We are using Edge 4.50.07 on private cloud with CentOS.

We have multiple applications which want to create some objects like Developers, Developer Apps, entries in KVM etc

One way is that we share the Gateway FQDN and Basic Auth credentials with all services and they can create what they expect to create, on Gateway.

This is risky, as anyone having access to these applications can use these credentials to do any CRUD operation on Gateway.

We though of creating some API Proxies for these Management calls and exposing Management calls through these proxies, but it seems that this is Antipattern, as per following link:

https://cloud.google.com/apigee/docs/api-platform/antipatterns/invoking-management

(this is mentioned in Apigee X docs and we expect that same holds true for OPDK also. Eventually we plan to migrate to Apigee X).

What are the possible solutions, if we want to:
- restrict Management API access (is there some concept of PRODUCTS like in case of API Proxies)
- do NOT want other Apps to store Gateway credentials

Can someone please suggest?