Skip to Content

Proxy API configuration in Jitterbit API Manager

Introduction

This page describes how to create and configure a proxy API from the APIs page of Jitterbit API Manager. A proxy API is one of the three types of APIs configured through API Manager. For the two other types, custom API and OData API, see Custom API configuration and OData API configuration.

Note

Once published, each proxy API counts as a Proxy URL against your Harmony subscription allowance.

Prerequisites

Unlike a custom API or OData API, which exposes a Harmony operation for consumption, a proxy API is used with an existing API. Proxied APIs are not routed through Jitterbit agents. The gateway processing the API must be able to access the API being proxied:

  • Cloud API gateway: If you use the cloud API gateway (hosted by Jitterbit), the existing API must be accessible publicly, even if secured. The API you are trying to proxy cannot be behind a firewall. To allowlist the cloud API gateway IP addresses to allow the gateway access to the API being proxied, see Allowlist information and navigate to https://services.jitterbit for your region.

  • Private API gateway: If you use a private API gateway (hosted on a private network), the private API gateway must be able to access the existing API.

Even though each proxy API allows multiple services to be assigned to a unique URL, the base proxy URL consumes the entitlement.

Note

API Manager totals hits across all services on a proxy URL and counts them against the hits per month and hits per minute entitlement provided in the Jitterbit license agreement. For information on entitlements and rate limiting with security profiles, see Rate limits on Key concepts.

Create a new proxy API

When you access the API Manager APIs page, if no custom APIs, OData APIs, or proxy APIs exist in the selected organization, this screen is blank.

To create a new proxy API, click New > Proxy API.

new proxy API

Note

The interface differs depending on how you access it. This page documents the tab-based configuration interface accessible from list view. If you access the API from tile view, you'll see a wizard interface. Both interfaces provide the same configuration options.

Configure a proxy API

The configuration screen includes multiple tabs, with three required tabs and three optional tabs. Each tab is covered in the following sections:

Profile tab

Use the Profile tab to enter basic information that identifies the API.

profile

Configure the following settings:

  • API Name: Enter a name for the proxy API to use for internal identification purposes. The following special characters are allowed: ( ) - _.

  • Service Root: The public name of the API to use as part of the API's service URL. By default, this field is populated with the Proxy Name converted to camel case. This field does not allow spaces or certain special characters. Using special characters other than an underscore (_) is not recommended. The following special characters are allowed: . _ ~ ( ) $ ; / ? : @ = & ' ! * , + -.

  • Description: Enter an optional description for the API.

  • Environment: Use the menu to select the environment where the API will reside. You can type any part of the environment name into the menu to filter the list of environments. The menu results are filtered in real time with each keystroke.

    Note

    After API creation, you cannot change the environment. To move an API between environments, you can clone the API or export and import the API in another environment.

  • Version number: Enter an optional version to use as part of the API's service URL. This field allows a maximum of 48 characters and does not allow spaces or certain special characters. Using special characters other than a period (.) or a hyphen (-) is not recommended. Common naming conventions include incrementing versions such as v1.0, v1.1, v1.2, or using a date that the API was published such as 2025-08-28.

After you complete the Profile tab, click Next to proceed to the Settings tab, or click Save as draft to save your progress.

Settings tab

The Settings tab is optional and contains advanced configuration options for the API.

create new proxy settings tab

Configure the following settings as needed:

  • Timeout: Enter the number of seconds before the API will time out. The default is 30 seconds. The maximum value allowed is 180 seconds.

    Note

    This setting is independent of the operation timeout setting in Studio or Design Studio. Operation timeout settings are not used unless the EnableAPITimeout setting in the private agent configuration file is enabled.

  • SSL only: This toggle is enabled by default and requires HTTPS for the API. When enabled, data is encrypted through SSL and an HTTP request returns an error. When disabled, both HTTP and HTTPS requests are supported.

    Warning

    When disabled, data passed through API requests and responses is not encrypted and can be intercepted and viewed by others. This could potentially expose sensitive information.

  • CORS: Enable this toggle to support CORS (Cross-Origin Resource Sharing). CORS is a mechanism that allows web applications running in a web browser on one domain to access resources from a server on a different domain.

    Warning

    Enabling CORS causes operations using the OPTIONS method to run without authentication.

  • Verbose logging: Enable this toggle to log request headers and payloads when an API request is made.

    Warning

    Verbose logging may include sensitive data such as authentication credentials or personally identifiable information. Use this setting carefully.

  • Enable debug mode until: Enable this toggle to turn on detailed logging for troubleshooting, then click the calendar icon to select a date up to two weeks from today when debug mode automatically turns off. When you enable debug mode for operations triggered by this API, the API logs include request and response data (kept for 30 days) that you can access through the Management Console Runtime page. By default, API Manager logs only API operations with errors.

    Warning

    Debug logs contain all request and response data, including sensitive information such as passwords and personally identifiable information (PII). This data appears in clear text in Harmony cloud logs for 30 days.

After you configure the Settings tab, click Next to proceed to the Existing API tab, or click Prev to return to the Profile tab.

Existing API tab

Use the Existing API tab to specify the base URL of the API you want to proxy and optionally provide an OpenAPI document for automatic service discovery.

create new proxy step 2 existing API no opAPI document

Configure the following settings:

  • Base API URL: Enter the base URL of the API to proxy.

    Note

    If the API provides a single service, you can enter the complete API URL, including the service path. Additional service paths are defined in the Services tab.

  • Provide OpenAPI document: If you provide an OpenAPI document, API Manager uses it to auto-discover the API's services. Select No to skip or Yes to expand an additional area for providing the OpenAPI document:

    create new proxy step 2 existing API OpenAPI document

    • Load URL: Opens a dialog to load an OpenAPI document in YAML or JSON format from a URL:

      create new proxy step 2 existing API OpenAPI document document URL

    • Upload file: Opens a dialog to upload an OpenAPI document in YAML or JSON format after you use Browse to select the file:

      create new proxy step 2 existing API OpenAPI document document file

    • Clear: Clears an OpenAPI document that has already been provided and changes the Provide OpenAPI Document selection to No.

    • Document editor: Allows viewing and editing of a provided OpenAPI document. You can also provide an OpenAPI document by entering it here directly. To view and edit the OpenAPI document in a larger area, click the popout icon. After opening that area, click the return icon to come back to this screen.

After you configure the Existing API tab, click Next to proceed to the Services tab, or click Prev to return to the Settings tab.

Services tab

Use the Services tab to define the services and HTTP methods that the proxy API will expose. The way in which you define services depends on whether you provided an OpenAPI document in the Existing API tab.

Manual service definition

If you did not provide an OpenAPI document, you must define services and methods manually:

create new proxy step 3 services manual

Click New Service to add a service. Configure the following settings:

  • Service Name: Enter a name to identify the service.

  • Path: Enter a path for the service. If the API does not have a service path, enter a forward slash (/).

    Note

    You cannot use characters such as curly brackets ({ }) in a service path when you manually define services. To use unallowed characters in a service path, instead provide an OpenAPI document defining the path in the Existing API tab.

  • Methods: Select each method to be created for the service. Available methods include GET, PUT, POST, and DELETE. To use a method not listed, enter the method name in the Type a new method text box and press Enter.

  • Actions: Hover over a service row to reveal additional actions.

    • Copy API service URL: Click to copy the API's service URL.
    • Duplicate: Click to duplicate the service.
    • Delete: Click to delete the service.

You must add at least one service to proceed to the next tab.

OpenAPI document auto-discovery

If you provided an OpenAPI document in the Existing API tab, API Manager automatically discovers and lists services in a table:

create new proxy step 3 services OpenAPI

  • Assign: Use the toggle to add the services to the proxy API.
  • Service Name: The name used to identify the service.
  • Methods: The HTTP method that applies to the service.
  • Path: The path of the service.

  • Actions: Hover over a service row to reveal additional actions.

    • Copy API service URL: Click to copy the API's service URL.
    • Go to API Service: Click to configure the API in a wizard interface.

After you configure the Services tab, click Next to proceed to the Security profiles tab, or click Prev to return to the Existing API tab.

Security profiles tab

The Security profiles tab is optional and allows you to restrict access for consumption of the API.

create new proxy step 4 security profiles

Configure the following settings:

  • Assign: Use the toggle to assign or unassign security profiles for the API.

  • Profile Name: The name of the security profile as configured in Security Profiles.

  • Type: The authentication type for the security profile, such as Basic, OAuth 2.0, or API Key.

  • User Name: For basic authentication, this displays the username. For other authentication types, this displays the same value as the Type column.

  • Actions: Hover over a security profile row to reveal additional actions.

    • Go to security profile: Click to open the security profile's configuration.

Depending on the Harmony organization's policies, you may be required to assign a security profile in order to save the API.

Tip

Changes to security profile assignments are saved as drafts. You must publish the API using Save and Publish to apply the changes and allow deletion of previously assigned profiles. Security profiles cannot be deleted while they appear in any API's published configuration, even if you have unassigned them in a draft version.

Click New security profile to create a new security profile. For instructions, see Configure security profiles.

After you configure the Security profiles tab, click Next to proceed to the Request headers tab, or click Prev to return to the Services tab.

Request headers tab

The Request headers tab is optional and allows you to add new request headers or override existing request headers.

create new proxy request headers tab

Note

By default, the request header disable-hyphen-replacement is set to true for all new proxy APIs. Once you publish the proxy API, you can set the request header to false to replace hyphens (-) with underscores (_) in request headers (except for the request headers Content-Type, Content-Length, Accept-Encoding, and Transfer-Encoding).

Click New header to add a request header. Configure the following settings:

  • Key: Enter a key for the request header.

  • Value: Enter a value for the request header.

  • Override Incoming: Enable this toggle to override an existing request header that uses the same Key. The default is disabled.

  • Actions: Hover over a header row to reveal additional actions.

    • Delete: Click to delete the request header.

After you configure the Request headers tab, click Publish to publish the API, or click Save as draft to save your progress.

Save and publish options

After you configure all required tabs, you can save or publish the API:

  • Save as draft: Saves the API in Draft status or Published with Draft status. Draft APIs do not count against your Proxy URL subscription limit. An API whose status was Published at the time you use Save as draft is saved as Published with Draft. A published API counts against your Proxy URL subscription limit, even though its draft is not accessible.

  • Publish: Saves the API in Published status. The API is live and accessible within five minutes. A published API counts against your Proxy URL subscription limit. A dialog indicates the API is live:

    all set your API is live proxy API

    The dialog provides these options:

    • Copy URL: Copies the API's service URL to your clipboard.
    • Close: Closes the dialog.

Edit the API

After you save the API, you can edit it from these locations:

Note

The editing interface differs depending on how you access it. When you click View/Edit from tile view, a wizard configuration screen opens. When you click Edit from list view, the tab-based configuration interface opens. Both interfaces provide the same configuration options.