preventing access to prod environment

Report Inappropriate Content · 01-17-2018 07:59 AM

Hi everyone

I have a sandbox and production environment which belongs to Prod-Org. I have created a ProductA in both Sadbox and production environment. Also i have created a App with an API key for an external developer and given access to ProductA.

Using the APIkey generated, the developer should access product A in sandbox. But he should not be allowed to access productA in production environment. my understanding is external developer with APP and apikey could access both sandbox proxyendpoint and production endpoint. How to prevent this. Please provide me the possible options to prevent access to production environment unless and until product owner approves it for the particular product

Thanks

Roshith

sidd-harth

Hi @Roshith valappil, Sandbox and production environments will be having their own URLs to access. So basically if you want the external developer to access Sandbox environment, you can only expose the sandbox proxy endpoint to the developer.

Within ORG you can create PRODUCTS.
Within PRODUCTS you will have API Proxies
Within PRODUCTS you also have an option for key approval method(manual/automatic). If you select manual, then when a developer request for App access, you need to approve the request.

IMO it is not a good practice for the API Developer to create Apps & Generating Keys for external developers.

You can make use of developer portal where,

You can expose your API Proxies with documentation
External developers would create an account & request access for an app
If the key approval method is manual, you should approve the request & then only the external developer will get the Keys to make API calls.