I have written an API (lets call it API-1) which will call an internal API (lets call it API-2) in an iterative manner for getting the user details (The number of user details depends on the count I specify while making the call using API-1)
Here Internal API (API-2) will make a management API call for getting the details of a specific user using system admin credentials
Flow:
API-1(User details API - Iterative Call) --> API-2(Internal API - Single Call) --> Management API Call
For authentication purpose we are using an external IDP along with LDAP
I see that some of the calls made by API-2 to Management API are successful and some of them are failing. I find it difficult to understand as to why only some calls are failing with 401 Unauthorized issue , couldn't even find out a pattern too.
For example , I am expecting first 20 user details API- 1 will make a 20 iterative calls to API-2 to get User details.sometimes API- 2 is responding back with success for all the 20 calls and sometimes it is failing with 401 Unauthorized error even though there is no change in the Input data/headers
Hi @Gella Sonia, we need some more details to provide an effective answer,
1)I am using Java script policy in API -1 and using http.send() to call API-2
2)Both API -1 and API -2 are proxy's that created in APIGEE
3) 1. As i told, i am using http.send in javascript to call API -2
2. Yes I verified, API 2 is failing for some call with 401 unauthorized(Many time responding back with succes)
To add some more information, In API -2 I am making a management API call using service callout policy .
Here is the link for management API for getting user details
https://apidocs.apigee.com/management/apis/get/users/%7Buser_email%7D
This Management API expect a authorization header where I tried with System admin and org admin credentials
And my question is , why some calls responding back with success and some are failing when I am sending a same Authorization Header/Input payload
Thanks for the info. It is not recommended to use Management APIs from within API Proxies, maybe that is the issue. Let me check once & let you know a possible solution.
In the meantime, to get some user/developer details we can make use of Access Entity Policy to get all developer info.
https://docs.apigee.com/api-platform/reference/policies/access-entity-policy
Hi Siddharth
As per my understanding, Management API call with a wrapper API Proxy is recommended.
And I am trying to access API Developer (user) details not App developer details.
User | Count |
---|---|
2 | |
1 | |
1 | |
1 | |
1 |