Solved: Management API to call for Product approval in com...

Report Inappropriate Content · 04-02-2018 10:56 PM

Hi

I wanted to clarify which Management API would I need to call in this scenario below. Any assistance is greatly appreciated.

1. In the developer portal - Company Admin user creates a subscription with a product (that require manual approval).

2. App gets created in Edge with the approved key and the selected product set to pending status.

3. If I need to call the Management API to approve the pending products for the company app, which one of these is the relevant APi to be called?

1.Update App of company and pass the 2 API products that require approval?

2.Update Company App Key with API Product

3.Approve or Revoke API Product for an API Key

Below is a pdf file with the screen shot of the company app with the product set to pending status and the approve button aside it. If i were to simulate the Approve button click using the management API call , i would like to know which of the above APIs is to be called

edge-api-product-approval.pdf

DChiesa

Be aware, There are multiple levels of approval.

The developer can be active or inactive. When inactive, all keys for all apps owned by the developer are "invalid" and will be treated as such when requesting tokens, or by VerifyApiKey.
The app itself can be approved or revoked. This means all credentials (keys) under the app will be treated as invalid at runtime.
The Key (Credential) can be approved or revoked. This means all API Products for that particular Key will be invalid.
an individual product on a credential can be approved or revoked.

In your case, a developer requests an API Product that requires manual approval. The key is created and is approved, and the app is approved. The one level that is NOT approved is the API Product on the credential (key).

If you look in the Admin UI, you will see a key that has the API Product listed as "Pending" .

(The following shows an API Product as "revoked" but for practical purposes, that is the same as "pending")

You need to mark that as "Approved". That is #4 in my list above, approving a product on a credential. This is what the UI does when you click "Edit" and mark the API Product "Approved".

This model, with the 4 levels of approval, is somewhat complicated. In the simple case, there is just a single API Key, and just a single API Product on that key. In that case, Approving or revoking the app is practically equivalent to approving or revoking the key, which is practically equivalent to approving or revoking the API Product on the key. I hope my explanation of the model is clear.

OK, the next question is, which API calls can you use to do the #1, #2, #3, and #4 ?

#1 For approving the developer:

curl -X POST \
 -H content-type:application/octet-stream \
 "${mgmtserver}/v1/o/${orgname}/developers/${developerid}?action=${state}"

state = inactive or active

#2, approving or revoking the app

curl -X POST \
 -H content-type:application/octet-stream \
 "${mgmtserver}/v1/o/${orgname}/developers/${developerid}/apps/${appname}?action=${action}"

action= revoke or approve

#3, Approving or revoking a credential (or key)

curl -X POST \
 -H content-type:application/octet-stream \
 "${mgmtserver}/v1/o/${orgname}/developers/${developerid}/apps/${appname}/keys/${consumerkey}?action=${action}"

action = revoke or approve

#4, approving or revoking a product under a credential

curl -X POST \
 -H content-type:application/octet-stream \
 "${mgmtserver}/v1/o/${orgname}/developers/${developerid}/apps/${appname}/keys/${consumerkey}/apiproducts/${productname}?action=${action}"

View solution in original post

DChiesa

Be aware, There are multiple levels of approval.

The developer can be active or inactive. When inactive, all keys for all apps owned by the developer are "invalid" and will be treated as such when requesting tokens, or by VerifyApiKey.
The app itself can be approved or revoked. This means all credentials (keys) under the app will be treated as invalid at runtime.
The Key (Credential) can be approved or revoked. This means all API Products for that particular Key will be invalid.
an individual product on a credential can be approved or revoked.

In your case, a developer requests an API Product that requires manual approval. The key is created and is approved, and the app is approved. The one level that is NOT approved is the API Product on the credential (key).

If you look in the Admin UI, you will see a key that has the API Product listed as "Pending" .

(The following shows an API Product as "revoked" but for practical purposes, that is the same as "pending")

You need to mark that as "Approved". That is #4 in my list above, approving a product on a credential. This is what the UI does when you click "Edit" and mark the API Product "Approved".

This model, with the 4 levels of approval, is somewhat complicated. In the simple case, there is just a single API Key, and just a single API Product on that key. In that case, Approving or revoking the app is practically equivalent to approving or revoking the key, which is practically equivalent to approving or revoking the API Product on the key. I hope my explanation of the model is clear.

OK, the next question is, which API calls can you use to do the #1, #2, #3, and #4 ?

#1 For approving the developer:

curl -X POST \
 -H content-type:application/octet-stream \
 "${mgmtserver}/v1/o/${orgname}/developers/${developerid}?action=${state}"

state = inactive or active

#2, approving or revoking the app

curl -X POST \
 -H content-type:application/octet-stream \
 "${mgmtserver}/v1/o/${orgname}/developers/${developerid}/apps/${appname}?action=${action}"

action= revoke or approve

#3, Approving or revoking a credential (or key)

curl -X POST \
 -H content-type:application/octet-stream \
 "${mgmtserver}/v1/o/${orgname}/developers/${developerid}/apps/${appname}/keys/${consumerkey}?action=${action}"

action = revoke or approve

#4, approving or revoking a product under a credential

curl -X POST \
 -H content-type:application/octet-stream \
 "${mgmtserver}/v1/o/${orgname}/developers/${developerid}/apps/${appname}/keys/${consumerkey}/apiproducts/${productname}?action=${action}"

Report Inappropriate Content

Dino

Thanks for the detailed explanation. I was trying to use the #4 API call after i did the reading in APIGEE on Management APIs and from your post. However, using the same screen shot I posted in my question, i tried to make the call to approve the pending API product and i got back the 404 response

{ "code": "developer.service.AppDoesNotExist", "message": "App named {appname} does not exist under {developerid}, "contexts": [] }

A Get call to the Apps under the developer does not show the app associated with the developer.

That brings up this - Is it due to the fact that the App is a company App? Though I am the administrator of the company - the app doesn't show up for my developer account but shows as a company app in Edge (As shown in my screen shot).

I don't see any APIs under company App to approve or revoke a specific API product for a company App. The only API i see is the addition of an API product to a company App. not sutre if that is what i need to use.

Please clarify

DChiesa

yes- correct. The reason your request returns 404 is because the app is a company app.

You should be able to do the same with a company app by referring to the app by app id.

like so:

curl -X POST \
 -H content-type:application/octet-stream \
"${mgmtserver}/v1/o/${orgname}/apps/${appid}/keys/${consumerkey}/apiproducts/${productname}?action=${action}"

Management API to call for Product approval in company app