This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

application user access control

Posted on 06-17-2015 08:57 AM
Not applicable
Reply posted on --/--/---- --:-- AM

My backend system also manages users and roles. Say I have two users in my backend system, "admin" with admin privilege and "user" with user privilege. If I am developing a mobile app connecting to Apigee Edge then to my backend, and I would like the mobile app to allow user (admin or user) to use their backend credentials to access APIs protected with the same access privileges they have in my backend, what are the recommended approaches? Thanks!

0 2 165
Topic Labels
0 Likes
2 REPLIES 2

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

You can use the basic authentication policy to full-fill your requirements. Please refer to this document to get a better idea to protect your backend using basic authentication. Hope this helps.

0 Likes

Posted on --/--/---- --:-- AM
gnanasekaran
Staff
Reply posted on --/--/---- --:-- AM

Hi Songwen Xie,

You could very well do it,

> to authenticate and authorize you will need to be able to access your backend and retrieve the roles - you could probably do it using service callout or depending on your backend. You could get creds using variety of ways in Apigee, basic auth, oauth or saml

> to enforce roles, you need to map your roles to resources configured in apigee and enforce access restrictions based on that

Thanks,

0 Likes