Access callback URL using apikey of different Developer App

We have a asynchronous pattern where App consumer is sending request & got an acknowledgement. After some time provider need to send back a callback response to App consumer. To send callback response, App consumer needs to share it's callback URL. 2 options

1. Share the callback URL (as a APIGEE proxy end point) as part of request payload.

2. Configure callbackUrl during Dev App creation. Based on apikey, let APIGEE retrieve callbackUrl from Dev App configuration and then forward the payload to this callbackUrl (dynamically identify target end point).

I know how to design & implement option 1 but option 2 is not working.

I am using "Verify API Key" policy in callback proxy. Passing "apikey" of a different Developer App e.g. DevApp2 (than what I used to authenticate) as a header parameter. After "verify api key" policy executed, I am expecting Edge to populate

verifyapikey.{policy-name}.app.callbackUrl variable with info from DevApp2.

Problem 1:

At present it is populating this variable based on apikey used for authentication. I need this variable to be initialized with DevApp2 callbackUrl.

Problem 2:

How to configure proxy to forward the request on this DevApp2 callbackUrl (as target endpoint)?

I would appreciate any help.

0 1 1,129
1 REPLY 1

I'm not clear on the problem you're having. Let's restate the basics, though, and maybe we can figure it out.

When you have a VerifyApiKey policy in the Apigee Edge api proxy, that policy will populate a set of variables, including

  1. one context variable for each custom attribute configured for the Client App that owns the API key. The format of the names of these variables is:

    developer.app.{custom_attribute_name}
  2. one context variable for each custom attribute configured on the API Product. The format of these names is:

    apiproduct.{custom_attribute_name}

You wrote:

I am using "Verify API Key" policy in callback proxy. Passing "apikey" of a different Developer App e.g. DevApp2 (than what I used to authenticate) as a header parameter.

Different developer app? Different from what? It sounds to me that you want the VerifyApiKey policy to populate custom variables to hold the values of attributes that belong to a client app, that is DIFFERENT than the one that owns the API key. That's not gonna happen.

Suppose I have this configuration:

client appapi keycustom attribute (A)cust. attr. (B)
app1ABCDEFGblueoaktree
app2XYZ123greenrattlesnake

If you call VerifyApiKey on key = ABCDEFG, then you will get the values of two custom attributes, A and B, populated into variables called "developer.app.A" and "developer.app.B", with values "blue" and "oaktree", respectively. You will not get variables to hold the values of "green" and "rattlesnake", since the corresponding key (XYZ123) was not verified.

I am confused as to what you are doing and what you are expecting. Maybe you can clarify.