Re: VerifyAPIKey - app is eligible for more than o...

soosmarci · 03-13-2023 03:08 AM

Hi All,

I have a theoretical question because I did not find the answer in the documentation, nor in the forum.

GIVEN

I have

a developer and a developerApp (DeveloperApp)
a product (Product-A) with custom attribute "customAttr1 = "I am product A"
another product (Product-B) with custom attribute "customAttr1 = "I am product B"
a proxy (Proxy) with step VerifyAPIKey, validating the request by client_id (ie. the consumer developerApp)
next step of the Proxy is accessing product-level custom attribute (customAttr1)
either with AccessEntity or via direct reference

The Proxy is configured in both Product-A and Product-B with the same path (/v1) and method (eg. GET)

Both Product-A and Product-B is enabled to DeveloperApp.

WHEN

DeveloperApp invokes Proxy (v1/ GET)
VerifyAPIKey is executed
accessing the customAttr1 of the product

THEN

the retrieved value of customAttr1 is ???????I am product A orI am product B? ????????

Thank you for your help,

Br,

Marcello

dknezic

There's an existing discussion on this type of question here.. With that said, why do you have overlapping products that you assign to the same app?

https://www.googlecloudcommunity.com/gc/Apigee/Using-multiple-product-with-one-APP-GetEntity-fetches...

soosmarci

Hi @dk ,

Thanks for the link! The topic is correct, however it doesn't answer my question.

"why do you have overlapping products" - my question is purely theoretical.

Let's put it in this way: I miss some explanation from the documentation, that would sound sg like this:
"In case of a proxy/path/verb is available for a DeveloperApp in more than one APIProduct, then VerifyApiKey policy validates the request with the ApiProduct that was first assigned to the given DeveloperApp."

Br,
M

VerifyAPIKey - app is eligible for more than one product with given path