Webhooks supported for Key Expiry in Apigee Edge ? Can i setup rules to trigger when keys expires in Apigee Edge ?

Is there a way when the expiry of a key happens, another api or script gets called to do other cleanup tasks on another backend platform (ex. removal of user accounts, data, etc.)?

,

Is there a way when the expiry date/time happens, it also calls another api or script that does clean up or deletion work of user accounts and data on our backend platform?

Solved Solved
0 7 325
1 ACCEPTED SOLUTION

As far as I know, when key expires in Apigee Edge, Webhooks / Rules to auto trigger is not supported.

If your requirement is to clean up data in backend systems, You can leverage service callouts in API Proxies to trigger when expired key / token is detected in the API flow. Just add a service callout policy to fault rules in API flow which will call backend systems using backend APIs to delete the stale data.

You can learn more about fault handling & fault rules here. The only downside to this approach is additional API call to the backend for every expired token request.

Hope it helps someone looking for same. If anyone has a better answer, Please feel free to post here.

View solution in original post

7 REPLIES 7

As far as I know, when key expires in Apigee Edge, Webhooks / Rules to auto trigger is not supported.

If your requirement is to clean up data in backend systems, You can leverage service callouts in API Proxies to trigger when expired key / token is detected in the API flow. Just add a service callout policy to fault rules in API flow which will call backend systems using backend APIs to delete the stale data.

You can learn more about fault handling & fault rules here. The only downside to this approach is additional API call to the backend for every expired token request.

Hope it helps someone looking for same. If anyone has a better answer, Please feel free to post here.

@Anil Sagar

Makes sense! But is there a way to make a default expiry date based on the create date of a default app when a user registers?

Thanks for your help!

@mike yang ,Yes, It's possible. Apigee Developer Portal supports same. You can set default number of days in "admin/config/devconnect/apps". It applies to all the apps created in Developer Portal.

3916-screen-shot-2016-11-11-at-95253-pm.png

If you would like to auto create default apps when User Registers & set default expiry date, It needs to be a customisation which can be implemented in Developer Portal quickly using a custom module by leveraging the core devconnect modules. Needs little bit of Drupal Knowledge. Probably 8 - 12 hours of work for someone who knows Drupal module development.

@Anil Sagar

This wasn't obvious in the documentation, so thank you.

Just for a little clarity for me, when you say, applies to all apps created in the developer portal. You mean just for the particular environment, not for all environments. Correct? So if i were to set this as default, it would only apply, for instance, in "Test". Correct? or are you saying regardless of environment?

Also, I'm assuming we can always manually extend or remove the expiry date for any keys. Correct?

Is there documentation on guidance on how to go about this customization in drupal? Like which module to edit, etc.

@mike yang ,

For the particular environment, not for all environments. Correct? So if i were to set this as default, it would only apply, for instance, in "Test". Correct? or are you saying regardless of environment?

  • Apps are in general not tied to the environment directly, API Products can be configured environment specific. By default, when you set Credential Lifetime in portal, It applies to all the apps & associated products. It's the default behavior in Apigee portal. I believe you are talking about Apigee Edge Environment.
  • Above default behavior can be customized by building custom modules in portal.

If you are talking about developer portal environment,

  • It applies to all apps that are created in org to which portal is connected.

Also, I'm assuming we can always manually extend or remove the expiry date for any keys. Correct?

  • Ideally, If you use OAuth Refresh tokens , You will extend the access time by generating the new access tokens without the need of end user credentials.
  • You cannot extend the client key & secret once it's created. But, You can extend by creating new set of client key & secret.

Is there documentation on guidance on how to go about this customization in drupal? Like which module to edit, etc.

  • You should not edit any existing module, You will create custom modules & hook into other modules functionality using Drupal hooks. Again, It needs Drupal Module development expertise. Apigee Custome Success team / Apigee partners are happy to help you implementing your custom workflows in Developer Portal.

Hope it helps.

@mike yang ,

Also, You can leverage Developer Attributes / App Attributes to store expiry date of app & use the same in runtime to restrict access to the API. It's the other way to solve the same problem. Hope it helps.

bdavolls
Participant II

Not available in Edge online then I am guessing... I'm thinking in Edge we would need to apply a policy to each api - but this would not be visible to the end-user (unless we explicitly call it out).