This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

How can I have different permissions for resources ?

Posted on 02-21-2018 01:52 AM
Not applicable
Reply posted on --/--/---- --:-- AM

Bellow you can see my resource

<Flow name="get /v1/myresource">
       <Description/>
       <Request/>
       <Response/>
       <Condition>(proxy.pathsuffix MatchesPath "/v1/myresource") and (request.verb = "GET")</Condition>
</Flow>
<Flow name="options /v1/myresource">
        <Description/>
        <Request/>
        <Response/>
        <Condition>(proxy.pathsuffix MatchesPath "/v1/myresource") and (request.verb = "OPTIONS")</Condition>
</Flow>
<Flow name="put /v1/myresource/{Id}">
         <Description>Update myresource by id</Description>
         <Request>
            <Step>
              <Name>Verify-Api-Key</Name>
            </Step>
         </Request>
         <Response/>
         <Condition>(proxy.pathsuffix MatchesPath "/v1/myresource/*") and (request.verb = "PUT")</Condition>
</Flow>

How can I define different permissions for my resource? What I mean is with an Api key:

1) I want Dev A - App A just access the verb GET

2) I want Dev B- App B access GET and PUT

3) I want Dev C - App c access GET, OPTION, and PUT

Thank you very much for your help

Solved Solved
1 4 117
Topic Labels
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
adevegowda
Staff
Reply posted on --/--/---- --:-- AM

@Lucio Moraes,

I have recently posted an answer to a similar query here. I think you can use similar logic to achieve your use case. Please go through the community post and let me know if that helps.

View solution in original post

Jump to Solution
0 Likes
4 REPLIES 4

Posted on --/--/---- --:-- AM
adevegowda
Staff
Reply posted on --/--/---- --:-- AM

@Lucio Moraes,

I have recently posted an answer to a similar query here. I think you can use similar logic to achieve your use case. Please go through the community post and let me know if that helps.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to adevegowda
Reply posted on --/--/---- --:-- AM

Dear @AMAR DEVEGOWDA

your tip was very useful. I added a js script to verify the api key and redirect or not to resource. I've added this on response.

Thank you

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
ahemanna
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

@Lucio Moraes, I think a much cleaner approach would be to create three different products and configure them for the respective developer.

In your case,

  • Product A with access to GET resource
  • Product B with access to GET and PUT resources
  • Product C with access to GET, OPTION and PUT

You may now configure product A for developer app A, product B for developer app B and product C for developer app C.

Please refer this link for more details.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
adevegowda
Staff
In response to ahemanna
Reply posted on --/--/---- --:-- AM

@Abhiram M. Hemanna,

If the permissions are different for different resources, then your suggestion works.

If the resource is same then the suggestion that I made works. There might be other solutions as well, I am happy to hear about them if there are any.

Jump to Solution
0 Likes