LinkedIn
Twitter
@sanugu wrote:
I have to get the list of allowed scopes from the API Product and Generate a token with the scopes.
from what context, can you say more about the requirement? Is this for a tutorial or a test?
The scopes are part of the API Product. You can get that information from outside the API proxy, or within an API proxy (in the context of serving a request).
From outside the API proxy, you can view them in the UI,
or you can retrieve them from command line tools like apigeecli:
Or you can invoke the Apigee REST API directly
$ curl -i -H "Authorization: Bearer $TOKEN" https://apigee.googleapis.com/v1/organizations/$ORG/apiproducts/$PRODUCT_NAME...and the response is identical to what I showed for the apigeecli output. (surprise!)
And from inside the API Proxy, within the scope of handling an API request, you can also retrieve Product information via AccessEntity. Assuming you know the client_id, the policy should look something like this:
<AccessEntity name='AE-Product'>
<EntityType value='apiproduct' />
<EntityIdentifier type='consumerkey' ref='apigee.client_id' />
<!--
The result is stored in a variable: AccessEntity.AccessEntity-Product
-->
</AccessEntity>
And the result is an XML payload that includes a bunch of information including Scopes
You may have to use ExtractVariables to get just what you want from that.
Hello @dchiesa1
I am doing this configuration for my enterprise and in Apigee Edge. Eventually same for configuration will be applied for X.
I am now able to see the scopes in the trace but there is one issue.
App is associated to three products but I am getting only the scopes of one product in the trace. How do I get allowed scopes of all the products in trace
As an API program Administrator, you map a credential to a set of products.
(The mapping may be performed by the developer, in a self-service dev portal. But that is allowed by the API Program administrator. The point is, it's a setup task, an administrative action, done outside the scope of any API proxy or API request).
Within the context of an API request, when you use a policy to validate a credential - either an API key or an oauth token - the Apigee runtime resolves that to at most ONE product. Apigee does this by examining the combination of {proxy, verb, pathsuffix} in the request, and then examines those products and the operations on them, and selects the first matching product. An AccessEntity policy will retrieve that resolved product. That is why you see just one.
If you want to see all of the products for a credential, you need to perform an administrative query. Use the Apigee API or apigeecli or similar. As I showed above that will get you all of the scopes, and it can get you all of the products.
But what is the real goal here? Beyond "get all the scopes" and "get all the products" what are you really trying to do? It seems like you're trying to perform some admin action within the context of an API request. That may or may not be a good idea - usually not, though there are exceptions. Can you explain the business goal ? What's the scenario?
