This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

How to handle multiple authentication (api authentication already in place)

Posted on 08-14-2020 12:22 PM
sandeepandash
New Member
Reply posted on --/--/---- --:-- AM

Hi all, I am new to apigee. Recently I deployed a product and it's proxies to apigee wherein I have 2 APIs.

I have authentication already in place. So first api is used to authenticate the client and generates a token and this token is used to validate the second api . But apigee also has it's own authentication and requires to pass the token from client credentials of the developer's app for the subscribed product.

So how do I pass multiple tokens/ handle multiple authentication?

Note- I am using postman to test the proxy endpoints.

0 3 358
Topic Labels
0 Likes
3 REPLIES 3

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

If you have a client and a server app, and you've already constructed a mechanism by which the client authenticates directly to the server, then why do you need Apigee to participate in the authentication? What problem are you solving?

Apigee has its own authentication - correct. That Apigee can do it allows people who build APIs and services to avoid that task. It sounds like you've already done that. So.... ? Done?

If I am misunderstanding the situation, then maybe a sequence diagram would help. Not clear what "first API" and "second API" refers to, or how you're doing the validation of the token, and etc. Maybe you could elaborate on that and clarify things.

0 Likes

Posted on --/--/---- --:-- AM
sandeepandash
New Member
Reply posted on --/--/---- --:-- AM

Yes I get your point. The client server app wasn't built keeping apigee in mind. I am just using it to do a PoC on apigee, for my learning purpose. But I was just wondering if there is a way or workaround for such a scenario or if I'm missing something. Anyway, thanks for clarifying Dino!

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

The process you have specified fits with oauth 2.0 clinet_credenntial type grant.

If you are using authentication other than apigee oauth 2.0, your first api will do the user validation using ldap authentication, or can use service callout to get verified and generate token like Auth0. Then the second api will do servicecallout to validate the token and process the authenticated request to target service.