Hello everyone,
I would like to use REST calls to obtain a list of all Products that are viewable by user.
Basically the view you get, when you acess the Edge-UI and go to the Products Tab.
Is it possible?
Currently I´m trying to make a call to "organizations/<ORG>/apiproducts", but I get a 403.
As far as I know, the only way to allow access to this /apiproducts, would need to allow GET for all Products. But then in the Edge-UI you will see all the products.
Thanks for your help,
Oscar
Last time I check you can use this API,
https://apidocs.apigee.com/management/apis/get/organizations/{org_name}/apiproducts?expand=false
If your admin created a special role which restricts your access to products then you might get 403 Forbidden error.
That´s exactly the case.
The user has a Custom Role, that limits which Proxies and Products he can see. Therefore I would expect, that a call to the <org>/apiproducts only shows the allowed products (as on the Edge-UI).
But according to the definition of the Custom Role, he is not allowed to access this path.
{ "resourcePermission": [ { "organization": "myOrgName", "path": "/", "permissions": [ "get" ] }, { "organization": "myOrgName", "path": "/environments/*/applications/*/revisions/*/debugsessions", "permissions": [ "delete", "get", "put" ] }, { "organization": "myOrgName", "path": "/applications", "permissions": [] }, { "organization": "myOrgName", "path": "/applications/*", "permissions": [] }, { "organization": "myOrgName", "path": "/apiproducts", "permissions": [] }, { "organization": "myOrgName", "path": "/apiproducts/*", "permissions": [] }, { "organization": "myOrgName", "path": "/developers", "permissions": [] }, { "organization": "myOrgName", "path": "/developers/*", "permissions": [] }, { "organization": "myOrgName", "path": "/apps", "permissions": [] }, { "organization": "myOrgName", "path": "/apps/*", "permissions": [] }, { "organization": "myOrgName", "path": "/developers/*/apps", "permissions": [] }, { "organization": "myOrgName", "path": "/developers/*/apps/*", "permissions": [] }, { "organization": "myOrgName", "path": "/companies/*/apps", "permissions": [] }, { "organization": "myOrgName", "path": "/companies/*/apps/*", "permissions": [] }, { "organization": "myOrgName", "path": "/applications/oauth-sample-webservice-boot", "permissions": [ "get" ] }, { "organization": "myOrgName", "path": "/environments/*/applications/oauth-sample-webservice-boot/revisions/*/debugsessions", "permissions": [ "get", "put" ] }, { "organization": "myOrgName", "path": "/applications/azde-security-token-sampleapp-backend", "permissions": [ "get" ] }, { "organization": "myOrgName", "path": "/environments/*/applications/azde-security-token-sampleapp-backend/revisions/*/debugsessions", "permissions": [ "get", "put" ] }, { "organization": "myOrgName", "path": "/apiproducts/oauth-sample-app_test_v2", "permissions": [ "get" ] } ] }
The problem is, if we allowed GET access to the "/apiproducts", then you will see all products
The definition of this custom role is actually telling which products a user associated with a custom role can access.
Filter the response where path matches /apiproducts/{prodName} and permissions include get.
Still with this configuration, you can see in the EdgeUi only the single configured Product.
User | Count |
---|---|
2 | |
1 | |
1 | |
1 | |
1 |