Verify api key not reporting api key not approved

Not applicable

When I access our APIs with an api key that has an approval status of 'pending' in Edge, I'm seeing a InvalidApiKeyForGivenResource fault rather than a ApiKeyNotApproved fault, and have verified in trace that is the actual fault generated by the verify api key policy. Why, and how do I get the policy to respond with an accurate fault?

2 4 2,090
4 REPLIES 4

@George Shaw,

If you are on public cloud, could you please provide the API call (curl command) to reproduce the issue ?

If you are on private cloud, please do attach the screenshot showing the API key in pending state and trace file.

We will check and get back to you.

Regards,

Amar

@AMAR DEVEGOWDA , It's a feature that has been missing from Apigee Edge. Verify API Key Policy should report "ApiKeyNotApproved" instead of "InvalidApiKeyForGivenResource" fault message (error code). Issue is reproducible across Apigee Edge. You can try to check same.

@George Shaw ,

Yes, you are right. We can able to reproduce this issue. Ideally, It has to give error code like "ApiKeyNotApproved".

There is a work around to solve this use case using "Access Entity Policy" & "Raise Fault Policy" for custom error response.

  • Use Access Entity Policy to retrieve APP information with Product Status
  • Use custom javascript to determine your APP Key status for particular product
  • Use Raise Fault Policy to set custom error message.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AccessEntity async="false" continueOnError="false" enabled="true" name="Access-Entity-1">
    <DisplayName>Access Entity-1</DisplayName>
    <Properties/>
    <EntityIdentifier ref="request.queryparam.apikey" type="consumerkey"/>
    <EntityType value="app"/>
</AccessEntity>

Not applicable

Was getting same InvalidApiKeyForGivenResource and found

link to update product

helpful

,

I noticed that I was getting an InvalidApiKeyForGivenResource error when trying to interact with a product that didnt have the environment enabled. The solution was to do a PUT as described here, with the environment specified in the post body. http://docs.apigee.com/management/apis/put/organizations/%7Borg_name%7D/apiproducts/%7Bapiproduct_na...