This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

migrating client credentials from IBM API Connect to Google APIGEE

Posted on 09-28-2018 07:30 PM
rajeshranjan66
New Member
Reply posted on --/--/---- --:-- AM

Hi All,

If migrated from IBM API connect to APIGEE,do we need to ask live partners to change their client cred. understand that there are management APIs provided by APIGEE which will do this job but for this, we should know client Id and secret both.

in API Connect, management portal administrator can only see client Id not the secret so will have to ask partners about their secret ids which doesn't seems good to me.

Any thought on this. TIA.

Regards,

Rajesh

Solved Solved
1 4 1,406
Topic Labels
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
deniska
New Member
Reply posted on --/--/---- --:-- AM

Hey,

No much of API Connect professional, but in my opinion, there are no client_secret stored, only hash of it, like @guycrets mentioned.

But from what I udnerstood from IBM docs, you can either reset or retrieve current client_id and client_secret of the application by invoking management API :

https://www.ibm.com/support/knowledgecenter/SSMNED_5.0.0/com.ibm.apic.apirest.doc/apirest_reference_...

Try to invoke this, you might get actual plain data...

You will get a response with your data, 

  appCredentials: array[
       {
          id: string
          url: string
          clientID: string
          clientSecret: string
          description: string
       }
    ]

and then you can write some script or devops process that will run across application, retrieve data, and trigger Apigee rest API for creating applications, but I don't think you can actually tel Apigee the id_secret, it is generated by the server:

https://apidocs.apigee.com/management/apis/post/organizations/%7Borg_name%7D/developers/%7Bdeveloper...

You also need to check if format of the app credentials fits.

-D

This response is my own opinion, and does not necessarily represent my past or current employer's positions, strategies or opinions. The materials in this article are provided "as is"and the author will not be liable for any direct, indirect or incidental damages arising out or relating to any use or distribution of them.

View solution in original post

Jump to Solution
0 Likes
4 REPLIES 4

Posted on --/--/---- --:-- AM
guycrets
Silver 1
Silver 1
Reply posted on --/--/---- --:-- AM

As far as I know, IBM API Connect indeed only allows to reset the client secret. IBM APIC will hash the (salted) client secrets which is a good approach; just like passwords.

Curious to know the main drivers for switching from IBM to Apigee.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
rajeshranjan66
New Member
In response to guycrets
Reply posted on --/--/---- --:-- AM

@guycrets thanks. Main driver of moving to apigee is- customization all done in datapower and apic is just used as reversed proxy as customization of Oauth in apic ,CI/CD, code management etc is challenging and also it may not be complete migration.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
deniska
New Member
Reply posted on --/--/---- --:-- AM

Hey,

No much of API Connect professional, but in my opinion, there are no client_secret stored, only hash of it, like @guycrets mentioned.

But from what I udnerstood from IBM docs, you can either reset or retrieve current client_id and client_secret of the application by invoking management API :

https://www.ibm.com/support/knowledgecenter/SSMNED_5.0.0/com.ibm.apic.apirest.doc/apirest_reference_...

Try to invoke this, you might get actual plain data...

You will get a response with your data, 

  appCredentials: array[
       {
          id: string
          url: string
          clientID: string
          clientSecret: string
          description: string
       }
    ]

and then you can write some script or devops process that will run across application, retrieve data, and trigger Apigee rest API for creating applications, but I don't think you can actually tel Apigee the id_secret, it is generated by the server:

https://apidocs.apigee.com/management/apis/post/organizations/%7Borg_name%7D/developers/%7Bdeveloper...

You also need to check if format of the app credentials fits.

-D

This response is my own opinion, and does not necessarily represent my past or current employer's positions, strategies or opinions. The materials in this article are provided "as is"and the author will not be liable for any direct, indirect or incidental damages arising out or relating to any use or distribution of them.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
rajeshranjan66
New Member
In response to deniska
Reply posted on --/--/---- --:-- AM

Thanks @Denis Kalitviansky got it. i was missing apic management apis for which you mentioned above link from knowledge center.

There are management apis of apigee which will create client cred as is.

https://docs.apigee.com/api-platform/publish/import-existing-consumer-keys-and-secrets

Jump to Solution
0 Likes