What is the significance of custom attributes of a Product and App?
What is the signification of custom attributes in Product and App? How these attributes can accessed from a proxy, especially Product attributes?
Best Answer
custom attributes are significant in many ways
> provides flexibility for you to extend the functionality and implement attribute specific runtime enforcements for your API [Quota is just another attribute of a product, just an example how you could use an attribute]
> provides a means for you to classify, group your api products and apps for consumption - for eg, what to show in the portal, mapping to different consumer roles etc..
.. and there are several other examples how it can be used, specific to usecases
----------
What is interesting and important is that - Apigee provides you a easy way to configure these values and access them at runtime easily.
For eg, you can have attributes for your products, attributes for developers, attributes for apps.. and lets say you use
VerifyApiKey or OAuth Accesstoken verification policy in your flow-- all the information about your product, developers, app are loaded a flow variables for you to access within the flow, using this you could enforce any kind of runtime constraints and management functions
Have a look at there,
http://apigee.com/docs/api-services/reference/verify-api-key-policy#variables
and
http://apigee.com/docs/api-services/content/oauthv2-policy#flowvariables
Thanks,
Hi @mukundha@apigee.com What if I'm trying to access the product level custom attribute from an API proxy that's part of two different API products? How do I access the custom attributes of both API products in this case?
@SZHorani There is no efficient or an easy way to get to what you are trying to achieve, but continue reading as there are some options available for you :)
So at a high level products have access to some api's (proxies) and those products are associated to apps. Ideally if you have designed and configured the products,apps and developers correctly there should not be a scenerio where while running a particular API call you would need information for more than two products (ideally). You might want to create different apps for each of the product.
Technical challenge - When you validate an access token, within Apigee it run down some classification tree and picks up the 1st encountered product and puts all the values associated with that product as variables in an api call. All other associated products are skipped. You must be observing the same I believe, where you can only access one 1st picked product.
Below are some options for you -
1) What exactly are those product attributes? If you need all of them while running a single call, why not move them as app or developer attributes?? This way you can access them all through an api call.
2) What you want is still possible with the following solution but something I dont recommend as it has performance impact. Using Apigee access entity policy you can pretty much achieve what you want. In a nutshell access entity policy works like having management api calls in the background where you can get details about any app,developer or product.
For your particular use case you would 1) Get custom attributes of the 1st product which gets populated in the verify access token step 2) Use access entity policy to get the app details to get a list of products associated with that app (assuming its all dynamic) 3) Get the product which was not retrieved at step 1 and use access entity policy again to get its custom attributes.
You can read more about access entity policy here Again running this policy for a very high volume traffic might not be the best performant option. Give it a shot at least, I think it should work.
Thanks for quick response Vinit. This helps.
@Mukundha Madhavan if i were to add/change this custom attribute value in the proxy flow how would i be able to acheive it?Am using the below in javascript to set it
context.setVariable("verifyapikey.Verify-API-Key.hashattribute1",context.getVariable("has_uname"));
Though the variable seems to be set it doesn't populate the same when verifying it on UI. Attaching both the screen shots for referencecust-attr-1.jpgcust-attr-2.jpg
Thanks,
Vednath
Hi @GargiTalukdar in addition to what @mukundha@apigee.com mentioned, you can access custom attributes defined on products as follows:
- Define a custom attribute named "some-attribute" at the product level
- Attach a VerifyAPIKey policy to your proxy:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<VerifyAPIKey async="false" continueOnError="false" enabled="true" name="Verify-API-Key">
<DisplayName>Verify API Key</DisplayName>
<Properties/>
<APIKey ref="request.queryparam.apikey"/>
</VerifyAPIKey>
- Assuming you followed the above steps and use the exact same names (policy name & attribute name), then you should be able to reference your product custom variable as {verifyapikey.Verify-API-Key.apiproduct.some-attribute} in the remainder of your proxy
Hope this helps!
@Prithpal Bhogill In your opinion, what's the best way for me to develop an API proxy that acts differently based on the condition that it's associated with a certain API product. Behaves a certain way for API product X, and another way for API product Y.
