Can we have a uniform set of API Keys for a given environments. In other words can we manually set the API Keys rather than letting APIGEE generate a random one for us

We have multiple environments(like sit,uat,peg etc), each having multiple tracks/organizations (like sit-ste1,sit-ste2 and so on). We would like to have one API Key for a given app for all non productional environments(sit,uat,peg) and one API Key for the same app in production environment (prod,disaster recovery etc). Is there is way that this can be set manually?Also where does apigee store this api key and can we manually edit it?

0 13 611
13 REPLIES 13

sarthak
Participant V

Hi @vednath pittala

YES. What you described above can be done using API Products.

1. You define multiple environments inside Apigee.

2. You define an API Product for each one of the environments.

3. Using management UI/API of Products give the app access to only those products where it should have access to.

4. If All the apps should be able to access all the environments then you can create one product and make it accessible from all the environments. Learn more about API Products here

Now to your second question about if you can import the same key without Apigee generating one , yes you can. Find a detailed description here: https://community.apigee.com/questions/6049/is-it-possible-to-migrate-the-existing-client-id-a.html

I think you interpreted my question in wrong direction.

1. My definition of multiple environments is multiple servers each having a distinct URL. Say I have DEV, SIT and UAT

2. Inside each of these environments I have multiple organizations. Eg DEV environment would have the organizations STE1, STE2... STE(n). Each of these different organizations though residing on the same server need to be accessed by a different port number. I have created products in each of these organizations. The app trying to access this product can do it only under this organization, there fore there would be one api key for a given app and a given product in STE1 of DEV and this key is not valid in STE2 of DEV and so on. Like this I will have 'n' number of api keys each valid only under its given organization.

The solution am looking for is having a single api key for the whole environment for a given app. In other words I need the app in DEV- STE1, DEV -STE2.... DEV -STE(n) to be able to use the same api key

Ps for some reason am not able to open the hyperlink provided by you for my second question.

Few clarification questions first :

1. When you say environments and organizations are those Apigee Environments and organizations ? If not how are the env and orgs mapped to Apigee nomenclatures ?

2. How do you know which org is mapped to which server ? Server is a physical implementation and orgs are logical. Are you using Apigee on-prem and by that do you mean you have multiple orgs using the same set oF MPs (though central POD etc. are shared) ?

3. An org is a completely self-contained (logically) unit , no data is shared across orgs. So if you are using multiple orgs for different environments and want to have the same API key available for each API org there is no other way of doing it apart from importing the API keys across each org using the method mentioned in my first post.

So based on what you said so far , since you have multiple orgs the below solution is the only solution which will work for you I think.

If you cannot open the hyperlink let me know :https://community.apigee.com/questions/6049/is-it-possible-to-migrate-the-existing-client-id-a.html

1. Yes those are APigee Environments and Organizations

2. Each server(environment) has a unique url and each org has a unique port number. So to access a given server and a given org I need to use the combination of url and port number. Yes am using apigee onprem and yes multiple orgs use the same set of message processors

3. Would look into the post as and when the hyperlink becomes available to me.

Any other suggestions are always welcome!

Thanks a lot

I reposted the link in both my answers. Is none of them opening ?

If It does open then this is the link : https://community.apigee.com/questions/6049/is-it-... . Let me know.

thanks it is opening up now. Looking into it. Seems good so far. A couple of quick questions

1. Is there a way of doing this via ui than curl calls?

2. Just confirming that /tmp/key.xml, this xml file is located inside tmp folder of server from where am trying to push this onto apigee

1. Unfortunately no. Only way to do is via APIs. Curl,postman whatever but no Apigee EDGE UI available at this stage.

2.yes, correct.

Also the curl command for update expects same key value in both the xml as well as the request. So how do we change the key if it expects same value?

@sarthak any other inputs on this?

You need to use the Create API to import the key into your environment. That should solve your use case right ?

meaning creating the api product and setting the key approval to manual? or something else?

So the steps are : Use the create Key API documented here to import the API key into the environment.

Then use the API documented here to associate the API Key to a product of your choice.

You can also use this tool : https://github.com/apigeecs/apigee-migrate-tool to do this task in one step.

Let me know if you have further questions.

@sarthak the solution you provided works as expected when we have to move in between environments say between server 1 and server 2, but it fails when we have to use the same set of keys in different organizations under the same environment. Eg say I have organizations ste1,ste2... sten under server 1 and ste1,ste2... sten under server 2. Then the solution provided by you works when

1. Am trying to migrate the keys from ste1 of server 1 to ste1 of server 2

But it fails when am trying to migrate the keys from ste1 of server 1 to ste2 of server 1.

From what i understand APIGEE stores the key on the server itself and this key map remains the same for all organizations under that server. Is there a way/command with which we can access this key map on the server?