How do I revoke developer apps on the basis of the apikey only

Not applicable

Hi There,

I have API keys which I want to revoke.

All the management APIs are requiring 2 mandatory params

#1 developer_id or email

#2 appName

to do any changes on the app.

How can I revoke app status using the apikey as the only parameters?

Or else is there any way to get app name using the apikey?

Solved Solved
1 8 408
1 ACCEPTED SOLUTION

You need to first find the developer app that owns the API key.

Here's a tool:

https://github.com/DinoChiesa/apigee-edge-js/blob/master/examples/findApiKey.js

It uses brute search in the Administrative API to find the developer app. That gives you the app name, and from that you can retrieve the developer email and etc.

Then you can call the Revoke API to revoke that API key.

You can do the analogous thing in the Apigee Edge Admin UI. Just do this:

1. paste the apikey into the search bar,

7160-select-and-paste.png

2. find the developer app,

7161-search-fulfilled.png

and 3. revoke that API key.

7162-click-edit.png

7163-revoke-key.png

Keep in mind that there is a possibility that a single developer may have multiple apps, and each app may have multiple credentials.

View solution in original post

8 REPLIES 8

sidd-harth
Participant V

Hi @Ziaur Raheman Khan, I am not sure if we have an api for revoking app based on apikey.

Whenever we use Verify API key/OAuth policies within a proxy, in trace sessions it gives us all the details of developer & applications.

Maybe you can create a script which will call a proxy with apikey to get the values of dev_ip_email appname & use them to revoke access using the available management api.

Sample Trace session -

http://prntscr.com/k8dek0

Hi @Siddharth Barahalikar Thank you for response.

In external script I cannot capture apigee's runtime variables unless I use them in the proxy flow.

Please let me know if you have any idea to do that.

In the proxy itself, we can use an Assign Message policy to Set Payload(Json/xml) with the variables.

So when you call this proxy from a script it will give you the value of the variable in response, where you need to extract them & use them in Management API call.

Thank you @Siddharth Barahalikar for your time and help.

You need to first find the developer app that owns the API key.

Here's a tool:

https://github.com/DinoChiesa/apigee-edge-js/blob/master/examples/findApiKey.js

It uses brute search in the Administrative API to find the developer app. That gives you the app name, and from that you can retrieve the developer email and etc.

Then you can call the Revoke API to revoke that API key.

You can do the analogous thing in the Apigee Edge Admin UI. Just do this:

1. paste the apikey into the search bar,

7160-select-and-paste.png

2. find the developer app,

7161-search-fulfilled.png

and 3. revoke that API key.

7162-click-edit.png

7163-revoke-key.png

Keep in mind that there is a possibility that a single developer may have multiple apps, and each app may have multiple credentials.

Hello @Dino-at-Google Thank you for the response.

Reg the tool, I have gone through the script. Could you please tell me more on how to use the script, if that script would a backend node server for my apikey?

I am totally new to node js & apigee.

I knew the UI work beside it would be little manual effort if we got a lot of API keys to work with.

Thank you in adavence for your help. Appreciate it!!.

The tool is a command-line tool.

If you want to revoke a key, you first need to know the app. This tool finds the app that "owns" a key. You run it from a command line using nodejs. It has nothing to do with the nodejs target in Apigee Edge.

Thank you so much @Dino-at-Google . Appreciate your help!!