Edge management API access with a developer account

Not applicable

Dear all,

I have read the Edge API reference (http://apigee.com/docs/management/apis). I see there that I can access the API with an organizational account (basic auth).

I'm looking for a way to access the API with a developer.

Use cases:

  • If I'm a developer and I like to see all my APIs/Apps over a rest-call
  • If I'm a developer and I like to see on which companies I have access over rest-call

I know that these use cases are achieved/provided with the developer portal but I like to access the information as developer and not as Edge manager (like in developer portal) over an API call.

I also like to avoid building/using any kind of a backend. For example just a webclient/postman which access the API directly only knowing developer informations.

Thanks for your help and any replies

David Weber

Solved Solved
0 1 329
1 ACCEPTED SOLUTION

sarthak
Participant V

I can think of a preliminary design to accomplish this.

You can proxy the specific management API calls which you want to expose to your developer. THe proxy which you create will have a credential mediation logic. i.e. It will have expose a different set of credentials on the northbound side i.e the the endpoint exposed to your developer than the southbound side. On the southbound side as you noticed it will need EDGE administrator credentials.

So now with this you are able to expose a small subset of APIs to your developers and also hide the EDGE admin credentials from them.

But then the next question become what credentials your developer should use to access the APIs ? This is where it becomes more tricky.

If you are using an external SSO server for your developers to log into developer portal then this is easy. For eg. If you are storing the developer credentials in an external LDAP or an external database, or in Apigee BaaS or are using google/facebook/your internal SSO server as a SSO store or an OpenID provider then you can simply tie it back as the auth mechanism for the credential mediation on the north bound in your proxy.

However if you are using developer portal's inbuilt user store then I think you will need to implement something like this : https://www.drupal.org/project/openid_provider which will turn your drupal site into an OpenID provider and that openID to do the credential mediation in your proxy.

There might be other better designs for what you are hoping to achieve but this is just my 2 cents.Hope this helps.

View solution in original post

1 REPLY 1

sarthak
Participant V

I can think of a preliminary design to accomplish this.

You can proxy the specific management API calls which you want to expose to your developer. THe proxy which you create will have a credential mediation logic. i.e. It will have expose a different set of credentials on the northbound side i.e the the endpoint exposed to your developer than the southbound side. On the southbound side as you noticed it will need EDGE administrator credentials.

So now with this you are able to expose a small subset of APIs to your developers and also hide the EDGE admin credentials from them.

But then the next question become what credentials your developer should use to access the APIs ? This is where it becomes more tricky.

If you are using an external SSO server for your developers to log into developer portal then this is easy. For eg. If you are storing the developer credentials in an external LDAP or an external database, or in Apigee BaaS or are using google/facebook/your internal SSO server as a SSO store or an OpenID provider then you can simply tie it back as the auth mechanism for the credential mediation on the north bound in your proxy.

However if you are using developer portal's inbuilt user store then I think you will need to implement something like this : https://www.drupal.org/project/openid_provider which will turn your drupal site into an OpenID provider and that openID to do the credential mediation in your proxy.

There might be other better designs for what you are hoping to achieve but this is just my 2 cents.Hope this helps.