Verify API key policy execution failed

APR · 08-19-2021 02:45 PM

Hi Team,

PFA,

I'm seeing some weird behavior in apigee X, Api key validation is failing when requests come from GoogleDialog flow(GDF). Here is some info about flow, proxy is secured by Basic Auth. when I receive Authorization Header in the request, using basicAuth policy, I'm decoding it and then using to verify API policy to verify the client, I used the username flow variable from the previous policy to verify the client.

this flow is working fine in all environments but perf env (performance ), even perf env also working if I do curl instead of GDF requests.. from GDF verifyAPI key policy throwing null point exception.

I compared both Authorization values, it's the same. I'm wondering why it's not picking up the username variable.

Thanks,

API-Evangelist

Not enough information but usually if you do the trace it should work.

Sample reference for BA Decode & Verify API Key..

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<BasicAuthentication async="false" continueOnError="false" enabled="true" name="BA-DecodeAuthorization">
<DisplayName>BA-DecodeAuthorization</DisplayName>
<Operation>Decode</Operation>
<IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
<User ref="client_id"/>
<Password ref="client_secret"/>
<Source>request.header.Authorization</Source>
</BasicAuthentication>

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<VerifyAPIKey async="false" continueOnError="false" enabled="true" name="VK-VerifyClientId">
<DisplayName>VK-VerifyClientId</DisplayName>
<Properties/>
<APIKey ref="client_id"/>
</VerifyAPIKey>