Dear all,
I have read the Edge API reference (http://apigee.com/docs/management/apis). I see there that I can access the API with an organizational account (basic auth).
I'm looking for a way to access the API with a developer.
Use cases:
I know that these use cases are achieved/provided with the developer portal but I like to access the information as developer and not as Edge manager (like in developer portal) over an API call.
I also like to avoid building/using any kind of a backend. For example just a webclient/postman which access the API directly only knowing developer informations.
Thanks for your help and any replies
David Weber
Solved! Go to Solution.
I can think of a preliminary design to accomplish this.
You can proxy the specific management API calls which you want to expose to your developer. THe proxy which you create will have a credential mediation logic. i.e. It will have expose a different set of credentials on the northbound side i.e the the endpoint exposed to your developer than the southbound side. On the southbound side as you noticed it will need EDGE administrator credentials.
So now with this you are able to expose a small subset of APIs to your developers and also hide the EDGE admin credentials from them.
But then the next question become what credentials your developer should use to access the APIs ? This is where it becomes more tricky.
If you are using an external SSO server for your developers to log into developer portal then this is easy. For eg. If you are storing the developer credentials in an external LDAP or an external database, or in Apigee BaaS or are using google/facebook/your internal SSO server as a SSO store or an OpenID provider then you can simply tie it back as the auth mechanism for the credential mediation on the north bound in your proxy.
However if you are using developer portal's inbuilt user store then I think you will need to implement something like this : https://www.drupal.org/project/openid_provider which will turn your drupal site into an OpenID provider and that openID to do the credential mediation in your proxy.
There might be other better designs for what you are hoping to achieve but this is just my 2 cents.Hope this helps.
I can think of a preliminary design to accomplish this.
You can proxy the specific management API calls which you want to expose to your developer. THe proxy which you create will have a credential mediation logic. i.e. It will have expose a different set of credentials on the northbound side i.e the the endpoint exposed to your developer than the southbound side. On the southbound side as you noticed it will need EDGE administrator credentials.
So now with this you are able to expose a small subset of APIs to your developers and also hide the EDGE admin credentials from them.
But then the next question become what credentials your developer should use to access the APIs ? This is where it becomes more tricky.
If you are using an external SSO server for your developers to log into developer portal then this is easy. For eg. If you are storing the developer credentials in an external LDAP or an external database, or in Apigee BaaS or are using google/facebook/your internal SSO server as a SSO store or an OpenID provider then you can simply tie it back as the auth mechanism for the credential mediation on the north bound in your proxy.
However if you are using developer portal's inbuilt user store then I think you will need to implement something like this : https://www.drupal.org/project/openid_provider which will turn your drupal site into an OpenID provider and that openID to do the credential mediation in your proxy.
There might be other better designs for what you are hoping to achieve but this is just my 2 cents.Hope this helps.
User | Count |
---|---|
7 | |
2 | |
2 | |
2 | |
1 |