How do you read the scopes associated with an API key's product?

Not applicable

I see from the VerifyAPIKey docs that the variable verifyapikey.{policy_name}.app.scopes gets populated with the scopes associated with the API key's products. Thats exactly what I need, however I can't figure out how to read this from javascript.

print(typeof scopes)
>> object
print(scopes.length)
>> 0
print(scopes.toString())
>> [Ljava.lang.String;@3b9903d5
print(scopes[0])
>> undefined

The product I have associated with the developer app has a scope of "testscope" setup so I expect to get an array with one item in it. It looks like I'm being given a Java array and I'm not sure how to access this from the Javascript.

How can I access the scopes associated with an API key?

1 2 705
2 REPLIES 2

Not applicable

Hello @Jonathan.Hill,

There is an alternate solution available.

After the verify API key is passed, you would get the name of the product in "verifyapikey.{Policy Name}.apiproduct.name".

Then pass this parameter in the Access Entity Policy and get the associated product details. You can find details about access entity policy here

The code should look like:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AccessEntity async="false" continueOnError="false" enabled="true" name="GetApiProduct">
    <Properties/>
    <EntityType value="apiproduct"></EntityType>
    <EntityIdentifier ref="verifyapikey.{Policy Name}.apiproduct.name" type="apiproductname"/> 
</AccessEntity>

Hope this helps !

Hello

This solution works only when the api key is associated with only 1 product

If I have a product1 with scope1 and scope2 and a product2 with scope3 scope4 for the same API key, this method only retreives scopes of one product not both.

You can retreive all scope list only when you generate the opaque token with the OAuthV2 policy.

If I generate a JWT instead I never have the global scope list !

2 questions :

- why the VerifyAPIKey doen't populate the global scope list?

- how can I get it if I use JWT