Verify API Key Policy Error with Path Parameter

Hi,

I have an API Proxy with below resources with Verify API Key policy.

(1) - /salesOrder

(2) - /salesOrder/{orderID}/Header

(3) - /salesOrder/{orderID}/Items

I created a API Product with adding the API Proxy with all 3 resources. In runtime I'm able to successful call (1), but (2) and (3) result error "Invalid ApiKey for given resource".

The same key works when I updated the API Resource (2) and (3) as /salesOrder/Header/{orderID} and /salesOrder/Items/{orderID} i.e. with path Parameter at the end.

Question: Is there a limitation to determine the exact resource when path parameter is used in URI segments inbetween?

Solved Solved
1 7 287
1 ACCEPTED SOLUTION

Is there a limitation to determine the exact resource when path parameter is used in URI segments inbetween?

I don't quite understand what you're asking.

But I can give you some information that might help. When you configure an API product, you get to specify the resource paths that are included in the authorization. A Common choice is "/**" which indicates "all paths are included".

If you specify the resource path as "/*" , that tells Apigee to limit the API calls to only those with ONE path segment. It does not matter if the path segment is variable or not.

If you specify the resource path as / (a single slash) , then it tells Apigee that only an API call with the basepath will be allowed.

All of this is documented. https://docs.apigee.com/api-platform/publish/create-api-products#behavior-resource-path

So I suspect that you have a resource path configured on your API product, and that is what is causing the "invalid APIKey for given resource" .

If you remove all resourcepaths on the API Product, then Apigee reverts to "/**" which means "any path is allowed."

If you like, you can just create a NEW api product with new credentials and try it that way.

View solution in original post

7 REPLIES 7

Not applicable

please try below and let me know.

(2) /salesOrder/*/Header

(3) -/salesOrder/*/Items

No. It's the same result "Invalid ApiKey for given resource".

If I disable the policy I see that the respective Resource's Conditional Flow is triggered. But the same resource is not recognized during verify api key step to successfully validate the key.

in that case please remove all the resource paths present in the product.

only simply add the proxy name. You will not see the error.

Thank you. I was stuck with it not working with the API resource added to the product. Now I have the product with only API Proxy and it's working.

@santhosh kumar vellingiri, it might help you to check https://docs.apigee.com/api-platform/publish/create-api-products#behavior-resource-path

on how to use the wildcards to satisfy the resources you have.

Is there a limitation to determine the exact resource when path parameter is used in URI segments inbetween?

I don't quite understand what you're asking.

But I can give you some information that might help. When you configure an API product, you get to specify the resource paths that are included in the authorization. A Common choice is "/**" which indicates "all paths are included".

If you specify the resource path as "/*" , that tells Apigee to limit the API calls to only those with ONE path segment. It does not matter if the path segment is variable or not.

If you specify the resource path as / (a single slash) , then it tells Apigee that only an API call with the basepath will be allowed.

All of this is documented. https://docs.apigee.com/api-platform/publish/create-api-products#behavior-resource-path

So I suspect that you have a resource path configured on your API product, and that is what is causing the "invalid APIKey for given resource" .

If you remove all resourcepaths on the API Product, then Apigee reverts to "/**" which means "any path is allowed."

If you like, you can just create a NEW api product with new credentials and try it that way.

Thank you. I was stuck with it not working with the API resource added to the product. Now I have the product with only API Proxy and it's working.