This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Verify API Key policy vs Get OAuth V2 Info

Posted on 12-05-2016 02:49 AM
Not applicable
Reply posted on --/--/---- --:-- AM

I used Verify ApiKey policy in order to validate an apikey and it works when it match an approved key in the Developer App associated with API proxy through a Product.

This causes me some problems because if I have hundreds Apps, I don't want put the Product that contains the API proxy in each App, so I tried to use Get OAuth V2 Info policy passing the apikey in input. The result is that if the apikey is incorrect I get this error "ClientId is Invalid" otherwise no error happened.

Is this approach correct?

Thanks,

Fabio

@bantobanto

0 3 473
Topic Labels
0 Likes
3 REPLIES 3

Posted on --/--/---- --:-- AM
schhatwal
New Member
Reply posted on --/--/---- --:-- AM

@Fabio Vassallo Do you have multiple apps built using the same product ? If this is the case you should have an apikey per app which needs to be passed in the input.

Please clarify how are you using the Get Oauth v2 Info in this case and under what situation are you getting an "invalid key error"

Thanks

Saurabh Chhatwal

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to schhatwal
Reply posted on --/--/---- --:-- AM

Hi @schhatwal,

I have an API_proxy_Y->Product_X->App_A that is responsible to validate the apykey.

Now I have several App_B.....App_N and i would validate their apikey using API_proxy_Y but I would not put Product_X in each App_B.....App_N

With this scenario it doesn't work using Verify ApiKey policy in the API_proxy_Y because i get "InvalidApiKeyForGivenResource" error, while if I use Get Oauth v2 Info policy in this way:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <GetOAuthV2Info name="GetServiceInfo" async="false" continueOnError="false" enabled="true"> <DisplayName>GetServiceInfo</DisplayName> <ClientId ref="request.queryparam.client_id"/> </GetOAuthV2Info>

I retrieve the info (like appName, developerEmail, etc.) if the apikey exists and I get the error "ClientId is Invalid" when the apikey doesn't exists.

Thanks,

Fabio

0 Likes

Posted on --/--/---- --:-- AM
schhatwal
New Member
Reply posted on --/--/---- --:-- AM

@Fabio Vassallo You can use GetOauthInfo or VerifyApiKey policy to get the App Info or ApiKey validation. Apigee returning an error response on using a bad apikey is normal.

Refer screenshot below in which I have used both policies as a test to highlight the usage.

Supplying the correct API key is critical to success

4035-screen-shot-2016-12-07-at-124724-pm.png

0 Likes