This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Get API Product Scopes

Posted on 08-05-2021 12:58 PM
dhoenig23
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

How do I get the allowed scopes for the API Products for a given proxy? I'd like to do this in the Proxy PreFlow when a request comes in. 

0 2 208
Topic Labels
0 Likes
2 REPLIES 2

Posted on --/--/---- --:-- AM
ssvaidyanathan
Staff
Reply posted on --/--/---- --:-- AM

@dhoenig23 - When you use VerifyAccessToken operation using an OAuth policy, it should populate a "scope" flow variable with the scopes associated with that validated token. You can then check for fine grained access controls by inspecting that scope variable against your logic using conditions

0 Likes

Posted on --/--/---- --:-- AM
API-Evangelist
Silver 5
Silver 5
Reply posted on --/--/---- --:-- AM

You question is little open ended but if you just looking to know the scopes for a given product...There are different ways but why not use AccessEntity to pull information about the product.

https://docs.apigee.com/api-platform/reference/policies/access-entity-policy

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AccessEntity async="false" continueOnError="false" enabled="true" name="AE-APIProduct">
<DisplayName>AE-APIProduct</DisplayName>
<Properties/>
<EntityIdentifier ref="productName"/>
<EntityType value="app"/>
<EntityType value="apiproduct"/>
</AccessEntity>

It will give the information  related to scopes - AccessEntity.AE-APIProduct.ApiProduct.Scopes.Scope  & later you can actual match with the formparam say -  request.formparam.scope & decide on next steps..

 

 

0 Likes
Top Solution Authors
View all