Custom authentication with Service REST,Custom API KEYs with REST API

Not applicable

We have some REST APIs that are consumed by MOBILE clients.


Among them are two authentication scenarios:

1) Depend on credentials that are in Active Directory (LDAP). This is OK, because APIGee already allows this integration.

2) In the other scenario, the API uses a REST service that executes the Login (user authentication and password), when calling an endpoint passing login and password it returns me HTTP Status 200, otherwise it could be 404 or 403.

I would like to know if it is possible to develop a customization to deploy this rule and allow these users to log in and create an acess_token.

thank you

Solved Solved
1 3 929
1 ACCEPTED SOLUTION

@Flaviano Oliveira Silva , Welcome to Apigee Community.

Yes, It's simple. You can use a service callout policy before oAuth token generation policy to validate user credentials. It should be straight forward.

Keep us posted if any.

View solution in original post

3 REPLIES 3

@Flaviano Oliveira Silva , Welcome to Apigee Community.

Yes, It's simple. You can use a service callout policy before oAuth token generation policy to validate user credentials. It should be straight forward.

Keep us posted if any.

Hello Anil Sagar, thanks for the answer.

Important this user only exists in the REST service, it is not registered in the LDAP base.
For internal users it will authenticate using LDAP credentials, for external users it will be a (code number) and a password.
This API Management will need to understand this flow.

So I can do this customization?

@Flaviano Oliveira Silva , Absolutely you can do that.

You can use conditional flows as well as conditional policies. You will have full control of request & response in Apigee API Proxy. For example, Let's say internal user you will differential by user name email domain name, you can check for same & execute ldap policy. If not, You can make a call to service callout policy. Apigee supports concept of flow variables like request header, query params, form params, payload & custom variables. Using these variables you can conditionally execute policies or create custom API runtime flows.

Give it a try, Keep us posted any time.