Solved: Restrict API Call

gopaldurgoji · 01-23-2018 03:05 AM

Hi All,

Im using OAuth-Password grant type, once my client secret and client id is validated , Im calling a service callout(/ValidatePin) to validate the username and password from the server side which is working fine.

My question is how can I restrict the /ValidatePin call directly say http://osa-staging.osapi.com/ValidatePin , it should be only accessable through service callout .

anilsr

@Gopal D J ,

It can be as simple as sending a secret (random 32 bit id) as queryparam or header from service callout & validating it in /ValidatePin conditional flow so that only a service callout which sends the id can make an API call.

Hope it helps.

--------------------------------------------------------------

Anil Sagar

Learn Apigee Concepts in 4 Minutes HandsOn

View solution in original post

anilsr