List available Products for User

externpinilla-o · 07-09-2019 09:51 AM

Hello everyone,

I would like to use REST calls to obtain a list of all Products that are viewable by user.

Basically the view you get, when you acess the Edge-UI and go to the Products Tab.

Is it possible?

Currently I´m trying to make a call to "organizations/<ORG>/apiproducts", but I get a 403.

As far as I know, the only way to allow access to this /apiproducts, would need to allow GET for all Products. But then in the Edge-UI you will see all the products.

Thanks for your help,

Oscar

sidd-harth

Last time I check you can use this API,

https://apidocs.apigee.com/management/apis/get/organizations/{org_name}/apiproducts?expand=false

If your admin created a special role which restricts your access to products then you might get 403 Forbidden error.

externpinilla-o

That´s exactly the case.

The user has a Custom Role, that limits which Proxies and Products he can see. Therefore I would expect, that a call to the <org>/apiproducts only shows the allowed products (as on the Edge-UI).

But according to the definition of the Custom Role, he is not allowed to access this path.

{
  "resourcePermission": [
    {
      "organization": "myOrgName",
      "path": "/",
      "permissions": [
        "get"
      ]
    },
    {
      "organization": "myOrgName",
      "path": "/environments/*/applications/*/revisions/*/debugsessions",
      "permissions": [
        "delete",
        "get",
        "put"
      ]
    },
    {
      "organization": "myOrgName",
      "path": "/applications",
      "permissions": []
    },
    {
      "organization": "myOrgName",
      "path": "/applications/*",
      "permissions": []
    },
    {
      "organization": "myOrgName",
      "path": "/apiproducts",
      "permissions": []
    },
    {
      "organization": "myOrgName",
      "path": "/apiproducts/*",
      "permissions": []
    },
    {
      "organization": "myOrgName",
      "path": "/developers",
      "permissions": []
    },
    {
      "organization": "myOrgName",
      "path": "/developers/*",
      "permissions": []
    },
    {
      "organization": "myOrgName",
      "path": "/apps",
      "permissions": []
    },
    {
      "organization": "myOrgName",
      "path": "/apps/*",
      "permissions": []
    },
    {
      "organization": "myOrgName",
      "path": "/developers/*/apps",
      "permissions": []
    },
    {
      "organization": "myOrgName",
      "path": "/developers/*/apps/*",
      "permissions": []
    },
    {
      "organization": "myOrgName",
      "path": "/companies/*/apps",
      "permissions": []
    },
    {
      "organization": "myOrgName",
      "path": "/companies/*/apps/*",
      "permissions": []
    },
    {
      "organization": "myOrgName",
      "path": "/applications/oauth-sample-webservice-boot",
      "permissions": [
        "get"
      ]
    },
    {
      "organization": "myOrgName",
      "path": "/environments/*/applications/oauth-sample-webservice-boot/revisions/*/debugsessions",
      "permissions": [
        "get",
        "put"
      ]
    },
    {
      "organization": "myOrgName",
      "path": "/applications/azde-security-token-sampleapp-backend",
      "permissions": [
        "get"
      ]
    },
    {
      "organization": "myOrgName",
      "path": "/environments/*/applications/azde-security-token-sampleapp-backend/revisions/*/debugsessions",
      "permissions": [
        "get",
        "put"
      ]
    },
    {
      "organization": "myOrgName",
      "path": "/apiproducts/oauth-sample-app_test_v2",
      "permissions": [
        "get"
      ]
    }
  ]
}

The problem is, if we allowed GET access to the "/apiproducts", then you will see all products

deboraelkin

The definition of this custom role is actually telling which products a user associated with a custom role can access.

Filter the response where path matches /apiproducts/{prodName} and permissions include get.

externpinilla-o

Still with this configuration, you can see in the EdgeUi only the single configured Product.