{ Community }
  • Academy
  • Docs
  • Developers
  • Resources
    • Community Articles
    • Apigee on GitHub
    • Code Samples
    • Videos & eBooks
    • Accelerator Methodology
  • Support
  • Ask a Question
  • Spaces
    • Announcements
    • General
    • Edge/API Management
    • Developer Portal (Drupal-based)
    • API Design
    • APIM on Istio
    • Extensions
    • Business of APIs
    • Academy/Certification
    • Analytics
    • Events
    • Integration (AWS, PCF, Etc.)
    • Microgateway
    • Monetization
    • Private Cloud Deployment
    • Insights
    • IoT Apigee Link
    • BaaS/Usergrid
    • BaaS Transition/Migration
    • Apigee-127
    • New Customers
    • Topics
    • Questions
    • Articles
    • Ideas
    • Leaderboard
    • Badges
  • Log in
  • Sign up

Get answers, ideas, and support from the Apigee Community

  • Home /
  • Edge/API Management /
avatar image
0
Question by Peng Du · Apr 25 at 10:03 PM · 45 Views verify api key

VerifyApikey policy did not populate variable verifyapikey.VerifyAPIKey.client_secret

Trying to do a test using basic auth to access Apigee Edge API Proxy and found after successfully verify api key the variable verifyapikey.VerifyAPIKey.client_secret value is blank. Here is the policy I'm using in PreFlow:

<Step>

<Name>verify-api-key</Name>

</Step>

According to following link after VerifyApiKey policy executed successfully the variable verifyapikey.VerifyAPIKey.client_secret value is blank when I using trace:

https://community.apigee.com/questions/19248/can-you-validate-client-key-and-secret-without-gen.html

Any suggestions? Thanks.

Comment
Add comment Show 2
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by Apigeeks only
  • Viewable by the original poster
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image Peng Du · Apr 26 at 02:08 PM 0
Link

After verify-api-key step, I have following step, which catched the mismatch:

<Step> <Condition>verifyapikey.VerifyAPIKey.client_secret != request.queryparam.password</Condition> <Name>RaiseFault-SecretMismatch</Name> </Step>

avatar image Peng Du · Apr 26 at 02:27 PM 0
Link

Have some additional findings, if I remove the Condition step, actual in the next step I can see the flow variables populated correctly. Now the issue looks like related to the way how to add the Condition step, should this be wrapped in a policy in order for it to use the flow variables?

Close

1 Answer

  • Sort: 
avatar image
0

Answer by Peng Du · Apr 27 at 01:30 AM

Found the issue, in Condition the variable name need to be surrounded by {...}, found this when reading https://community.apigee.com/questions/34852/apikey-from-oauth-for-use-in-separate-proxy-with-s.html {verifyapikey.VerifyAPIKey.client_secret} != {request.header.password} RaiseFault-SecretMismatch

Comment
Add comment Show 1 · Link
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by Apigeeks only
  • Viewable by the original poster
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image Dino-at-Google ♦♦   · May 01 at 05:39 PM 0
Link

That seems surprising. But I'm glad you got it sorted!

Follow this Question

Answers Answers and Comments

64 People are following this question.

avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image

Related Questions

Can we have a uniform set of API Keys for a given environments. In other words can we manually set the API Keys rather than letting APIGEE generate a random one for us 4 Answers

Accessing scopes from Javascript 2 Answers

How we can restrict access for a particular product requests with a fixed ip address 2 Answers

Is there a limit or scalability concerns to the number of apps that are tied to a developer? 1 Answer

ApiKey from OAuth for use in Separate Proxy with Simple Verify API Key policy 1 Answer

  • Products
    • Edge - APIs
    • Insights - Big Data
    • Plans
  • Developers
    • Overview
    • Documentation
  • Resources
    • Overview
    • Blog
    • Apigee Institute
    • Academy
    • Documentation
  • Company
    • Overview
    • Press
    • Customers
    • Partners
    • Team
    • Events
    • Careers
    • Contact Us
  • Support
    • Support Overview
    • Documentation
    • Status
    • Edge Support Portal
    • Privacy Policy
    • Terms & Conditions
© 2019 Apigee Corp. All rights reserved. - Apigee Community Terms of Use - Powered by AnswerHub
  • Anonymous
  • Sign in
  • Create
  • Ask a question
  • Create an article
  • Post an idea
  • Spaces
  • Announcements
  • General
  • Edge/API Management
  • Developer Portal (Drupal-based)
  • API Design
  • APIM on Istio
  • Extensions
  • Business of APIs
  • Academy/Certification
  • Analytics
  • Events
  • Integration (AWS, PCF, Etc.)
  • Microgateway
  • Monetization
  • Private Cloud Deployment
  • Insights
  • IoT Apigee Link
  • BaaS/Usergrid
  • BaaS Transition/Migration
  • Apigee-127
  • New Customers
  • Explore
  • Topics
  • Questions
  • Articles
  • Ideas
  • Members
  • Badges