How to access a proxy without product entitlement?

Report Inappropriate Content · 04-12-2018 11:51 PM

We have a new requirement to create a proxy and the user should be able to access the proxy without having entitlement to it. That is, no new product is required for that proxy and developer app will not have any reference to that product. All users will be authenticated using the Basic auth - Consumer key and secret. The Bearer token will be used to hit the proxy. Without authorization, the developer app should access the proxy.

Scenario :-

New Proxy - "Proxy-B1" is created.

Developer App "A" wants to hit "Proxy-B"

Product "B1-Product" created for proxy "Proxy-B"

Developer App "A" - Generates Bearer token using Basic auth and hits "Proxy-B" URL using bearer token and should able get the response.

(Note: Developer App "A" will not have product mapping for "Proxy-B". Developer App "A" should be able to hit "Proxy-B1" without entitlement)

How to achieve this? Can any one help on this please.

dchiesa1

It's an interesting question.

It sounds like you want Proxy B to be open to all apps.

There are two different ways to do this:

Allow unauthenticated access
Allow authenticated access

In the unauthenticated case, there need be no token at all. Any app sending a request into Proxy B should be allowed through. To accomplish this, do not use the OauthV2/VerifyAccessToken policy in Proxy B, at all. If the app sends a token in with its request, it is ignored. all requests are allowed.

In the authenticated case, all apps that are authenticated and valid may access the proxy. In this case you MUST include the OauthV2/VerifyAccessToken policy, and the app credential MUST be authorized for a product that includes that proxy. That's the way it works in Apigee Edge.

if I have misunderstood, let me know.

sorry for the delay in answering.