When I access our APIs with an api key that has an approval status of 'pending' in Edge, I'm seeing a InvalidApiKeyForGivenResource fault rather than a ApiKeyNotApproved fault, and have verified in trace that is the actual fault generated by the verify api key policy. Why, and how do I get the policy to respond with an accurate fault?
If you are on public cloud, could you please provide the API call (curl command) to reproduce the issue ?
If you are on private cloud, please do attach the screenshot showing the API key in pending state and trace file.
We will check and get back to you.
Regards,
Amar
@AMAR DEVEGOWDA , It's a feature that has been missing from Apigee Edge. Verify API Key Policy should report "ApiKeyNotApproved" instead of "InvalidApiKeyForGivenResource" fault message (error code). Issue is reproducible across Apigee Edge. You can try to check same.
Answer by Anil Sagar @ Google
·
Jun 05, 2016 at 06:00 PM
Yes, you are right. We can able to reproduce this issue. Ideally, It has to give error code like "ApiKeyNotApproved".
There is a work around to solve this use case using "Access Entity Policy" & "Raise Fault Policy" for custom error response.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <AccessEntity async="false" continueOnError="false" enabled="true" name="Access-Entity-1"> <DisplayName>Access Entity-1</DisplayName> <Properties/> <EntityIdentifier ref="request.queryparam.apikey" type="consumerkey"/> <EntityType value="app"/> </AccessEntity>
Answer by jws · Jun 20, 2017 at 07:40 PM
Was getting same InvalidApiKeyForGivenResource and found
helpful
,I noticed that I was getting an InvalidApiKeyForGivenResource error when trying to interact with a product that didnt have the environment enabled. The solution was to do a PUT as described here, with the environment specified in the post body. http://docs.apigee.com/management/apis/put/organizations/%7Borg_name%7D/apiproducts/%7Bapiproduct_name%7D
How to create test conditions for verify api key errors that are possible. 1 Answer
problem with the VerifyAPIKey policy: "Illegal repetition" error occurs 1 Answer
Known workaround for "Duplicate Header" issue 1 Answer
Handle Fault Rule for "messaging.adaptors.http.flow.ApplicationNotFound" 2 Answers
erro fetching virtual hosts; insufficient permissions 1 Answer