Send Docs Feedback

Provisioning organizations

Edge for Private Cloud v. 4.17.05

An organization is a container for all the objects in an Apigee account, including APIs, API products, apps, and developers. Before you can start to develop with Edge and BaaS, you must first create, or provision, an organization. Edge and BaaS organizations are separate, so you have to provision organizations on both.

At install time, the installer creates an Edge organization named VALIDATE and a BaaS organization named TEST used to validate the installation. Do not use these organization for your development. You must create new organizations before starting development. 

Provisioning an Edge organization

After you validate the Edge installation and you have successfully accessed the Edge UI, you must provision an organization. An organization is associated with one or more pods, where each pod must contain one or more Message Processors.

See About organizations for more information.

To provision an organization:

  1. Use the following API call to create a user who will function as the organization admin. Do not use the system admin account as an organization admin, but create a new user instead:
    curl -H "Content-Type:application/xml" -u <sysAdminEmail>:<passwd> \
    -X POST https://<ms-api-domain>/v1/users \
    -d '<User> \
       <FirstName>New</FirstName> \
       <LastName>User</LastName> \
       <Password>newUserPWord</Password> \
       <EmailId>foo@bar.com</EmailId> \
    </User>'


    In this call, and all the calls below, <ms-api-domain> is the domain name of the Edge management API as defined by the load balancer for the Management Servers.

  2. Use the following API calls to create an org. The first call creates the org:
    curl -H "Content-Type:application/xml" -u <sysAdminEmail>:<adminPasswd> \
    -X POST https://<ms-api-domain>/v1/organizations \
    -d '<Organization name="<org-name>" type="paid"/>'


    Replace <org-name> with the name of the org. 

    The next call associates the org with a pod:
    curl -H "Content-Type:application/x-www-form-urlencoded" \
    -u <sysAdminEmail>:<adminPasswd> -X POST \
    https://<ms-api-domain>/v1/organizations/<org-name>/pods \
    -d "region=dc-1&pod=gateway" 


    Notice that this call uses the default region of "dc-1" and pod of "gateway. If you changed these values at installation time, modifies these values as necessary.

    The final call adds the user you created above as the org admin for the org:
    curl -X POST -H "Content-Type:application/x-www-form-urlencoded" \
    -u <sysAdminEmail>:<passwd> \
    https://<ms-api-domain>/v1/organizations/<org_name>/userroles/orgadmin/users?id=foo@bar.com

  3. Obtain the UUIDs of all Message Processors. You need these UUIDs in the next step:
    curl -u <sysAdminEmail>:<passwd> https://<ms-api-domain>/v1/servers?pod=gateway

    The output of this command is a JSON object with an entry for each Message Processor and Router. For each Message Processor, you will see output in the form:

    "type" : [ "message-processor" ],
    "uUID" : "c0a5e78e-e478-4fd3-a86e-676cf5e4aa69"


    Save the UUIDs for each Message Processor.

  4. Use the following API calls to create an environment named "prod" in the organization. The first call creates the environment:
    curl -H "Content-Type:application/xml" -u <sysAdminEmail>:<adminPasswd> \
    -X POST https://<ms-api-domain>/v1/organizations/<org-name>/environments \
    -d  '<Environment name="prod"/>' 


    Associates the environment with all Message Processors. Make this call for each Message Processor that you want to associate with the environment:
    curl -H "Content-Type:application/x-www-form-urlencoded" \
    -u <sysAdminEmail>:<adminPasswd> -X POST \
    https://<ms-api-domain>/v1/organizations/<org-name>/environments/prod/servers \
    -d "action=add&uuid=<uuid>"


    Where <uuid> is the UUID of Message Processor that you obtained in the previous step.

  5. Obtain the UUIDs of all Qpid and Postgres servers. You need these UUIDs in the next step.

    For Qpid, run the command:
    curl -u <sysAdminEmail>:<passwd> https://<ms-api-domain>/v1/servers?pod=central

    The output of this command is a JSON object. For each Qpid server, you will see output in the form:

    "type" : [ "qpid-server" ],
    "uUID" : "d3c5acf0-f88a-478e-948d-6f3094f12e3b"


    For Postgres, run the command:
    curl -u <sysAdminEmail>:<passwd> https://<ms-api-domain>/v1/servers?pod=analytics

    For each Postgres server, you will see output in the form:

    "type" : [ "postgres-server" ],
    "uUID" : "d3c5acf0-f88a-478e-948d-6f3094f12e3b"


    Save the UUIDs for each Qpid and Postgres server.

  6. Enable analytics for the "prod" environment:
    curl -H "Content-Type:application/json" -u <sysAdminEmail>:<adminPasswd> \
    -X POST \
    https://<ms-api-domain>/v1/organizations/<org-name>/environments/prod/analytics/admin \
    -d "@sample.json"


    Where sample.json contains the following:
    {
      "properties" : {
        "samplingAlgo" : "reservoir_sampler",
        "samplingTables" : "10=ten;1=one;",
        "aggregationinterval" : "300000",
        "samplingInterval" : "300000",
        "useSampling" : "100",
        "samplingThreshold" : "100000"
      },
      "servers" : {
        "postgres-server" : [ "1acff3a5-8a6a-4097-8d26-d0886853239c", "f93367f7-edc8-4d55-92c1-2fba61ccc4ab" ],  
        "qpid-server" : [ "d3c5acf0-f88a-478e-948d-6f3094f12e3b", "74f67bf2-86b2-44b7-a3d9-41ff117475dd"] 
      }

    }


    The postgres-servers property contains a comma-separated list of the Postgres UUIDs, and the qpid-server property contains the Qpid UUIDs.

  7. If necessary, repeat the previous two steps to add additional environments, such as "test" or "stage".

  8. Create a virtual host for an environment:
    curl -H "Content-Type:application/xml" -u <sysAdminEmail>:<adminPasswd> \
    -X POST \
    https://<ms-api-domain>/v1/organizations/<org-name>/environments/prod/virtualhosts \
    -d '<VirtualHost name="default"> \
        <HostAliases> \
          <HostAlias>domain_name_from_router_lb</HostAlias> \ 
        </HostAliases> \
        <Interfaces/> \
        <Port>9001</Port> \
      </VirtualHost>' 


    where domain_name_from_router_lb is the domain name defined by the load balancer for the Edge Routers that is used to process requests to API proxies. For more on creating virtual hosts, see Configuring TLS access to an API for the Private Cloud.

  9. Log in to the Edge UI as the organization admin. You should be able to see the organization, environments, and virtual host in the Edge UI.

Associating the Developer Services portal with an Edge organization

This step is only required if you installed the optional Developer Services portal.

The portal acts as a client of Apigee Edge. When necessary, the portal makes a request to retrieve information from Edge or to send information to Edge. There are three pieces of information that the portal needs to communicate with Edge:

  • URL of the Edge API as defined by the Management Server load balancer - The publicly accessible domain name of the Edge management API. For example, https://edgemgmt.example.com. This URL is set when you install the portal and you typically do not need to change it.
  • Apigee organization name - The name of your organization on Edge. The portal can connect to a single Edge organization. If you have multiple organizations, this is the organization you use to release your APIs. You create this organization when you provision Edge as described above.
  • Username and password of an organization administrator - An organization administrator account in the Edge organization used specifically by the portal to connect to the organization. The account should not be used for any other purpose. 

    Because the portal displays developer apps and API products, it must stay in sync with your Edge organization by making management API calls. Calls from the portal to Edge are authenticated and require a user with organization administrator privileges.

To create an organization administrator:

  1. In the Edge UI, log in to the organization you created above when provisioning the Edge organization.
  2. Select Admin > Organization Users in the Edge UI.
  3. Select the +User button to add the new user. 
  4. Enter the user's email address.
  5. Select Organization Administrator for the role.
  6. Select Save.  

    The new user receives an email asking them to set the password. After setting the password, you can use this account to configure the portal.

To change the connection information in the portal:

  1. Log in to the portal using the the system admin's email address and password that you specified in the Ops Manager when you installed Edge.

    The portal UI appears. 
  2. In the portal administration menu, select Configuration > Dev Portal.
  3. Enter your organization name in Management API Organization.
  4. The Management API Endpoint URL is set at install time. You should not have to change it.

    The only reason to change the Management API Endpoint URL is if the Management Server load balancer for the Edge API is changed to use a different URL. 
  5. Enter the credentials of the new organization administrator that you created above in Endpoint Authenticated User and Authenticated User's Password.
  6. Select Test Connection to make sure the connection is successful.
  7. Select Save Configuration.
  8. Log out of the portal, and then log in using the new organization administrator's credentials.

    ​The portal will now display information about APIs, API products, and developers associated with the organization. Any new developers registering through the portal appear in the organization in the Edge UI.
  9. Optionally go to Configuration > System > Site information to set the site name, sender for emails, and other site information.

For more, see Creating a developer portal.  

Provisioning a BaaS organization

This step is only required if you chose to install Apigee BaaS.

if you installed BaaS as part of the Edge installation, you must provision a BaaS organization before you can start developing BaaS apps.

When you create an organization, you specify the organization name along with the  username, email address, and password of the organization administrator. The organization administrator's email address:

  • Must be different from the system administrator's email address.
  • Must be unique among all other organizations. That is, you cannot create two organizations with the same email address for the organization administrator. However, after creating the organization, you can add additional administrators that can be duplicated across multiple organizations.

See Organization for more.

To provision a BaaS organization, use the following cURL command to make a POST request:

curl -X POST "https://baas_api.example.com/management/organizations"
  -H "Content-Type: application/json" 
  -d '{"organization":"newOrganization", 
    "username":"newUsername", 
    "name":"New Name", 
    "email":"newEmail@example.com", 
    "password":"newPassword123"}'

Specify as the endpoint the URL defined by the load balancer for the BaaS Stack nodes.

After you create the organization, log in to the BaaS Portal by specifying the email address and password of the admin user defined by the cURL command. 

Provisioning a Monetization organization

This step is only required if you chose to enable Monetization.

Use the following cURL command to enable Monetization for an organization:

> curl -v -X POST -H 'Content-Type: application/json' \
-u <sysAdminEmail>:<passwd>  \
https://<ms-api-domain>/v1/mint/asyncjobs/enablemonetization \
-d '{"orgName" : "<yourOrgNAme>", "mxGroup" : "mxmint", "adminEmail" : "<sysAdminEmail>"}' 

Specify your organization name. The mxGroup name must be mxmint.

After you enable Monetization for the organization, log in to the Edge UI. Select the organization in the Organization drop-down list in the upper-right corner of the UI. You should now see a Monetization menu entry:

Help or comments?