Enabling/disabling the API policy at runtime

karlapudiravi
Participant III

Hi All,

How can I enable/disable the API policy(using policy property “true/false”) at runtime? I have not been able to locate a Management API which can perform such an update.

I am aware that the config.json in the Apigee Maven build can update this property and it works perfectly. However, the Maven build generates a new proxy version and deploys it to the runtime.

I prefer a solution which does not generate a new build.

Any suggestions on how the above can be implemented? As an alternative, I plan to implement the above scenario by using a flag in the KVM and enabling/disabling the policy by inspecting the flag.

Is there a way in which the policy property can be leveraged?

Regards,

Ravi

0 9 1,228
9 REPLIES 9

@ravi kumar karlapudi , Why not use policy conditions to execute or not execute a particular policy based on flow variables ?

@Anil Sagar i have to do it on demand basis.

Can you explain "on demand basis"? ... Any change to the policy configuration requires deploying the updated proxy to take effect. So changing those configurations might not be a good idea. If you could describe your use-case, it will help us see if there is a way to do it.

@sudheendra, My use-case is, the proxy is made available to client (with the API Key validation disabled), some time down the line when the client is ready to send the API Key that time we need to do the enable the API key validation.

It's not ideal to expose an API without the API key check. However to meet you requirements, you could do this - till your clients are ready do not attach the Verify API key policy. When you think you are ready, attach the policy and redeploy. All subsequent calls validate the API key.

If this is only for a selected clients, then you could follow Dino's recommendation of wrapping policy in a conditional statement. Remove this condition when ready to send the API key.

Is there a way in which the policy property can be leveraged?

No. The "enabled" attribute on the policy works, but does not accept a variable reference. The value must be a hard-coded true or false. Example:

<VerifyAPIKey name='VerifyAPIKey-1' enabled='true'>
  <APIKey ref='request.header.key'/>
</VerifyAPIKey>

The way you have described doing it - a flag in KVM and a Condition wrapped around the policy step - is the right way.

Is there any problem with this approach? Is it not satisfactory for some reason?

Thanks @Dino, even i have the same opinion, i just want to check whether any other possible ways to implement.

@ravi kumar karlapudi , @Dino 's question is why do you need another way ? You still haven't answered that !

@Anil Sagar, if we use KVM - we have to use the management API to update the value and in the proxy, i have to read KVM value and execute the policy based on the condition. I wanted to avoid reading KVM value and condition check of all the requests. i wanted to know whether there is any other way to enable/disable the policy so that i can avoid the extra steps.