{ Community }
  • Academy
  • Docs
  • Developers
  • Resources
    • Community Articles
    • Apigee on GitHub
    • Code Samples
    • Videos & eBooks
    • Accelerator Methodology
  • Support
  • Ask a Question
  • Spaces
    • Product Announcements
    • General
    • Edge/API Management
    • Developer Portal (Drupal-based)
    • Developer Portal (Integrated)
    • API Design
    • APIM on Istio
    • Extensions
    • Business of APIs
    • Academy/Certification
    • Adapter for Envoy
    • Analytics
    • Events
    • Hybrid
    • Integration (AWS, PCF, Etc.)
    • Microgateway
    • Monetization
    • Private Cloud Deployment
    • 日本語コミュニティ
    • Insights
    • IoT Apigee Link
    • BaaS/Usergrid
    • BaaS Transition/Migration
    • Apigee-127
    • New Customers
    • Topics
    • Questions
    • Articles
    • Ideas
    • Leaderboard
    • Badges
  • Log in
  • Sign up

Get answers, ideas, and support from the Apigee Community

  • Home /
  • Edge/API Management /
avatar image
0
Question by AKumar15 · Dec 17, 2015 at 06:46 AM · 310 Views ip addressverify api keyaccess control policy

How we can restrict access for a particular product requests with a fixed ip address

I want to setup a client sandbox, to test configured APIs. So requirement is like check the api key or product if it belongs to sandbox product, then check for request, it is coming from which server. If ip address or domain is not equal to my sandbox server, unauthorize the request with 401 and invalid domain request error.

Comment
Add comment
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by Apigeeks only
  • Viewable by the original poster
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Close

2 Answers

  • Sort: 
avatar image
0

Answer by Marc Schreuder · Dec 17, 2015 at 03:09 PM

Hi @AKumar15 take a look at the Access Control Policy, this will enable you to restrict to a specific IP address access.

Comment
Add comment Show 1 · Link
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by Apigeeks only
  • Viewable by the original poster
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image AKumar15 · Dec 17, 2015 at 09:23 PM 0
Link

Thanks for reply @mschreuder . I need to add IP restriction only if request.api_key == <sandbox_apikey OR sandbox_product>, else we need to allow access for requests coming from other products/api_key. So requirement is to check for IP only if sandbox api key is coming in request, else it would be open for other clients. I am not sure if we can do it by using only Access Control Policy, as it checks for IP and not providing any combination to use it with api_key as well.

avatar image
0

Answer by Marc Schreuder · Dec 17, 2015 at 09:59 PM

Experiment with adding a condition to the access control policy step, something like:

<Step>
   <Condition>"flow variable containing api_key"="sandbox api_key"</Condition>
   <Name>"AccessControlPolicy"</Name>
</Step>

Replacing "flow variable containing api_key" with whatever flow variable contains the api_key used in the incoming request and "sandbox api_key" with the sandbox api_key that you want to do the IP check on and "AccessControlPolicy" with the name of your Access Control Policy. This way the access control policy will only execute if the condition is met.

You could enhance it further to use kvm to store values like the sandbox api_key(s) and/or the ip addresses so that if those values changed you just update kvm rather than having to edit your proxy and re-depoly it

Here's a few other references that might also help:

Conditions

Verifying api keys

Flow variables

KeyValue Maps

Alternatively, you could create a javascript / java / python / node script to take care of that.

Comment
Add comment Show 1 · Link
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by Apigeeks only
  • Viewable by the original poster
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image AKumar15 · Dec 17, 2015 at 10:32 PM 0
Link

@mschreuder Thanks for detail information, it will help in fixing it quick. I will try it and update you by late evening. Thanks again.

Follow this Question

Answers Answers and Comments

29 People are following this question.

avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image

Related Questions

How to secure API for single partner. 3 Answers

Is it possible restrict API call based on request IP address? 1 Answer

How to specify an "Allow List" of URLs (not IPs using Access Control) in a Apigee Edge proxy 3 Answers

Tracking IP address for quota limit purpose 1 Answer

VerifyApikey policy did not populate variable verifyapikey.VerifyAPIKey.client_secret 1 Answer

  • Products
    • Edge - APIs
    • Insights - Big Data
    • Plans
  • Developers
    • Overview
    • Documentation
  • Resources
    • Overview
    • Blog
    • Apigee Institute
    • Academy
    • Documentation
  • Company
    • Overview
    • Press
    • Customers
    • Partners
    • Team
    • Events
    • Careers
    • Contact Us
  • Support
    • Support Overview
    • Documentation
    • Status
    • Edge Support Portal
    • Privacy Policy
    • Terms & Conditions
© 2021 Apigee Corp. All rights reserved. - Apigee Community Terms of Use - Powered by AnswerHub
  • Anonymous
  • Sign in
  • Create
  • Ask a question
  • Create an article
  • Post an idea
  • Spaces
  • Product Announcements
  • General
  • Edge/API Management
  • Developer Portal (Drupal-based)
  • Developer Portal (Integrated)
  • API Design
  • APIM on Istio
  • Extensions
  • Business of APIs
  • Academy/Certification
  • Adapter for Envoy
  • Analytics
  • Events
  • Hybrid
  • Integration (AWS, PCF, Etc.)
  • Microgateway
  • Monetization
  • Private Cloud Deployment
  • 日本語コミュニティ
  • Insights
  • IoT Apigee Link
  • BaaS/Usergrid
  • BaaS Transition/Migration
  • Apigee-127
  • New Customers
  • Explore
  • Topics
  • Questions
  • Articles
  • Ideas
  • Badges