Provisioning organizations

This section describes how to provision an organization.

To provision an organization:

  1. ssh to the edge-management server VM.
  2. Follow instructions from this guide to complete the on-boarding process

An organization is a container for all the objects in an Apigee account, including APIs, API products, apps, and developers. Before you can start to develop with Edge, you must first create, or provision, an organization.

At install time, the installer creates an Edge organization named VALIDATE. Do not use this organization for your development. You must create new organizations before starting development.

Provisioning an Edge organization

After you validate the Edge installation, and you have successfully accessed the Edge UI, you must provision an organization. An organization is associated with a single or more pods, where each pod must contain a single or more Message Processors.

See About organizations for more information.

To provision an organization through APIs:

  1. Use the following API call to create a user who will function as the organization admin. Do not use the system admin account as an organization admin, but create a new user instead:

    curl -H "Content-Type:application/xml" \
      -u sysAdminEmail:passwd \
      -X POST https://ms-api-domain/v1/users \
      -d '<User> \
        <FirstName>New</FirstName> \
        <LastName>User</LastName> \
        <Password>newUserPWord</Password> \
        <EmailId></EmailId> \

    In this call and all the calls below, ms-api-domain is the domain name of the Edge management API as defined by the load balancer for the Management Servers.

  2. Use the following API calls to create an org. The first call creates the org:

    curl -H "Content-Type:application/xml" \
      -u sysAdminEmail:adminPasswd \
      -X POST https://ms-api-domain/v1/organizations \
      -d '<Organization name="org-name"

    Replace org-name with the name of the org.

    The next call associates the org with a pod:

    curl -H "Content-Type:application/x-www-form-urlencoded" \
      -u sysAdminEmail:adminPasswd \
      -X POST https://ms-api-domain/v1/organizations/org-name/pods \
      -d "region=dc-1&pod=gateway"

    Notice that this call uses the default region of "dc-1" and pod of gateway. If you changed these values at installation time, modifies these values as necessary.

    The final call adds the user you created above as the org admin for the org:

    curl -X POST -H  "Content-Type:application/x-www-form-urlencoded" \
      -u sysAdminEmail:passwd \
  3. Obtain the UUIDs of all Message Processors. You need these UUIDs in the next step:

    curl -u sysAdminEmail:passwd

    The output of this command is a JSON object with an entry for each Message Processor and Router. For each Message Processor, you will see output in the form:

    "type" : [ "message-processor" ],
    "uUID" : "c0a5e78e-e478-4fd3-a86e-676cf5e4aa69"

    Save the UUIDs for each Message Processor.

  4. Use the following API calls to create an environment named "prod" in the organization. The first call creates the environment:

    curl -H "Content-Type:application/xml" \
      -u sysAdminEmail:adminPasswd \
      -X POST https://ms-api-domain/v1/organizations/org-name/environments \
      -d  '<Environment name="prod"/>'

    Associates the environment with all Message Processors. Make this call for each Message Processor that you want to associate with the environment:

    curl -H "Content-Type:application/x-www-form-urlencoded"
      -u sysAdminEmail:adminPasswd
      -X POST https://ms-api-domain/v1/organizations/org-name/environments/prod/servers \
      -d "action=add&uuid=uuid"

    Where uuid is the UUID of Message Processor that you obtained in the previous step.

  5. Obtain the UUIDs of all Qpid and Postgres servers. You need these UUIDs in the next step.

    For Qpid, run the following command:

    curl -u sysAdminEmail:passwd \

    The output of this command is a JSON object. For each Qpid server, you will see output in the form:

    "type" : [ "qpid-server" ],
    "uUID" : "d3c5acf0-f88a-478e-948d-6f3094f12e3b"

    For Postgres, run the command:

    curl -u sysAdminEmail:passwd \

    For each Postgres server, you will see output in the form:

    "type" : [ "postgres-server" ],
    "uUID" : "d3c5acf0-f88a-478e-948d-6f3094f12e3b"

    Save the UUIDs for each Qpid and Postgres server.

  6. Enable analytics for the "prod" environment:

    curl -H "Content-Type:application/json" -u
      sysAdminEmail:adminPasswd \
      -X POST https://<ms-api-domain/v1/organizations/org-name/environments/prod/analytics/admin \
      -d "@sample.json"

    Where sample.json contains the following:

      "properties" : {
        "samplingAlgo" : "reservoir_sampler",
        "samplingTables" : "10=ten;1=one;",
        "aggregationinterval" : "300000",
        "samplingInterval" : "300000",
        "useSampling" : "100",
        "samplingThreshold" : "100000"
      "servers" : {
        "postgres-server" : [ "1acff3a5-8a6a-4097-8d26-d0886853239c",
        "f93367f7-edc8-4d55-92c1-2fba61ccc4ab" ],
        "qpid-server" : [ "d3c5acf0-f88a-478e-948d-6f3094f12e3b",

    The postgres-servers property contains a comma-separated list of the Postgres UUIDs, and the qpid-server property contains the Qpid UUIDs.

  7. If necessary, repeat the previous two steps to add additional environments, such as "test" or "stage."
  8. Create a virtual host for an environment:

    curl -H "Content-Type:application/xml" \
      -u sysAdminEmail:adminPasswd \
      -X POST https://ms-api-domain/v1/organizations/org-name/environments/prod/virtualhosts \
      -d '<VirtualHost name="default"> \
        <HostAliases> \
          <HostAlias>domain_name_from_router_lb</HostAlias> \
        </HostAliases> \
        <Interfaces/> \
        <Port>9001</Port> \

    Where domain_name_from_router_lb is the domain name defined by the load balancer for the Edge Routers that is used to process requests to API proxies. For more on creating virtual hosts, see Configuring TLS access to an API for the Private Cloud.

  9. Log in to the Edge UI as the organization admin. You should be able to see the organization, environments, and virtual host in the Edge UI.

Associating the Developer Services portal with an Edge organization

The portal acts as a client of Apigee Edge. When necessary, the portal makes a request to retrieve information from Edge or to send information to Edge. There are three pieces of information that the portal needs to communicate with Edge:

  • URL of the Edge API as defined by the Management Server load balancer - The publicly accessible domain name of the Edge management API. For example, This URL is set when you install the portal and you typically do not need to change it.
  • Apigee organization name - The name of your organization on Edge. The portal can connect to a single Edge organization. If you have multiple organizations, this is the organization you use to release your APIs. You create this organization when you provision Edge as described above.
  • Username and password of an organization administrator - An organization administrator account in the Edge organization used specifically by the portal to connect to the organization. The account should not be used for any other purpose.

    Because the portal displays developer apps and API products, it must stay in sync with your Edge organization by making management API calls. Calls from the portal to Edge are authenticated and require a user with organization administrator privileges.

To create an organization administrator:

  1. In the Edge UI, log in to the organization you created above when provisioning the Edge organization.
  2. Select Admin > Organization Users in the Edge UI.
  3. Select the +User button to add the new user.
  4. Enter the user's e-mail address.
  5. Select Organization Administrator for the role.
  6. Select Save.

    The new user receives an e-mail asking them to set the password. After setting the password, you can use this account to configure the portal.

To change the connection information in the portal:

  1. Log in to the portal using the system admin's e-mail address and password that you specified in the Ops Manager when you installed Edge.

    The portal UI appears.

  2. In the portal administration menu, select Configuration > Dev Portal.
  3. Enter your organization name in Management API Organization.
  4. The Management API Endpoint URL is set at install time. You should not have to change it.

    The only reason to change the Management API Endpoint URL is if the Management Server load balancer for the Edge API is changed to use a different URL.

  5. Enter the credentials of the new organization administrator that you created above in Endpoint Authenticated User and Authenticated User's Password.
  6. Select Test Connection to make sure the connection is successful.
  7. Select Save Configuration.
  8. Log out of the portal, and then log in using the new organization administrator's credentials.

    The portal will now display information about APIs, API products, and developers associated with the organization. Any new developers registering through the portal appear in the organization in the Edge UI.

  9. Optionally go to Configuration > System > Site information to set the site name, sender for e-mails, and other site information.

For more, see Creating a developer portal.