Solved: Looking for single method to access app.{custom at...

Report Inappropriate Content · 02-26-2015 02:05 PM

We are storing a piece of information as a custom attribute for developer apps. Some of our users connect with oAuth and others with API keys.

If an app connects via oAuth, we can reference the custom attribute in javascript via:

var CustAtt = context.getVariable('app.{CustomAttributeName}');

However, if the app connects via API key, that var is null. In order to access the custom attribute for API key users we have to use:

var CustAtt = context.getVariable('verifyapikey.{verify policy}.app.{CustomAttributename}');

I would like a consistent way to reference the same custom attribute, regardless of the users authentication method. Is there a shortcut I'm missing?

rdeandrade

Hi Bill,

You can conditionally extract the attributes to a set of common variables where you can consume the info from later.

For example:

1. if key:

1.1 do key validation (attributes are loaded to verifyapikey...)

1.2 save attributes to common variable (via extract message policy)

2. if oauth:

2.1 do token validation (attributes are loaded to app....)

2.2 save attributes to common variable (via extract message policy)

3. consume attributes from common variable

Note that the above logic is about the same as checking which of the variables are set (verifyapikey. vs app.

If you are doing the check or the attribute reading from js you can check and load the values in the same js code as well.

Maybe not quite what you were looking for but I hope this help.

Ricardo

View solution in original post

mdunker

Hi Bill,

Another solution I can think of is to create a JavaScript function like this:

function getCustomAttr(attrName) {
  var attrVal = context.getVariable("app."+attrName);
  if (attrVal == null) {
    attrVal = context.getVariable("verifyapikey.VerifyKey.app."+attrName);
  }
  return attrVal;
}

And in your code, retrieval becomes

var myCustomAttr = getCustomAttr("myCustomAttrName");

You can create this in its own .js file and use IncludeURL in the JavaScript policy to use this in multiple JavaScript files.

View solution in original post

rdeandrade

Hi Bill,

You can conditionally extract the attributes to a set of common variables where you can consume the info from later.

For example:

1. if key:

1.1 do key validation (attributes are loaded to verifyapikey...)

1.2 save attributes to common variable (via extract message policy)

2. if oauth:

2.1 do token validation (attributes are loaded to app....)

2.2 save attributes to common variable (via extract message policy)

3. consume attributes from common variable

Note that the above logic is about the same as checking which of the variables are set (verifyapikey. vs app.

If you are doing the check or the attribute reading from js you can check and load the values in the same js code as well.

Maybe not quite what you were looking for but I hope this help.

Ricardo

Report Inappropriate Content

Thanks for the feedback Ricardo. This is actually what we're doing currently. I was just hoping that there would be a way to avoid having to do the if/assign checks. I find it surprising that there isn't a single point of reference for those attributes.

mdunker

Hi Bill,

Another solution I can think of is to create a JavaScript function like this:

function getCustomAttr(attrName) {
  var attrVal = context.getVariable("app."+attrName);
  if (attrVal == null) {
    attrVal = context.getVariable("verifyapikey.VerifyKey.app."+attrName);
  }
  return attrVal;
}

And in your code, retrieval becomes

var myCustomAttr = getCustomAttr("myCustomAttrName");

You can create this in its own .js file and use IncludeURL in the JavaScript policy to use this in multiple JavaScript files.

Report Inappropriate Content

The problem i have with this is (and this is pretty much what we have already) is that this is a function, an assignment, an if-null check and another assignment for every call to the API. That's a lot of overhead in a system that will need to process thousands of requests at a time.

I'm just surprised there isn't something like context.getVariable("developer.app.{Attribute}") that would be available regardless of the authentication method.

mdunker

I agree that it would be useful from a developer time standpoint.

However, I'm not sure that worrying about the processing time is worthwhile here. Any trivial JavaScript code (anything that is not doing heavy processing) should not be your focus (IMO). JavaScript code is compiled in Apigee Edge. Any reasonable JS processing you are doing is less than a rounding error when you compare it to any Cassandra disk access or especially any call across the Internet. Since your question involved accessing the variables using JS, any policy overhead will already be required.

Report Inappropriate Content

Thanks for the feedback Mike. I wasn't considering that this was compiled (still getting my feet with with apigee).

So until I have so time to make a dummy API and put it under some load tests to compare and convince myself, I'll have to concede the point 🙂

Looking for single method to access app.{custom attribute} for both oAuth and APIKey access apps.