We are working on security recommendations from APIGEE, as part of that, we are trying to implement hashing token for extra security using the following link :
https://docs.apigee.com/api-platform/security/oauth/hashing-tokens
Please find the implementation in the document
as follows:
curl -u email:password -X PUT -H
"Content-type:application/xml" https://host:port/v1/o/{myorg} -d \
"<Organization type="trial"
name="MyOrganization">
<Properties>
<Property
name="features.isOAuthTokenHashingEnabled">true</Property>
<Property name="features.OAuthTokenHashingAlgorithm">SHA256</Property>
<Property
name="features.isOAuthTokenFallbackHashingEnabled">true</Property>
<Property
name="features.OAuthTokenFallbackHashingAlgorithm">SHA1</Property>
</Properties>
</Organization>"
Question 1 : How can we find all the existing
organization properties?
As per following link, https://docs.apigee.com/api-platform/security/oauth/access-tokens indicates following warning.
Warning: When you update the organization with
the API call, be sure to include all the existing organization properties in
the payload. If you don't, all existing organization properties are overwritten
by only the properties you set with this call.
Question 2 : Can you please confirm what should
be given as "Organization type="****", as we are private cloud paid (4.19.06) customers.In the doc it shows as "trial"
Question 3:
please also confirm if there will be any performance impact because of this ?