installing a database section.
So at this point you really only need to connect the API Manager up to the already existing database.
For this example, we’re going to assume the use of Postgres, but other options are available.
Refer to the full configuration guide for how to do that, including setups that don’t work out of the box.
We’re going to use environment variables in this example, but you can also use system property equivalents, or edit
standalone-apiman.xml directly (datasources section).
Set the following environment variables:
APIMAN_DB_URL="jdbc:postgresql://localhost:5432/apiman"(replace with your server and db name)
APIMAN_DB_USERNAME="sa_apiman"(replace with your account)
APIMAN_DB_PASSWORD="admin123\!"(replace with your password)
When you launch Apiman, it will use these values to connect to your database.
Now that both your API Manager and Apiman Gateway are running, you need to hook them up. This just means telling the API Manager where the gateway lives. There is an admin UI page in Apiman that will let you do this.
Simply navigate to:
From there, you will be able to click on the gateway and modify its settings.
Use the Test button to verify your configuration is correct.
Don’t worry, the Test button will simply try to make a connection to the Apiman Gateway’s configuration URL, asking it for the current Gateway status.
If the Gateway responds as expected, then you can be confident that your settings are correct.
You will need to log into the UI.
The default credentials are:
You may have changed the default user credentials when you installed and configured Keycloak. If so, make sure you use those credentials.