This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Does Apigee know if an API request comes from a specific app, or can someone use a key for one app in 50 places?

Posted on 01-21-2016 05:38 AM
Not applicable
Reply posted on --/--/---- --:-- AM

Hello,

Given the following statement from the documentation:

"Developers register apps to access your API products. When a developer registers an app, the developer selects the API products to associate with the app and Edge generates an API key. Each app has a single API key that provides access to all API products associated with the app."

We need to know if there's a way for Apigee to know what app actually made the call. What's stopping the client who has access to an API product from using the same calls in 50 other mobile apps and 100 other websites that they create?

1 2 485
Topic Labels
2 REPLIES 2

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

Hi @Johnathan Wells

API call runs from anywhere if the client makes the call as defined with valid key. API key has to be issued and used in implementation securely. However we may never know that our key( client id & secret ) is already being abused.

Prevention - One of the approach is already mentioned by you i.e While the key is registered capture the Source IP Range or Allowed domains from which the key will be used. Implement the same in the API flow to authorize the call.

Sense - Apigee Sense uses sophisticated machine learning algorithms to continuously analyze billions of API calls, identify adaptive threats and take action against bad "bots", which is 20-25% of all internet traffic.

@Sanjoy Bose @Subrak can you please share your thoughts here.

0 Likes

Posted on --/--/---- --:-- AM
anilsr
Staff
Reply posted on --/--/---- --:-- AM

@Johnathan Wells , Welcome to Apigee Community 🙂

0 Likes