This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

APIKey issue

Posted on 10-10-2016 11:56 PM
Not applicable
Reply posted on --/--/---- --:-- AM

Hi All,

So here is the problem am facing.

I have two API proxies. Lets say, they are proxy_1 and proxy_2. Both proxies have its own API key verification policy enabled. Now I have 2 developers. I added developer_1 to use my proxy_1.

This is working fine. But however, he is also able to get results from proxy_2. Keep in mind that I have added only proxy_1 to developer_1. Can somebody tell me what's wrong here?

Regards,

Arun

0 5 185
Topic Labels
0 Likes
5 REPLIES 5

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

Hello @Arun Babu,

Can you please let me know, how the developer app is associated with API products ? This would happen, only if you have added associated the product(s) associated with the api proxies with the developer app.

Ideally you should do the following:

1. Create Product 1 with API Proxy 1

2. Create Product 2 with API Proxy 2

3. Associate your develop app with which API proxy(s) you want. Meaning, if you want Developer App A to access only API Proxy 1, then associate the Developer App A with API Proxy 1. If you want Developer App A to access both API Proxy 1 and 2, then associate the Developer App A with API Proxy 1 and 2. Developer App A to access only API Proxy 1 and Developer B to access API Proxy 2, then associate the Developer App A with API Proxy 1 and Developer App B with API Proxy 2.

Please let me know, if you have a separate configuration in place.

Hope this helps.!

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to
Reply posted on --/--/---- --:-- AM

Hi @Meghdeep Basu,

In my case, I have proxy_1_product for API proxy 'proxy_1' and proxy_2_product for API proxy 'proxy_2'. I have a developer app named 'developer_app_1' in which I have added only proxy_1_product. This configuration is working fine.

But using the API key for developer_app_1, am able to hit proxy_product_2 (Which I didn't added to the developer_app_1) and I was expecting an invalid API key error, but instead it was going though the API proxy and showing the result. However this API key is working fine proxy_2_product.

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to
Reply posted on --/--/---- --:-- AM

Can you please share the configuration snapshot (of developer app, products, name of api proxies), api proxy bundle and the trace while accessing proxy 1 and proxy 2 ?

0 Likes

Posted on --/--/---- --:-- AM
DChiesa
Staff
In response to
Reply posted on --/--/---- --:-- AM

I suspect this is an instance of a bug - APIRT-3466 .

0 Likes

Posted on --/--/---- --:-- AM
sunandita_dam
New Member
Reply posted on --/--/---- --:-- AM

Hi @Meghdeep Basu

You can check for these flow variables in the trace:

- verifyapikey.{policy_name}.app.name

- verifyapikey.{policy_name}.apiproduct.name

This will give visibility of consumer app name which is making the request and product information which is used. So if your API access is getting through that means its associated with the consumer app(developer.app.name).

0 Likes