{ Community }
  • Academy
  • Docs
  • Developers
  • Resources
    • Community Articles
    • Apigee on GitHub
    • Code Samples
    • Videos & eBooks
    • Accelerator Methodology
  • Support
  • Ask a Question
  • Spaces
    • Product Announcements
    • General
    • Edge/API Management
    • Developer Portal (Drupal-based)
    • Developer Portal (Integrated)
    • API Design
    • APIM on Istio
    • Extensions
    • Business of APIs
    • Academy/Certification
    • Adapter for Envoy
    • Analytics
    • Events
    • Hybrid
    • Integration (AWS, PCF, Etc.)
    • Microgateway
    • Monetization
    • Private Cloud Deployment
    • 日本語コミュニティ
    • Insights
    • IoT Apigee Link
    • BaaS/Usergrid
    • BaaS Transition/Migration
    • Apigee-127
    • New Customers
    • Topics
    • Questions
    • Articles
    • Ideas
    • Leaderboard
    • Badges
  • Log in
  • Sign up

Get answers, ideas, and support from the Apigee Community

  • Home /
  • Edge/API Management /
avatar image
1
Question by Nagashree B · Apr 26, 2019 at 08:04 PM · 164 Views developer-approlesconsumer key

Restrict access to hide Devapp keys

How do you configure an org role to be able to view the DevApp configuration but hide the consumer key and consumer secret?

Comment
Add comment Show 2
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by Apigeeks only
  • Viewable by the original poster
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image Sujith Mathew · Apr 27, 2019 at 04:27 PM 0
Link

Logically even an administrator "role" login of apigee system should not be allowed to view the keys.

I'm not sure how this can be achieved in simplest way.

avatar image harish · May 07, 2020 at 02:54 PM 1
Link

This should be basic functionality, I don't know why Apigiee not making this high priority to fix it. we opened a case they simply said this is not available now.

I will say this is a big security hole!

Close

2 Answers

  • Sort: 
avatar image
1

Answer by Jerry Jönsson · May 04, 2020 at 10:39 AM

Hi, I was recently looking in to this in our onprem solution.. basically with the same motivation as the original poster.

So far I have not found a way to restrict this using custom role.. I have done several attempts at custom roles and unfortunately there is lots of "trial and error".

The custom role documentation is lacking.. one can reference: https://docs.apigee.com/api-platform/system-administration/permissions .. to maybe get some help on it.

My scenario right now is for a role I want to create.

- Should be able to view and edit developer apps.

- Should not be able to view "ConsumerKey" and "ConsumerSecret" for any app.

- Should be able to assign products to developer apps.

App owners "Developers" will be directed to our developer portal where they will see their app credentials and can manage their app.


To me it makes perfect sense that credentials should not be exposed to others then the owner, surely Apigee must have thought of it?

Any feedback on this would be appriciated.

Thanks!

Comment
Add comment Show 1 · Link
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by Apigeeks only
  • Viewable by the original poster
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image Allan Jakobsen · Jan 11 at 10:02 AM 1
Link

Hi,

I have the same issue as Jerry.

Please come up with an solution for this Apigee. Otherwise we have to make our own UI for this scenario where API publishers using Apigee Edge UI to see who are calling their APIs, without everybody knowing the api keys and secrets.

Thanks!

avatar image
0

Answer by Priyadarshi Ajitav Jena · Apr 28, 2019 at 07:33 PM

I didn't find any option in the role to do such. You can create one api in Apigee which would be doing management call to get the developer app details and can customize the response what you want to share to the users.

Comment
Add comment Show 3 · Link
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by Apigeeks only
  • Viewable by the original poster
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image Nagashree B   · Apr 29, 2019 at 06:06 PM 0
Link

Thanks, this doesn't help my usecase. I need to restrict it in the Edge UI, so that the logged in user is able to view the Devapp but not the app key/secret.

avatar image Priyadarshi Ajitav Jena Nagashree B · May 01, 2019 at 05:55 PM 0
Link

You cannot restrict like that in roles. You have to provide a role using which user cannot see the developer app at all, the user should be provided one API which will provide all the developer app properties other than the key and secret. This is how you can share the information like attribute values and products registered etc. If you don't want to show any information other than the app name, then you don't need to give access to the apps, only access to the product will be fine, in the product user can see it is registered with which apps.

avatar image Nagashree B Priyadarshi Ajitav Jena   · May 01, 2019 at 06:00 PM 0
Link

@Priyadarshi Ajitav Jena - If user cannot see the devapps at all based on the role, the devapps wont be listed in the products as well in Edge UI.

Follow this Question

Answers Answers and Comments

68 People are following this question.

avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image

Related Questions

Could a developer-app use the same consumer key to access APIs in different organizations of the same environment? 1 Answer

Can I get a different apikey for the same developer for each different product? 3 Answers

Can we have two different credentials for each resources of an API Proxy in single Product in a Developer Apps 1 Answer

Creating an existing consumer key/secret in another developer app throws "ConsumerKey already exists" 2 Answers

Can I get developer app and developer email when i get expired access token 3 Answers

  • Products
    • Edge - APIs
    • Insights - Big Data
    • Plans
  • Developers
    • Overview
    • Documentation
  • Resources
    • Overview
    • Blog
    • Apigee Institute
    • Academy
    • Documentation
  • Company
    • Overview
    • Press
    • Customers
    • Partners
    • Team
    • Events
    • Careers
    • Contact Us
  • Support
    • Support Overview
    • Documentation
    • Status
    • Edge Support Portal
    • Privacy Policy
    • Terms & Conditions
© 2021 Apigee Corp. All rights reserved. - Apigee Community Terms of Use - Powered by AnswerHub
  • Anonymous
  • Sign in
  • Create
  • Ask a question
  • Create an article
  • Post an idea
  • Spaces
  • Product Announcements
  • General
  • Edge/API Management
  • Developer Portal (Drupal-based)
  • Developer Portal (Integrated)
  • API Design
  • APIM on Istio
  • Extensions
  • Business of APIs
  • Academy/Certification
  • Adapter for Envoy
  • Analytics
  • Events
  • Hybrid
  • Integration (AWS, PCF, Etc.)
  • Microgateway
  • Monetization
  • Private Cloud Deployment
  • 日本語コミュニティ
  • Insights
  • IoT Apigee Link
  • BaaS/Usergrid
  • BaaS Transition/Migration
  • Apigee-127
  • New Customers
  • Explore
  • Topics
  • Questions
  • Articles
  • Ideas
  • Badges