Authentication with hard coded username and password,Implement Authentication at APIGEE level only

Our API doesn't have user name and password validation. We need to secure it at APIGEE. How can we hardcode the user name and password at APIGEE proxy level only which is authenticated with provided the username and password in request by conusming party

,

Our API doesn't have user name password. How we can set the username and password in APIGEE proxy itself so that when it is called, it authenticates the username and password provided with the username and password hardcoded at APIGEE side

0 3 791
3 REPLIES 3

I'm not quite clear on what you want Apigee to do for you, but I THINK you want Apigee to accept an inbound request, and then create a NEW outbound request to a backend (upstream?) system that looks almost exactly like the inbound request, except that there is a username and password injected into the outbound request. Is that it?

If that understanding is correct, then You can probably do what you want using an AssignMessage policy.

If you want to pass the username and password in clear text as query parameters, use AssignMessage with the <Set> element and the <QueryParams> child.

If you want to pass the username and password as headers, then you use <Set> with <Headers>. If you want to pass them as Form parameters, then use <Set> with <FormParams> .

If you want a basic-auth encoded header, then use the BasicAuthentication policy before the AssignMessage policy.

Check the documentation for full details on these options.

Good luck.

You can hardcode your username and password at environment level under admin using Key Value Map (use encrypted). Then further use the same in proxy.

Not applicable

This is not a good way of authentication.

Rather I would suggest you to go for API key verification or Oauth 2.0 Client credentials grant type.

You can store the username password in encrypted KVM and extract in proxy and match.

I would suggest the client credentials grant type actually.

You can put the same username as developer app client id and password as secret.

Then your user will use the same credentials to get a oauth token and use for service access. This will be a more secure option.