Skip to Content
Developer StudioMulti Level Access

Approval Workflow in AllThingsAPI (ATA)

The Approval Workflow in AllThingsAPI (ATA) is a crucial feature that helps manage the process of granting or denying access to APIs and other resources within the system. It provides a structured way to ensure that the right people approve access to critical API services, thereby maintaining security, governance, and proper access control.

This documentation will explain how the Approval Workflow works in ATA, how to configure it, and how it interacts with the Producer and Consumer model.

🔑 What is the Approval Workflow in ATA?

In ATA, the Approval Workflow is designed to manage how access requests are approved for APIs and services that are produced by one team (the Producer) and consumed by another team (the Consumer). The workflow defines the approval process and who has the authority to approve or reject an access request.

When a Consumer submits an access request to a Producer’s API, the request doesn’t go directly through; it follows a defined approval flow. The Producer team determines who must approve the request based on the Approval Configuration set for that API application.

The Approval Workflow is integral for managing:

  • Who can access a Producer’s API.
  • Authorization and validation of access rights before a Consumer can use the API.
  • Security control to limit access to only authorized users.

🧑‍💻 How the Approval Workflow Works

The Approval Workflow is tied to the Access Request system in ATA. When a Consumer requests access to an API, the request must go through the approval flow defined by the Producer team.

1. Access Request Submission

  1. Consumer Submits Access Request: The Consumer submits an access request to use an API or an endpoint. This request can be for either:
    • Consumer: The Consumer needs to access the API.
    • Dependent On: The Consumer needs to access an API because they depend on its data or functionality.
  2. Application Details: The request includes details like:
    • Application Name: The API being requested.
    • API Endpoint: The specific API endpoint or service being accessed.
    • Application Version: The version of the API application being accessed.
  3. Consumer Details: The request also includes the Consumer’s information:
    • Consumer Team
    • Business Application
    • Application Name and Version
    • API Endpoint they wish to access.

2. Approval Workflow Configuration

When setting up an API application, the Producer configures the approval workflow. This workflow determines who needs to approve the access request and under what conditions. The Producer has several configuration options for this process:

Approval Configuration Settings:

  1. Active Team: The team responsible for managing the API access requests.
  2. Active Business Application: The business unit or project under which the API is being accessed.
  3. Approval Type:
    • None: No approval is required. The request is automatically granted.
    • Any One User Can Approve: Any member of the selected team can approve the access request.
    • All Users Must Approve: Every user in the selected team must approve the request before it is granted.
  4. Authorized Users: If approval is required (i.e., not None), a dropdown list appears with the names of all team members. Depending on the Approval Type:
    • For “Any One User Can Approve”: Select one user to approve the request.
    • For “All Users Must Approve”: Select multiple users from the list to approve the request.

Setting Default Configuration for New Applications:

  • The Approval Type and Authorized Users settings can be set as the default configuration for new applications created within the same team and business application.

🔄 Managing Approval Workflow

Once the approval workflow is configured for an API application, it will govern how access requests are handled. Here’s how to manage and track the approval workflow:

3. Review Access Requests

Once an access request is submitted, it goes to the Review Access Requests section, where the request can be approved or rejected.

  1. Navigate to Access Request:
    • In Developer Studio, navigate to the Access Request section to review the pending access requests.
  2. View the Request:
    • Under the Review Access Requests tab, you’ll see the following details about each request:
      • Request Category: Whether the request is for Consumer or Dependent On.
      • Producer API Details: The API and its version.
      • Consumer API Details: The team and application requesting access.
      • Status: The current status of the request (Requested, Approved, or Rejected).
  3. Approve or Reject:
    • From the three-dot menu next to each request, you can choose to Approve or Reject the request.
    • The Producer team can approve or reject the request based on the approval workflow configuration.

4. Access Request Status:

  • Requested: The request has been submitted but not yet approved.
  • Approved: The request has been approved, and the Consumer can now access the API.
  • Rejected: The request was denied, and access is not granted.

🔧 Approval Configuration Settings

The Approval Configuration determines how access requests are approved. Producers can define the approval process during application creation or later modify it.

Here’s a detailed look at the approval configuration options:

  1. Approval Type Options:
    • None: No approval needed.
    • Any One User Can Approve: Any member of the selected team can approve the request.
    • All Users Must Approve: Every team member in the selected group must approve the request.
  2. Authorized Users:
    • For “Any One User Can Approve”, you select one user to approve the request.
    • For “All Users Must Approve”, you select multiple users to approve the request.
  3. Default Configuration:
    • These approval settings can be used as the default configuration for all future applications created under the selected team and business application.

📝 Tracking Approval Workflow

In the Approval Workflow interface, ATA provides detailed insights into each access request:

  1. My Requests: View a list of requests submitted by the Consumer, including:
    • Application Name
    • Access Request Type
    • Team
    • Business Application
    • Creation Date
    • Status (Requested/Rejected/Approved)
  2. Review Access Requests: Review and approve/reject access requests based on the Producer’s approval workflow.
  3. Approval Configuration: Set the default approval flow for all applications in the team or business application.

Conclusion

The Approval Workflow in AllThingsAPI (ATA) allows you to manage and control access requests to your APIs effectively. By defining and configuring the approval flow, you ensure that the right people approve access, reducing security risks and improving governance.

With features like approval types, authorized users, and tracking tools for managing requests, ATA provides a seamless and secure way to control API access across teams and projects.

Happy managing! 🚀

Generate Release NotesProducers and Consumers in ATA