This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Can I share client credential among different APIGEE organizations?

Posted on 10-24-2023 07:03 AM
Ashishkumar2
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi,

We want our developers (clients) to use the same credentials for the different APPS / API Products created among different APIGEE Organizations.

Is it possible to do that? How?

Appreciate any help. 

Solved Solved
0 3 218
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

Yes, it's possible.  In Apigee X and hybrid.  (Not in Apigee Edge, AFAIK.  )

Now when you create a credential, you can specify the key + secret values (also know as the key pair). 

The typical way to create a credential is to allow Apigee to generate the key pair.  The result is a string of randomly selected characters. 

But, you can also create a new key, and explicitly specify the key and secret.  See the documentation.

and an example (pseudo code):

POST :apigee/v1/organizations/:org/developers/:developerId/apps/:app/keys/create
Authorization: Bearer :token
Content-type: application/json

{
 "consumerKey": ":explicitlySpecifiedKey",
 "consumerSecret": ":explicitlySpecifiedSecret",
 "expiresInSeconds": "3600"
}

(where :apigee is replced with apigee.googleapis.com, and the rest of those things are replaced with values for your specific case. The expiry is optional. )

So, the steps would be: 

  1. create an app in org #1.  That will implicitly create a key/secret for that app. Apigee will generate it.
  2. query the key/secret
  3. create an app in org #2.   Again you will get a key/secret.  
  4. Delete the key for the app in org #2
  5. create a new key for the app in org #2, specifying the values you obtained from the app in org #1

But you will need to figure out how to determine which app goes with which developer. As you know, in Apigee, apps are owned by developers. You wouldn't want to copy the key/secret for app A1 owned by Developer D1, into a separate app A2 owned by developer D2. 

 

View solution in original post

Jump to Solution
0 Likes
3 REPLIES 3

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

Yes, it's possible.  In Apigee X and hybrid.  (Not in Apigee Edge, AFAIK.  )

Now when you create a credential, you can specify the key + secret values (also know as the key pair). 

The typical way to create a credential is to allow Apigee to generate the key pair.  The result is a string of randomly selected characters. 

But, you can also create a new key, and explicitly specify the key and secret.  See the documentation.

and an example (pseudo code):

POST :apigee/v1/organizations/:org/developers/:developerId/apps/:app/keys/create
Authorization: Bearer :token
Content-type: application/json

{
 "consumerKey": ":explicitlySpecifiedKey",
 "consumerSecret": ":explicitlySpecifiedSecret",
 "expiresInSeconds": "3600"
}

(where :apigee is replced with apigee.googleapis.com, and the rest of those things are replaced with values for your specific case. The expiry is optional. )

So, the steps would be: 

  1. create an app in org #1.  That will implicitly create a key/secret for that app. Apigee will generate it.
  2. query the key/secret
  3. create an app in org #2.   Again you will get a key/secret.  
  4. Delete the key for the app in org #2
  5. create a new key for the app in org #2, specifying the values you obtained from the app in org #1

But you will need to figure out how to determine which app goes with which developer. As you know, in Apigee, apps are owned by developers. You wouldn't want to copy the key/secret for app A1 owned by Developer D1, into a separate app A2 owned by developer D2. 

 

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
Ashishkumar2
Bronze 1
Bronze 1
In response to dchiesa1
Reply posted on --/--/---- --:-- AM

@dchiesa1 

Thank you for information. 

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
dchiesa1
Staff
In response to Ashishkumar2
Reply posted on --/--/---- --:-- AM

Sure thing. It would be pretty neat to do this in an automated way... for example when a customer requests to promote their app from dev to prod, you could connect a web request, let's say in a devportal, to an integration flow (running in Google App Integration) that does all the steps I described above. And maybe that integration flow even includes a human approval step.  Like "click yes in the email to allow this promotion" kind of thing. 

Or if you expect lots of promotions, then, batch up all the requests, and use app integration to build that single email that says "here are the 17 requests to promote for today, click the checkboxes here and then submit to allow these promotions." 

 

Jump to Solution
0 Likes