This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

I am attaching an App to a Product that has no proxies. Any caveats?

on ‎02-10-2015 04:56 PM

akoo
New Member
3 0 463

There are 3 App scenarios and questions that follow.

Background

Assume that all APIs except OAuth-ClientCredentials proxy are protected by Apigee's OAuth/VerifyAccessToken policy.

App 1

  • Product A
  • Product B

App 2

  • Product B

App 3

  • No Products (achievable by deletion via API)

Product A

  • OAuth-ClientCredentials proxy (to generate token via HTTP Basic Auth)
  • No resource paths

Product B

  • No API proxies
  • No resource paths

Questions

  1. Does App 1 have access to all APIs (protected and non-protected) by nature of association with Product B?
  2. Does App 2 have access to all APIs (protected and non-protected)? This notably includes access to OAuth-ClientCredentials proxy which is not listed in any Products.
  3. Does App 3 have access to all APIs (protected and non-protected)?

The answer to all 3 question is yes.

  1. Yes -- As a convenience for fast prototyping with OAuth integration, developers do not need to list/update a Product with new API proxies for inclusion in Apigee's OAuth system.
  2. Yes -- Taking the App 1 test one step further, Product A is not even required for prototyping.
  3. Yes -- This is an atypical case. The UI does not allow an admin to delete all Products for a particular App. An admin would need to delete via API.

Also note that once you include 1 API proxy in a Product, the Product is locked down. Thereafter, access is restricted to the API proxies specifically listed in that Product.

Topic Labels
Version history
Last update:
‎02-10-2015 04:56 PM
Updated by: