This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Product with no environment access can be used to call API in any environment

Posted on 06-26-2017 05:21 AM
Not applicable
Reply posted on --/--/---- --:-- AM

Hi Team,

I observed one thing on APIGEE which seems bit strange to me.

Steps I followed:

1. Created an API proxy with Verify API Key policy attached to it (Basically doing API key Verification only in the API).

5190-api1.png

2. Deployed it in dev & test environment.

3. Created a product with no environment selected which looks as follows:

5191-api2.png

4. Created an App "test-app"

Now as per my understanding. test-app should not be able to call the API as the product does not have access to any environment.

But when I make call to API I get 200 OK which should not be the case.

Does any one has any idea on this??

Thanks

0 2 176
Topic Labels
0 Likes
2 REPLIES 2

Posted on --/--/---- --:-- AM
bhatikuldeep
Silver 2
Silver 2
Reply posted on --/--/---- --:-- AM

hi @Vipul Agarwal, I tried same flow and found strange as well, I checked the documentation here - http://docs.apigee.com/developer-services/content/creating-api-products which says;

If you select no environments, the product allows access to all environments.

seems the way it is 🙂

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to bhatikuldeep
Reply posted on --/--/---- --:-- AM

Yeah, I see that. 😉

But should this be the case?

0 Likes