Apigee Token Hashing :

We are working on security recommendations from APIGEE, as part of that, we are trying to implement hashing token for extra security using the following link :

https://docs.apigee.com/api-platform/security/oauth/hashing-tokens



Please find the implementation in the document as follows:

curl -u email:password -X PUT -H "Content-type:application/xml" https://host:port/v1/o/{myorg} -d \
"<Organization type="trial" name="MyOrganization">
<Properties>
<Property name="features.isOAuthTokenHashingEnabled">true</Property>
<Property name="features.OAuthTokenHashingAlgorithm">SHA256</Property>
<Property name="features.isOAuthTokenFallbackHashingEnabled">true</Property>
<Property name="features.OAuthTokenFallbackHashingAlgorithm">SHA1</Property>
</Properties>
</Organization>"



Question 1 : How can we find all the existing organization properties?
As per following link, https://docs.apigee.com/api-platform/security/oauth/access-tokens indicates following warning.

Warning: When you update the organization with the API call, be sure to include all the existing organization properties in the payload. If you don't, all existing organization properties are overwritten by only the properties you set with this call.

Question 2 : Can you please confirm what should be given as "Organization type="****", as we are private cloud paid (4.19.06) customers.In the doc it shows as "trial"

Question 3:

please also confirm if there will be any performance impact because of this ?

0 0 117
0 REPLIES 0