This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Testing an API using both client id and secret

Posted on 10-20-2020 03:22 PM
rajeshnimmadan
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

Hi Team,

As of now we are passing Client Id to an API using verify key policy. Now we would like to pass both client ID and secret, could you please share example or any document to test an API using Client ID and Secret. Here I am not trying to use OAUTH, I am just trying to validate an API using Client ID and Secret. Please tell possible cases, scenarios or policies to implement

Thank you.

Rajesh Nimmada

0 2 138
Topic Labels
0 Likes
2 REPLIES 2

Posted on --/--/---- --:-- AM
joshdij
New Member
Reply posted on --/--/---- --:-- AM

You can use the "BasicAuthentication" policy, where you pass both the Client ID and Client Secret.

Enables you to use lightweight Basic Authentication for last-mile security. The policy takes a username and password, Base64 encodes them, and writes the resulting value to a variable. The resulting value is in the form Basic Base64EncodedString. You typically write this value to an HTTP header, such as the Authorization header.

For more information, take a look at the information below:

https://docs.apigee.com/api-platform/reference/policies/basic-authentication-policy

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

Basic authentication in Apigee doesn't check client id and secret. I would suggest to do api key verification and then validate the secret with cross checking. If you are using basic authentication ghen you have to do the same after the basic authentication decodes the username and password.

0 Likes