This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Extract App information using AccessEntity with multiple EntityIdentifier elements - Apigee Hybrid

Posted on 03-10-2023 07:04 PM
an90210
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

I am trying to fetch 'App' information based off of two different references, both of which are of type 'consumerkey'. Some api proxies use api-key and others use client-id. Tried the below according to the documentation but it seems to be throwing an error while trying to save.  This policy is part of a shared flow that I plan to call as part of the Pre-Target-Flow.

When I try to use the option of extracting app information based on two different <EntityIdentifer> references for the same 'type' as below, as well as in the example provided in the Apigee X documentation on access-entity-policy#Entities,  which apparently seems to have a typo on the 'type' field (type*="identifier_type"), I keep getting the error EntityIdentifier ref must be non-empty. The 'ref' attribute is clearly not empty. On the other hand when not using the <Identifiers> element with multiple Identifiers, it works fine. Any help is appreciated. 

Non-working code:

 

 

 

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AccessEntity async="false" continueOnError="false" enabled="true" name="AE-Get-Developer-App">
	<DisplayName>AE-Get-Developer-App</DisplayName>
	<EntityType value="app"/>
	<Identifiers>
		<Identifier>
			<EntityIdentifier ref="request.header.api-key" type="consumerkey"/>
		</Identifier>
		<Identifier>
			<EntityIdentifier ref="request.header.client-id" type="consumerkey"/>
		</Identifier>
	</Identifiers>
</AccessEntity>

 

 

 

Working Code without the <Identifiers> element:

 

 

 

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AccessEntity async="false" continueOnError="false" enabled="true" name="AE-Get-Developer-App">
	<DisplayName>AE-Get-Developer-App</DisplayName>
	<EntityType value="app"/>
	<EntityIdentifier ref="request.header.api-key" type="consumerkey"/>
</AccessEntity>

 

 

 

Thanks.

 

Solved Solved
0 4 204
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
dknezic
Staff
Reply posted on --/--/---- --:-- AM

You could consider using an assign message variable that determines the appropriate header to use, and then use that for access entity.. or have two access entity policies with a condition based on the available headers.

View solution in original post

Jump to Solution
0 Likes
4 REPLIES 4

Posted on --/--/---- --:-- AM
API-Evangelist
Silver 5
Silver 5
Reply posted on --/--/---- --:-- AM

Try below documentation helps narrowing results with secondary identifiers..

https://docs.apigee.com/api-platform/reference/policies/access-entity-policy#secondary_identifiers 

Good Luck.

Jump to Solution

Posted on --/--/---- --:-- AM
dknezic
Staff
Reply posted on --/--/---- --:-- AM

You could consider using an assign message variable that determines the appropriate header to use, and then use that for access entity.. or have two access entity policies with a condition based on the available headers.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
an90210
Bronze 2
Bronze 2
In response to dknezic
Reply posted on --/--/---- --:-- AM

Thanks. I can definitely try that. Going back to the initial approach I tried, that is not working: is that a known issue or bug? There isn’t any documentation about that element anywhere either, so I’m curious to know if it is something that even works OOB.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
dknezic
Staff
In response to an90210
Reply posted on --/--/---- --:-- AM

I think you're right, it looks like a validation bug when updating the API proxy revision. Whether or not AccessEntity with multiple EntityIdentifiers would support your use case though I'm not sure, but thanks for highlighting this, will raise this as a bug.

Jump to Solution
Top Solution Authors
View all