This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

2 API products containing 1 API proxy in common, are assigned to 1 Developer App, What API product will be populated in OAuth 2 flow variables?

Posted on 04-06-2016 09:38 PM
Not applicable
Reply posted on --/--/---- --:-- AM

Imagine you have API proxy "APIPROXY" happily deployed on an org and environment.

APIPROXY has an Oauth 2 Verify Access Token Policy.

Then, you create 2 different API products:

  • API Product A
  • API Product B

BOTH containing same APIPROXY in same Environment, maybe different Rate limit settings.

Then you create a Developer App "MYAPP" and grant access to BOTH

  • API Product A
  • API Product B

Then, get an OAuth access token using "MYAPP"s client_id / client_secret and try to access "APIPROXY"

Assuming authentication of access token went OK, what would be populated in the API product flow variables given the ambiguity that the APIPROXY is in 2 different API products for the same App?

2 9 1,014
Topic Labels
9 REPLIES 9

Posted on --/--/---- --:-- AM
anilsr
Staff
Reply posted on --/--/---- --:-- AM

Great Question @roberto.navas@millicom.com , Check comments in this answer which talks about same issue. @Vinit Mehta gave some answers regarding same.

Posted on --/--/---- --:-- AM
Not applicable
In response to anilsr
Reply posted on --/--/---- --:-- AM

Thanks, I read that thread, however I see they recommend to use Access Entity Policy.... we found -the hard way- this is a BAD idea, since that policy is not optimized for high traffic... above 100K request per hour, it started to add ~1000 to 3000 msecs to the Proxy Response Time, just processing that policy.

In addition to that, it seems that policy returns an XML document, which needs another policy just to Extract the data you want from the XML to Flow variables.

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

Hello roberto.navas@millicom.com,

In this case, you should be able to get any one of them at random. To get all the products you need to apply verify api key policy or access entity policy.

0 Likes

Posted on --/--/---- --:-- AM
DChiesa
Staff
Reply posted on --/--/---- --:-- AM

Interesting Question.

My answer is going to be a little bit different: Don't DO THAT!

DO NOT design your system so that a single proxy is in multiple products, and those multiple products are both authorized for a single developer app.

Eliminate the multiplicity, somewhere in the chain. It will make your life simpler.

Posted on --/--/---- --:-- AM
Not applicable
In response to DChiesa
Reply posted on --/--/---- --:-- AM

This is what I thought.... Apigee EDGE lets you do this, but it does not make much sense... Another issue would be that the Rate-limit may be different in API Product A vs. API Product B... so if the same App Developer has both API products, it is not clear which Rate limit to apply.

I'm looking for what Apigee engineers think about this?

0 Likes

Posted on --/--/---- --:-- AM
krishnanataraja
New Member
In response to DChiesa
Reply posted on --/--/---- --:-- AM

@Dino is this ok to do if the products are deployed in different environments?

0 Likes

Posted on --/--/---- --:-- AM
dchiesa1
Staff
In response to krishnanataraja
Reply posted on --/--/---- --:-- AM

It would not result in the uncertainty we've discussed.

As long as you (and the rest of the team) are not confused by the relationship, it won't be a problem.

ps: we don't speak of deploying products to environments. In Apigee Speak, you enable an API Product on environments. But I get your point!

0 Likes

Posted on --/--/---- --:-- AM
krishnanataraja
New Member
In response to krishnanataraja
Reply posted on --/--/---- --:-- AM

Got it thanks.

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

I think it should show array of products.

0 Likes