Implementing captcha generation and validation through apigee

salsaeed
Participant I

Hello.

I have a backend capcha service and I want to cache its response in apigee and validate against the cached response without going back to the backend.

Is it passible? Could you please give me hints and guidelines to where to start? Is it really going to be a caching?

Thank you very much.

Solved Solved
0 7 855
1 ACCEPTED SOLUTION

sidd-harth
Participant V

I am not sure how your Captcha service works. But yes you can make use of Apigee Caching Policies with a well-thought Cache-Key to validate the captcha without hitting the backend.

Maybe provide more details of how your service works?

https://docs.apigee.com/api-platform/reference/policies/response-cache-policy

View solution in original post

7 REPLIES 7

sidd-harth
Participant V

I am not sure how your Captcha service works. But yes you can make use of Apigee Caching Policies with a well-thought Cache-Key to validate the captcha without hitting the backend.

Maybe provide more details of how your service works?

https://docs.apigee.com/api-platform/reference/policies/response-cache-policy

Thank you for the help. When the user hit my Captcha service. Apigee gets a token and a base64 image from the backend. I will then want to cache the token along with corresponding session id in Apigee and return the base64 image to the front-end. When the user sends the next request I will get his session id and compare the corresponding token and the user input token. If valid the pass the request to the backend else return 400 error.

Thanks for the explanation. Well, you need to have two Conditional Flows on your proxy,

  1. one for generating the token and base64 Image when the user hits your Captcha service
    1. After you receive the response, on the Response Side, extract the required variables using ExtractVariable policy and use a Populate Cache to create a cache.
    2. In populate cache use sessionID as CacheKeyFragment and set the value as Token.
    3. You also need to add a meaningful expireTime for this cache. If your captcha services gives a time value use that or else you need to decide what is a good expiryTime for the cache.
  2. the other flow for verifying the token and session ID
    1. On Request Side use an ExtractVariable to get the sessionID and token
    2. Use LookupCache to get the Cache for the extracted sessionID
    3. Use a RaiseFault and use a Condition to see if the cache exists and also check if the cachedToken is equal to the extarctedToken for the given sessionID, if it doesn't exist send 400.
    4. Give it a try, if you get stuck, post here and we will help you.

Thank you again for the help. I have implemented some of what you have said in the above and it looks promising. However I have been pulled into another development activity and I can't finish this anytime soon. I don't want to mark this as a solution until I verify that it is. I'm really thankful that we have such a wonderful apigee community.

I have started working on it again and finished it successfully. My problem was that I didn't understand how can I cache the token. I was trying to save it as a key fragment along with other key fragments. Then I realized that <Source> tag is where I should save the value.

I am glad it worked. BTW the keyfragment is used for forming the unqiue cache key.

Yes. Thank you. I realized that after a long trail and error.

Here is my code snippet for populate cache:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<PopulateCache async="false" continueOnError="false" enabled="true" name="Populate-SessionId-Captcha-Cache">
    <DisplayName>Populate SessionId-Captcha Cache</DisplayName>
    <Properties/>
    <CacheKey>
        <Prefix/>
        <KeyFragment ref="ExtractedVariables.SESSIONID" type="string"/>
    </CacheKey>
    <CacheResource>CaptchaCache</CacheResource>
    <Scope>Exclusive</Scope>
    <ExpirySettings>
        <TimeoutInSec>300</TimeoutInSec>
    </ExpirySettings>
    <Source>ExtractedVariables.Token</Source>
</PopulateCache>