Does API Key authenticates or identifies the clien...

Report Inappropriate Content · 04-21-2018 11:47 PM

Does API Key authenticates or identifies the client application?

ssisodiya

Yes ,
verify api key policy show many variables those includes details like product , app , developer etc.

client application details you can find using the below variable -

apigee.developer.app.name

Check below attached screen for reference -

Report Inappropriate Content

thanks @Sartaj Singh Sisodiya but i want to know if api key authenticates or identify the client app.

ssisodiya

@Ilyas shah May I know what is your use case and what you want to achieve ?
Like as I given the example, Verify API Key policy validate the request api key and retrieve the related information of app, product and developers. This will just verify the api-key. if you want to verify authenticate the app, after Verify API Key policy you can check using javascript policy.

Let me know your use case So I can help in that

latheefdudakula

@Ilyas shah @Sartaj Singh Sisodiya

Typically , there is other way to do it instead of Java Script.

When verify AP key is executed , after the success it will populate the variable as in the above image ; one of it is the secret of the product. You can add a condition by verifying the client secret in the flow and raise a fault .

Condition would be like (verifyapikey.<<Name of the module>>.client_secret != <<User provided client secret>>

Hope this helps.

Thanks,

Latheef D

Report Inappropriate Content

thanks now i understood.