Please share Adding Basic Authentication policy Ex...

Report Inappropriate Content · 03-30-2015 05:07 AM

Please share Adding Basic Authentication policy Examples not from docs...

I would like to add basic auth policy and get it validated, it is not working for me...

Report Inappropriate Content

Hi Nagesh, are you trying to protect a resource with Basic Authentication in Apigee? Basic Authentication policy encodes and decodes a variable(s). If you want to validate against some credentials, you can try the Sample API Proxy from this answer. There are other ways to implement it, but personally I'd recommend leveraging Express.

Report Inappropriate Content

Although OAuth 2.0 client credentials is a preferred way to go, here are the steps:

Create a proxy with a BasicAuthentication policy as follows:

<BasicAuthentication name="Basic-Authentication-Header"> 
  <DisplayName>Basic Authentication Header</DisplayName> 
  <Operation>Decode</Operation> 
  <IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables> 
  <User ref="request.header.client_id" /> 
  <Password ref="request.header.client_secret" /> 
  <Source>request.header.Authorization</Source> 
</BasicAuthentication>

create a VerifyApiKey policy this way:

<VerifyAPIKey name="Verify-API-Key"> 
  <DisplayName>Verify API Key</DisplayName> 
  <FaultRules/> 
  <Properties/> 
  <APIKey ref="request.header.clientID"/> 
</VerifyAPIKey>

create a product and app and add this proxy.
This will generate a apikey and secret
generate a encoded key as base64(apikey:secret)
In the request, add a authorization header "Basic XXX" where XXX is replaced by the base64 encoded key
send the request to apiproxy

I hope this helps.

rajeshnimmadan

I tried like this and added headers also but every time it showing error like below

{"fault": {
"faultstring": "Failed to resolve API Key variable request.header.client_id",
"detail": {"errorcode": "steps.oauth.v2.FailedToResolveAPIKey"}
}}

Report Inappropriate Content

@Rajesh Nimmada

It look like you are setting apikey in the flow and passing the value in "request.header.client_id".

Check the apikey value you are passing the header.

adas

@nagesh If you are trying to use the Basic Authentication policy for protecting your api, then that's not the right usage for the policy. The policy is not meant to provide basic authentication for a resource or apiproxy, rather it allows you to encode/decode a basic authentication header.

For example, if you have a backend api that requires basic authentication, you might want to use the basic authentication header to encode the request parameters into a base 64 encoded string and then pass it to the backend api as basic authentication header. Here's a simple example:

In this example, we are using the request headers "username" and "password" to generate the base64 encoded Basic Authentication header:

<BasicAuthentication name="BasicAuthentication">
  <DisplayName>BasicAuthentication</DisplayName>
  <Operation>Encode</Operation>
  <IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
  <User ref="request.header.username" />
  <Password ref="request.header.password" />
  <AssignTo createNew="true">request.header.Authorization</AssignTo>
  <Source>request.header.Authorization</Source>
</BasicAuthentication>

Now if this policy is attached to the request preflow, it can prepare the Authorization header containing the credentials to the target:

<ProxyEndpoint name="default">
  <Description/>
  <PreFlow name="PreFlow">
    <Request>
      <Step>
        <Name>Basic-Authentication</Name>
      </Step>
    </Request>
    <Response/>
  </PreFlow>
  <Flows/>
  <PostFlow name="PostFlow">
    <Request/>
    <Response/>
  </PostFlow>
  <HTTPProxyConnection>
    <BasePath>/apigee-demo</BasePath>
    <VirtualHost>default</VirtualHost>
    <VirtualHost>secure</VirtualHost>
  </HTTPProxyConnection>
  <RouteRule name="default">
    <TargetEndpoint>default</TargetEndpoint>
  </RouteRule>
</ProxyEndpoint>

However, It might be more appropriate to attach the policy to a flow in the target.