Api key verification fails but doesn't show in tra...

Report Inappropriate Content · 07-26-2018 09:50 AM

I am running a trace in apigee and making requests through PostMan. Some requests are successful (200 OK Response) passing verification, and some requests fail api key verification with this message:

{
    "fault": {
        "faultstring": "Invalid ApiKey for given resource",
        "detail": {
            "errorcode": "oauth.v2.InvalidApiKeyForGivenResource"
        }
    }
}

Successful requests will log in trace but failed requests do not.

sidd-harth

Hi @Sean Free, are you using the same API Key for all the calls?

InvalidApiKeyForGivenResource means the API Key is valid but is not approved in Developer Apps.

One example is,

In API Product, we have the option for selecting environment(test, prod).
Let says we select only test environment.
So Apikey associated with that product will only work in Test Env.
If you try to use it in Prod env, it will give InvalidApiKeyForGivenResource
Even in trace we can trace calls based on Environments.
If trace is running for test env, it wont show any calls which are made on prod env.

So please check the environment on which calls are made.

Report Inappropriate Content

Yes all of the calls are using the same API key, and the calls are all going to my dev environment, I've only deployed the proxy to dev.

sidd-harth

Can you please check the API Product, did you add all the resources(conditional flows) in the API Product?

If a resource is not added to API Product then I think we will get InvalidApiKeyForGivenResource error while accessing it.

For more clarity please check point 13 in below link,

https://docs.apigee.com/api-platform/publish/create-api-products#createproduct

Report Inappropriate Content

Yes it's been added to the api product. Some requests go through without any problems and I can see them in trace, about 25% of requests fail with the InvalidApiKeyForGivenResource error and don't appear in trace.

sidd-harth

Hi @Sean Free, may we know which Apigee account you are using Cloud(Free/Paid), On-Premise?

++ @Anil Sagar @ Google @Dino-at-Google @AMAR DEVEGOWDA for more info.

adevegowda

@Siddharth Barahalikar,

Thanks for letting us know about this. I have added some info to investigate this issue further.

adevegowda

@Sean Free,

If you have one or more API Proxies with a part of the basepath being same, then there's a possibility that some calls may get routed to different API Proxy depending on the path suffix and conditions used in the API Proxies and the path used in your actual API request. You may not see the trace for such calls. So I would suggest you to do the following:

Make the API calls using curl command instead of using Postman and note down the behaviour
Check if the paths used in your successful and failing APIs are same. If they are different, then check if there's any other API Proxy having that basepath+path suffix.
If you are on Private Cloud, then you can look into the Nginx Access logs and check the following:
1. The source of the error response code (I presume it is 401 in the failing case) i.e., field upstream_address -> which Message Processor (MP) are you getting the error from.Is it coming from a specific MP(s) ?
2. API Proxy name and its revision (you can check the value of the field x_apigee_fault_revision)
If you are on Public Cloud (paid) you can use API Monitoring to do the same as in point #2
If you are Public Cloud (free org), then send me an email with the org, API names and command to reproduce the problem. I will check and get back to you.

If you need any further help, please contact Apigee Support.

Report Inappropriate Content

@Siddharth Barahalikar, @AMAR DEVEGOWDA

I'm using an on-premise apigee. Currently working with an internal team to troubleshoot and hopefully fix the issue, I'll post the results once it's resolved.

Api key verification fails but doesn't show in trace