Fixed BASIC AUTH at the backend, api key at the pr...

Report Inappropriate Content · 11-21-2016 12:59 PM

Hi,

I am very new to apigee and currently trying to setup an proxy with intercom at the backend. I want to implement fixed backend authorization via a personal access token which needs to be sent in as the username of BASIC AUTH (https://developers.intercom.com/v2.0/docs/personal-access-tokens). It the proxy, I want the consumer to send in a fixed API key. How should I realize this in apigee edge?

I was trying to add a basic auth policy to target pre-flow where I entered the personal access token as the username and leaving blank the password. Unfortunately, apigee won't let me leave the password blank.

Second question is, how to setup the API key for the consumer. I understood, that I have to add a verify API key policy to proxy pre-flow, but i wasn't able to get that working anyways.

Can someone give me a quick ramp up of how to basically setup this kind of implementation?

Thanks,

Michael

ssvaidyanathan

Hi @Michael Schramm

Welcome to the community !!!

The basic auth policy requires both username and password. Both these values needs to be passed as variables to this policy using the "ref" attribute.

For your use case, what you could do is, have a javascript policy before the Basic Auth policy with the following code where you set a flow variable to

context.setVariable("somePrefix.username", "your_PAT");
context.setVariable("somePrefix.password", "");

And in your Basic Auth policy

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<BasicAuthentication async="false" continueOnError="false" enabled="true" name="Basic-Authentication-1">
    <DisplayName>Basic Authentication-1</DisplayName>
    <Operation>Encode</Operation>
    <IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
    <User ref="somePrefix.username"/>
    <Password ref="somePrefix.password"/>
    <AssignTo createNew="true">request.header.Authorization</AssignTo>
</BasicAuthentication>

The encoded value is then set to the Authorization as header.

Let me know if this works !!!

anilsr

Dear @Michael Schramm ,

Welcome to Apigee Community, Great Questions. Please find answers below.

Regarding, I was trying to add a basic auth policy to target pre-flow where I entered the personal access token as the username and leaving blank the password. Unfortunately, Apigee won't let me leave the password blank.

Yes, That's correct. Apigee BasicAuthentication policy expects you to provide reference to the password variable. You can create custom flow variables using Javascript as mentioned by @Sai Saran Vaidyanathan.
You can also use KVM to store intercom personal access token & retrieve same during runtime using KVM policy.
JS policy is a simple way to solve this problem. Please find snippet of JS Policy script contents.

 context.setVariable("intercomPassword", "");
 context.setVariable("intercomUsername", "XXXXXXXXXXXXXXX");

Use Basic Authentication Policy to set Authorization header.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<BasicAuthentication async="false" continueOnError="false" enabled="true" name="Basic-Authentication-1">
    <DisplayName>BA-UpdateTargetAuthorization</DisplayName>
    <Operation>Encode</Operation>
    <IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
    <User ref="intercomUsername"/>
    <Password ref="intercomPassword"/>
    <AssignTo createNew="true">request.header.Authorization</AssignTo>
</BasicAuthentication>

Second question is, how to setup the API key for the consumer. I understood, that I have to add a verify API key policy to proxy pre-flow, but i wasn't able to get that working anyways.

You need to first create API Product & add above proxy resources. You can find more about same here.
Once you create the API Product, Create an App to generate keys. Use the key to make an API call.

Keep us posted if you have any queries.

Fixed BASIC AUTH at the backend, api key at the proxy