Hi,
As per this document, https://docs.apigee.com/api-platform/publish/create-api-products
there is a warning saying that If you don't select an API proxy, any app associated with the product can make calls to any API in your entire organization.
Is there a way to mandate addition of atleast one proxy to the product so that if anybody misses to add a proxy to the product it does not expose all the APIs. If not, what is the best way to prevent this.
Solved! Go to Solution.
Hi @GargiTalukdar, AFAIK there is no mandate which adds at least one proxy to a product.
Maybe you can use RBAC, and assign the Product Create Role to only selected people and control the process.
https://docs.apigee.com/api-platform/system-administration/understanding-roles#whatareroles
@Siddharth Barahalikar: Creating role is one option that we are looking into but it would be better to have this check as part of product creation in order to avoid risk of exposing all APIs by mistake.
@Mike Dunker: Thanks for pointing me to the article. But yes, the feature- Product with no resource and no proxy seems to be little dangerous and at least a warning will help to avoid this when done by mistake.
User | Count |
---|---|
1 | |
1 | |
1 | |
1 | |
1 |