What is the recommendation if i have to update custom attribute on APIproduct via APIs?

I have a requirement of adding custom attributes to the APIProduct. I have two ways to do it -

1- Using management API directly and passing admin credentials to management API which will update the value of the custom attribute on APIGEE.

2. Create an API proxy along with an API product and developer app. Provide app credentials to the API consumer (microservice) so I don't need to provide the admin creds of apigee to that API consumer, In the API proxy call management API and do the operation of updating the custom attributes which is much safer than option 1.

The downsides of option 2 are - a. an API call to the proxy will be considered an additional call. b. it will also add some latency in the response.

Which one is recommended? May be option two is anti pattern but much better?

Solved Solved
1 4 240
1 ACCEPTED SOLUTION

I have a requirement of adding custom attributes to the APIProduct.

The correct way to do this is what you identified: use the admin APIs and PUT to the api product, specifying the new attributes.

But I think maybe you did not mention some of the requirements you have in mind. Guessing from your question, it seems you want to add custom attributes to an API Product, and you want to do it from a client app, not from an administrative context.

That seems like the wrong idea. The wrong way to use API Products.

But maybe you could elaborate a little on why you think this is necessary.

View solution in original post

4 REPLIES 4

I have a requirement of adding custom attributes to the APIProduct.

The correct way to do this is what you identified: use the admin APIs and PUT to the api product, specifying the new attributes.

But I think maybe you did not mention some of the requirements you have in mind. Guessing from your question, it seems you want to add custom attributes to an API Product, and you want to do it from a client app, not from an administrative context.

That seems like the wrong idea. The wrong way to use API Products.

But maybe you could elaborate a little on why you think this is necessary.

Ohk, more information here, I have microservice which will add the custom attribute to the API product. So sharing apigee edge admin creds with microservice is a good idea?

Yes, sharing credentials is the only way to allow an external service to use the Admin API.

several notes about that.

  1. By sharing credentials, you are designating this microservice as an administrative agent. The microservice is designed and intended to just do "one thing" - add an attribute to an API Product. But the credentials will probably allow "lots of things". This violates the principle of least privilege, which is not such a great idea. Be careful.
  2. The Admin API is not designed for online transactions. If you intend to invoke the API hundreds of times per second, it won't work.

You might want to consider an external service, like Firestore, to manage constantly changing attributes.

To repeat my earlier question: Can you elaborate a little on why you think modifying the API Product attributes is necessary?

You already understood my requirement that's all I have to elaborate here and yes the points you have mentioned are my concerns also. So the option-2 I came up when I do not want to microservice to have full control on Apigee Edge. I got my answer Dino thanks for the prompt response.