This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Restricting access to sub-resources in an API proxy

Posted on 08-26-2015 02:07 AM
Not applicable
Reply posted on --/--/---- --:-- AM

Say that I have the following API proxy: example.apigee.com/listen/

This proxy then has the following resources:

example.apigee.com/listen/metrics/

example.apigee.com/listen/1234/content/

example.apigee.com/listen/dashboard/

Is there a way to grant access to only some of these resources based on the API Product or Developer App? E.g. Granting access to /metrics, but restricting access to /dashboard

0 5 346
Topic Labels
0 Likes
5 REPLIES 5

Posted on --/--/---- --:-- AM
anilsr
Staff
Reply posted on --/--/---- --:-- AM

Dear @christian.danielsen ,

Yes, Apigee API Product out of the box supports it. You can grant access to only some of these resources based on the API Product. The API resources bundled in a product can come from one or more APIs, so you can mix and match resources to create specialized feature sets.

For more details refer below docs,

Cheers,

Anil Sagar

Posted on --/--/---- --:-- AM
Not applicable
In response to anilsr
Reply posted on --/--/---- --:-- AM

Thanks for your quick answer. I've tried but I still can't get it to work. Let's say that I want to only grant access to /metrics : 1. In Apigee Edge I go to Publish -> Product -> Choose the product 2. Click Edit 3. I add ' metrics** ' as the only resource 4. Click Save But when I call the endpoint /dashboard, using that API Product I just restricted to only /metrics, it responds with HTTP 200 OK and data.

I've also tried restricting the resources with the following without luck: '/metrics**', '/*', '/', '**'

0 Likes

Posted on --/--/---- --:-- AM
anilsr
Staff
In response to anilsr
Reply posted on --/--/---- --:-- AM

How did you call your endpoint /dashboard ? Is you API proxy secured using policy like Verify API Key policy ? You need to create an App & use the key to make API call. API Products work along with Developer Apps, Security Policies like OAuth or Verify API key in Apigee. If your API Proxy is not secured then API Products doesn't make any sense. See securing your API docs here.

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to anilsr
Reply posted on --/--/---- --:-- AM

Hi Anil, Yes, my API Proxy is secured using API Keys (Verify API Key policy) Although this is the case, it does not seem to work anyway.

0 Likes

Posted on --/--/---- --:-- AM
gnanasekaran
Staff
In response to
Reply posted on --/--/---- --:-- AM

Strange, can you post a screenshot of your resource configuration?

in a simple where you want only access to metrics,

your resource configuration should only contain

/metrics

/metrics**

/metrics/**

0 Likes