We have two developer Apps one each for App and Web API calls namely "App" and "Web App" for the same API proxy.
How do we make sure that Web based API calls uses the API key of developer App of Web and not the App API key of App Developer App and vice versa ?
Please advice how to accomplish this requirement.
As we know the VerifyAPIKey policy doesn't validate whether the consumer key is coming from a specific developer app or not. It just validates that the consumer key is part of the developer app associated with specific API Product that is associated with a specific API Proxy.
So to achieve the requirement we can try using the following steps:
var uastr = context.getVariable("request.header.User-Agent"); var developerAppName = context.getVariable("verifyapikey.VerifyAPIKey.developer.app.name"); if (uastr == "Web" && developerAppName == "WebApp") { print("success"); return; } if (uastr == "App" && developerAppName == "App") { print("success"); return; } throw error; // Add appropriate error response with an HTTP response code here<br>
I think a better approach would be to make use of the API products. Please refer the docs for more info, particularly the section that talks about configuring the resource paths.
User | Count |
---|---|
7 | |
2 | |
2 | |
1 | |
1 |