{ Community }
  • Academy
  • Docs
  • Developers
  • Resources
    • Community Articles
    • Apigee on GitHub
    • Code Samples
    • Videos & eBooks
    • Accelerator Methodology
  • Support
  • Ask a Question
  • Spaces
    • Product Announcements
    • General
    • Edge/API Management
    • Developer Portal (Drupal-based)
    • Developer Portal (Integrated)
    • API Design
    • APIM on Istio
    • Extensions
    • Business of APIs
    • Academy/Certification
    • Adapter for Envoy
    • Analytics
    • Events
    • Hybrid
    • Integration (AWS, PCF, Etc.)
    • Microgateway
    • Monetization
    • Private Cloud Deployment
    • 日本語コミュニティ
    • Insights
    • IoT Apigee Link
    • BaaS/Usergrid
    • BaaS Transition/Migration
    • Apigee-127
    • New Customers
    • Topics
    • Questions
    • Articles
    • Ideas
    • Leaderboard
    • Badges
  • Log in
  • Sign up

Get answers, ideas, and support from the Apigee Community

  • Home /
  • Edge/API Management /
avatar image
1
Question by Sajan Mathew · May 31, 2019 at 10:04 AM · 213 Views edgepoliciescacheproxy configurationpython extension

Deny API call with same payload parameter value like in the previous call (within a minute)

Hi Community

We have an API that sends a JSON payload with 15 fields/parameters in the request body. "Proposal number" is one out of those parameters we pass in JSON with every API call. So we want to ensure, backend do not receive another API call having the same Proposal number within a minute (since we've observed this recurring scenario occurring only within a minute).

Proposal number can be stored in APIGEE Edge Cache/KVM for a minute, after which this value/entry can be invalidated/removed. With this Proposal number having stored for a minute or so, we want to reject/deny every other API call with the same Proposal number in their JSON payload.

How can we do this using APIGEE policies, JS/Python service call-out etc etc? Kindly help us with detail answer. Thanks!

APIGEE Edge version: 4.18.01

Regards

Sajan Mathew

Comment
Add comment
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by Apigeeks only
  • Viewable by the original poster
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Close

2 Answers

  • Sort: 
avatar image
2
Best Answer

Answer by Siddharth Barahalikar   · May 31, 2019 at 11:04 AM

I guess we can make use of PopulateCache, LookupCache and Raise Fault.

First Use an Extract variable policy to get the proposalNumber.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ExtractVariables async="false" continueOnError="false" enabled="true" name="Extract-Variables-1">
    <DisplayName>Extract Variables-1</DisplayName>
    <Properties/>
    <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
    <JSONPayload>
        <Variable name="number">
            <JSONPath>$.number</JSONPath>
        </Variable>
    </JSONPayload>
    <Source clearPayload="false">request</Source>
    <VariablePrefix>apigee</VariablePrefix>
</ExtractVariables>

Use a Lookup Cache to get the Value from Cache,

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<LookupCache async="false" continueOnError="false" enabled="true" name="Lookup-Cache-1">
    <DisplayName>Lookup Cache-1</DisplayName>
    <Properties/>
    <CacheKey>
        <Prefix/>
        <KeyFragment ref="apigee.number"/>
    </CacheKey>
    <Scope>Exclusive</Scope>
    <AssignTo>flowVar</AssignTo>
</LookupCache>

Use a PopulateCache to Cache the extracted prososalNumber(number in my example) with 60sec expiry time.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<PopulateCache async="false" continueOnError="false" enabled="true" name="Populate-Cache-1">
    <DisplayName>Populate Cache-1</DisplayName>
    <Properties/>
    <CacheKey>
        <Prefix/>
        <KeyFragment ref="apigee.number"/>
    </CacheKey>
    <Scope>Exclusive</Scope>
    <ExpirySettings>
        <TimeoutInSec>60</TimeoutInSec>
    </ExpirySettings>
    <Source>apigee.number</Source>
</PopulateCache>

Use a Raise Fault to raise an error based on some Conditions.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<RaiseFault async="false" continueOnError="false" enabled="true" name="Raise-Fault-1">
    <DisplayName>Raise Fault-1</DisplayName>
    <Properties/>
    <FaultResponse>
        <Set>
            <Headers/>
            <Payload contentType="text/plain"/>
            <StatusCode>500</StatusCode>
            <ReasonPhrase>Received Same Proposal Number in a Minute</ReasonPhrase>
        </Set>
    </FaultResponse>
    <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
</RaiseFault>

Conditions can be something like this,

	<Request>
            <Step>
                <Name>Extract-Variables-1</Name>
            </Step>
            <Step>
                <Name>Lookup-Cache-1</Name>
            </Step>
            <Step>
                <Name>Populate-Cache-1</Name>
                <Condition>flowVar != apigee.number</Condition>
            </Step>
            <Step>
                <Name>Raise-Fault-1</Name>
                <Condition>flowVar = apigee.number</Condition>
            </Step>
        </Request>

Use a payload like,

{"number":1}


When you make a call for the first time with a payload like {"number":1},

  • the number will be extracted
  • but the LookUpCache will not find any Cache for the extarctedNumber so the flow will continue and
  • execute the PopulateCache to store the extarctedNumber in cache for 60seconds and
  • the Raise Fault will be skipped.

When you make a call for the second time with same payload {"number":1} within a minute,

  • the number will be extracted,
  • LookupCache will get the cache and assign it to flowVar.
  • as the flowVar(number) from LookupCache is equal to extractedNumber,
    • the Populate Cache will be skipped
    • RaiseFault will be executed


Note -

I have not tried these steps, so not sure if it is going to work. Try it on a sample proxy and check.

I have not followed/used naming conventions so take care of them in your proxy.


Comment
Add comment Show 2 · Link
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by Apigeeks only
  • Viewable by the original poster
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image Sajan Mathew · May 31, 2019 at 12:25 PM 0
Link

Thanks Siddharth for the wonderful narration of the steps and logic. I will try this out over the weekend/next week and let you all know.

avatar image Dino-at-Google ♦♦   · May 31, 2019 at 07:03 PM 0
Link

I have not tried these steps, so not sure if it is going to work.

It will work. Not sure about the exact syntax, but the pattern and the idea is correct.

avatar image
0

Answer by Sajan Mathew · Jun 05, 2019 at 01:43 PM

Hi@Siddharth Barahalikar@Dino-at-Google

Cache Policies are not working as expected for my requirement, though I tried things from my end too. I am getting CacheHit = false, everytime I test. Please find the details below. Any suggestions would be more than welcome. Thanks!

  • Trace Fields:
Variables
apigee.metrics.policy.LC-ToFindExtractedParam.timeTaken
apigee.metrics.policy.PC-toStoreExtractedParam.timeTaken
flowVar
Number
lookupcache.LC-ToFindExtractedParam
Number
Request Content
Body {
"Number" : 9,
"First Name" : "Sajan",
"Last Name" : "Mathew"
}
{
"Number" : 9,
"First Name" : "Sajan",
"Last Name" : "Mathew"
lookupcache.LC-ToFindExtractedParam.assignto flowVar
lookupcache.LC-ToFindExtractedParam.cachehit false
lookupcache.LC-ToFindExtractedParam.cachekey mathewsajan14-trial__prod____9
lookupcache.LC-ToFindExtractedParam.cachename mathewsajan14-trial__prod
lookupcache.LC-ToFindExtractedParam.failed false
  • Extract Variable Policy (Working):
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ExtractVariables async="false" continueOnError="false" enabled="true" name="EV-NumberParam">
    <DisplayName>EV-NumberParam</DisplayName>
    <Properties/>
    <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
    <JSONPayload>
        <Variable name="Number">
            <JSONPath>$.Number</JSONPath>
        </Variable>
    </JSONPayload>
    <Source clearPayload="false">request</Source>
</ExtractVariables>
  • Lookup Cache (CacheHit = False always //doesn't seem to be working, though I tried many changes in this policy)
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<LookupCache async="false" continueOnError="false" enabled="true" name="LC-ToFindExtractedParam">
    <DisplayName>LC-ToFindExtractedParam</DisplayName>
    <Properties/>
    <CacheKey>
        <Prefix/>
        <KeyFragment ref="Number"/>
    </CacheKey>
    <Scope>Global</Scope>
    <AssignTo>flowVar</AssignTo>
</LookupCache>
  • Populate Cache Policy:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<PopulateCache async="false" continueOnError="false" enabled="true" name="PC-toStoreExtractedParam">
    <DisplayName>PC-toStoreExtractedParam</DisplayName>
    <Properties/>
    <CacheKey>
        <Prefix/>
        <KeyFragment ref="Number"/>
    </CacheKey>
    <Scope>Global</Scope>
    <ExpirySettings>
        <TimeoutInSec>60</TimeoutInSec>
    </ExpirySettings>
    <Source>flowVar</Source>
</PopulateCache>
  • Raise Fault Policy:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<RaiseFault async="false" continueOnError="false" enabled="true" name="RF-ifSameExtractedParamFoundAgain">
    <DisplayName>RF-ifSameExtractedParamFoundAgain</DisplayName>
    <Properties/>
    <FaultResponse>
        <Set>
            <Headers/>
            <Payload contentType="application/json"/>
            <StatusCode>400</StatusCode>
            <ReasonPhrase>Proposal number repeat hit</ReasonPhrase>
        </Set>
    </FaultResponse>
    <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
</RaiseFault>
  • Proxy Flow:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ProxyEndpoint name="default">
    <Description/>
    <FaultRules/>
    <PreFlow name="PreFlow">
        <Request>
            <Step>
                <Name>EV-NumberParam</Name>
            </Step>
            <Step>
                <Name>LC-ToFindExtractedParam</Name>
            </Step>
        </Request>
        <Response/>
    </PreFlow>
    <Flows>
        <Flow name="PopulateCache">
            <Request>
                <Step>
                    <Name>PC-toStoreExtractedParam</Name>
                    <Condition>Number != flowVar</Condition>
                </Step>
            </Request>
        </Flow>
        <Flow name="RaiseFault">
            <Request>
                <Step>
                    <Name>RF-ifSameExtractedParamFoundAgain</Name>
                    <Condition>Number = flowVar</Condition>
                </Step>
            </Request>
        </Flow>
    </Flows>
    <PostFlow name="PostFlow">
        <Request/>
        <Response/>
    </PostFlow>
    <HTTPProxyConnection>
        <BasePath>/blocksamerequest</BasePath>
        <Properties/>
        <VirtualHost>secure</VirtualHost>
    </HTTPProxyConnection>
    <RouteRule name="default">
        <TargetEndpoint>default</TargetEndpoint>
    </RouteRule>
</ProxyEndpoint>
Comment
Add comment Show 2 · Link
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by Apigeeks only
  • Viewable by the original poster
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image Siddharth Barahalikar   · Jun 05, 2019 at 04:01 PM 1
Link

Well, I guess the issue is with your PopulateCache Policy, you defined <Source> as flowVar, whereas it should be Number in your case.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<PopulateCache async="false" continueOnError="false" enabled="true" name="PC-toStoreExtractedParam">
    <DisplayName>PC-toStoreExtractedParam</DisplayName>
    <Properties/>
    <CacheKey>
        <Prefix/>
        <KeyFragment ref="Number"/>
    </CacheKey>
    <Scope>Global</Scope>
    <ExpirySettings>
        <TimeoutInSec>60</TimeoutInSec>
    </ExpirySettings>
    <Source>flowVar</Source> <!-- flowVar should be replaced with Number extracted using extract variable policy -->
</PopulateCache><br>

Since PopulateCache is not creating a cache the LookupCache is failing.

BTW, I would recommend using a VariablePrefix in extract variable policy, it helps in identifying and referencing variables in an efficient manner,

<VariablePrefix>apigee</VariablePrefix><br>
avatar image Sajan Mathew Siddharth Barahalikar · Jun 07, 2019 at 08:01 AM 0
Link

Thank you @Siddharth Barahalikar. Commendable..

Follow this Question

Answers Answers and Comments

90 People are following this question.

avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image

Related Questions

response cache for PASS through SOAP Method 1 Answer

SOAP API WSDL not available 1 Answer

How are concurrent writes managed using populate cache policy 1 Answer

LookupCache is working weirdly, i.e it's retrieving cache sometimes and other times it's empty 1 Answer

How to handle multiple proxy for exception handling in shared flow? 1 Answer

  • Products
    • Edge - APIs
    • Insights - Big Data
    • Plans
  • Developers
    • Overview
    • Documentation
  • Resources
    • Overview
    • Blog
    • Apigee Institute
    • Academy
    • Documentation
  • Company
    • Overview
    • Press
    • Customers
    • Partners
    • Team
    • Events
    • Careers
    • Contact Us
  • Support
    • Support Overview
    • Documentation
    • Status
    • Edge Support Portal
    • Privacy Policy
    • Terms & Conditions
© 2021 Apigee Corp. All rights reserved. - Apigee Community Terms of Use - Powered by AnswerHub
  • Anonymous
  • Sign in
  • Create
  • Ask a question
  • Create an article
  • Post an idea
  • Spaces
  • Product Announcements
  • General
  • Edge/API Management
  • Developer Portal (Drupal-based)
  • Developer Portal (Integrated)
  • API Design
  • APIM on Istio
  • Extensions
  • Business of APIs
  • Academy/Certification
  • Adapter for Envoy
  • Analytics
  • Events
  • Hybrid
  • Integration (AWS, PCF, Etc.)
  • Microgateway
  • Monetization
  • Private Cloud Deployment
  • 日本語コミュニティ
  • Insights
  • IoT Apigee Link
  • BaaS/Usergrid
  • BaaS Transition/Migration
  • Apigee-127
  • New Customers
  • Explore
  • Topics
  • Questions
  • Articles
  • Ideas
  • Badges