How to configure customized api keys

I understand that api keys are auto-generated in edge when a developer app is registered.

Is there a way to override this behaviour and allow configuration of custom api keys for the apps?

Where does the api key gets stored? are there any management APIs available to update this?

Solved Solved
2 22 1,606
2 ACCEPTED SOLUTIONS

Dear @Nagashree B ,

Where does the api key gets stored ?

  • In Cassandra Database

Are there any management APIs available to update this?

  • Yes
  • To add a new key check here.
  • To delete old key check here.

Is there a way to override this behaviour and allow configuration of custom api keys for the apps?

  • Yes, Please check above answer

Cheers,

Anil Sagar

View solution in original post

@Cladius Fernando and @vednath pittala

I've found the Support case. You were right, it needed to be in the correct queue.

This seems to be a very specific use-case, and as such, we should have a very specific discussion. I'll contact you directly so we can setup a time to talk through this.

Thanks.

View solution in original post

22 REPLIES 22

Dear @Nagashree B ,

Where does the api key gets stored ?

  • In Cassandra Database

Are there any management APIs available to update this?

  • Yes
  • To add a new key check here.
  • To delete old key check here.

Is there a way to override this behaviour and allow configuration of custom api keys for the apps?

  • Yes, Please check above answer

Cheers,

Anil Sagar

@Anil Sagar, Thanks for the quick response. Is there a way to export the API keys? can you pls point to the smart docs for this if any.

@Nagashree B , What do you mean by export the API keys ? Retrieve API Keys assigned to an app ? There is a management API call for same. Please find here. Use expand true option.

@Anil Sagar I meant to retrieve the api keys of all the apps.

@Nagashree B , Yes, use above API. You will get all api keys by parsing json response.

@Anil Sagar Anil this solution works when we are talking about different environments/servers but it fails when we have to use different organization under the same server. Is there an alternate solution for this kind of scenario. Am trying to have same key for the app in multiple organizations like ste1,ste2... sten under server 1.

The solution provided by you works as expected when i have to update the key from ste1 of server 1 to ste1 of server 2 and so on but it fails when i have to update it on ste1, ste 2 and so on server 1 itself

Hi @vednath pittala, could you please elaborate on what is failing exactly? You have mentioned env, servers and orgs - are you using apigee OnPrem?

Yes we are using apigee onPrem..I have multiple APIGEE organizations ste1,ste2... sten under a single environment say dev, prod,sit,uat and so on. When i try to migrate keys from one environment to other i dont face any issues. But when i try migrate the keys from one org to another within the same environment say from ste1 of dev to ste2 of dev it fails. I get a response saying that the key already exists. Let me know if you need anything else

@vednath pittala, as @Arun Kumar has mentioned in his article, the feature for setting a custom Apikey seems to be mainly to "recreate the same keys to restore traffic". Having said that, is this the error that you encounter?

{
  "code": "keymanagement.service.ConsumerKeyAlreadyExists",
  "message": "ConsumerKey already exists",
  "contexts": []
}

I believe, you are ending up trying to recreate the same apikey within an org for multiple environments. It is my understanding that you cannot have the same string (i.e. apikey) pointing to multiple apps within the same org. Could you please mention why you need multiple apps-orgs-envs to have the same apikey? If you want to maintain a single apikey, you could try bundling the relevant api-proxies across multiple envs in an org under a single app.

Hi @Cladius Fernando Am getting the exact same error as shown by you above.Let me give you a brief overview of the current architecture for APIGEE . We have multiple non-prod environments akka servers on which apigee is deployed(npe,npegold,pte,dev) and multiple prod environments akka servers on which apigee is deployed (prod,beta,dr,ha). Each of these environments have multiple organizations(like ste1, ste2....) and multiple deployment environments (in apigee terms something like test and prod) for each of these organizations.

What we want to acheive from APIGEE is to make sure that a given developer app has the same api key in all non-prod environments (thereby in all organizations deployed in these non-prod environments) and all prod environments (thereby in all organizations deployed in these non-prod environments). This is being done so the developers can maintain same apikey in their code rather than having them to keep changing. This is also being done so the transformation between prod and disaster recovery when prod is down is trivial and there wont be any change in the way developers are able to access their backend services through their respective apps.

Let me know if you need more clarity

@vednath pittala, since you confirmed that you are encountering the error message posted by me, it means that you are attempting to re-create the same apikey in the same org. It doesn't matter if it's a different (deployment) environment because an apikey is unique for an org. Another way to look at this is that, apigee needs to be able to examine the apikey and deduce which developer app has made the call. We cannot have 1 apikey pointing to multiple developer apps. Additionally, developer apps are not implicitly tied to an environment (that happens via the Product).

If I understand your requirement correctly, what you need to do is:

  1. Create a universal product.
  2. Configure it to span across all the desired environments.
  3. Add all the desired api-proxies under resources for this product.
  4. Configure a developer app for this product.
  5. Repeat these steps for each org.

Hope this answers your query.

@Cladius Fernando am not trying to create same api key for app1 in org1 and app2 in org1...what am trying to create is same api key for app1 in org 1 and app1 in org2. Am getting the error i mentioned for the second scenario. Please advise

Also @Cladius Fernando is the apikey maintained at organization level or at environment level?I mean what is expected behavior in the two below scenarios

1. Can we have the same apikey for all organizations as in STE1, STE2... STEn organizations present under apigee environment of prod and Corporate environment of DEV

or

2. Can we have the same apikey for all apigee environments as in STE1, STE2.... STEn present under organization prod and Corporate environment of DEV

what is possible out of the above two scenarios?

Also @Cladius Fernando is the apikey maintained at organization level or at environment level?I mean what is expected behavior in the two below scenarios

1. Can we have the same apikey for all organizations as in STE1, STE2... STEn organizations present under apigee environment of prod and Corporate environment of DEV

or

2. Can we have the same apikey for all apigee environments as in STE1, STE2.... STEn present under organization prod and Corporate environment of DEV

what is possible out of the above two scenarios?

@vednath pittala, now I understand your scenario more clearly. I am not exactly sure why this is failing. Have you tried using different developer-ids while trying to create the custom apikeys? Since you have an OnPrem license, have you raised a support ticket for this?

@Cladius Fernando I tried to raise a ticket for this but was suggested by our point of contact to ask questions of this nature in the community instead. Did you mean use different developer email ids by developer-ids in that case yes i have tried with different developer id's to no effect. The case number for the request I raised about this topic earlier is 898443.Also can you suggest under which category do I raise a request?I dont know if I raised it under the right category

The following values seem to be the closest fit for your scenario:

  • Record Type: Support Request
  • Product: Apigee Edge On-Premises
  • Component: Mangement UI (edge.apigee.com / enterprise.apigee.com)
  • I need help with: A general how-to question

@Arun Kumar, @Anil Sagar, any thoughts about @vednath pittala's issue?

@vednath pittala, could you please share the exact (maybe curl) commands that you are using to create the custom apikeys?

Hi @Cladius Fernando thanks for helping me out here . Here are the curl commands am using

curl -H 'Content-type:application/xml' -u uname:pwd {url}/v1/o/{orgname}/developers/{developer email id}/apps/{app-name}/keys/create -X POST -d @../../apikeys/non-prod/filename.xml curl -H 'Content-type:application/xml' -u uname:pwd {url}/v1/o/{orgname}/developers/{developer email id}/apps/{app-name}/keys/h766G8FsV2dGqPbRFr3yNwAjUMWCH41j -X POST -d @../../apikeys/non-prod/filename.xml curl -H 'Accept: application/xml' -H 'Content-type:application/xml' -u uname:pwd {url}/v1/o/{orgname}/developers/{developer email id}/apps/{app-name}/keys/EhHAUPSBGFaHammT4G1zgGiMDd4mvSW -X DELETE The key in file is h766G8FsV2dGqPbRFr3yNwAjUMWCH41j The key generated by APIGEE during app creation is EhHAUPSBGFaHammT4G1zgGiMDd4mvSW

i think it got messed up a little

curl -H 'Content-type:application/xml' -u uname:pwd {url}/v1/o/{orgname}/developers/{developer email id}/apps/{app-name}/keys/create -X POST -d @../../apikeys/non-prod/filename.xml

curl -H 'Content-type:application/xml' -u uname:pwd {url}/v1/o/{orgname}/developers/{developer email id}/apps/{app-name}/keys/h766G8FsV2dGqPbRFr3yNwAjUMWCH41j -X POST -d @../../apikeys/non-prod/filename.xml

curl -H 'Accept: application/xml' -H 'Content-type:application/xml' -u uname:pwd {url}/v1/o/{orgname}/developers/{developer email id}/apps/{app-name}/keys/EhHAUPSBGFaHammT4G1zgGiMDd4mvSW -X DELETE

The key in file is h766G8FsV2dGqPbRFr3yNwAjUMWCH41j The key generated by APIGEE during app creation is EhHAUPSBGFaHammT4G1zgGiMDd4mvSW

@Cladius Fernando and @vednath pittala

I've found the Support case. You were right, it needed to be in the correct queue.

This seems to be a very specific use-case, and as such, we should have a very specific discussion. I'll contact you directly so we can setup a time to talk through this.

Thanks.