Hi

We have API Proxies which are OAUTH2 protected. All these proxies are being build and deployed using CI/CD pipelines in Azure. OAUTH2 protection has been added recently and it has lead us to consider points below for which we are seeking some inputs/help -

1. Since these are OAUTH2 protected proxies when we do Integration testing of these proxy APIs it becomes a prerequisite to provide access token during API calls, and then validate the results are correct or not else integration tests will fail

2. Due to this whenever Developer creates a proxy in APIGEE and wants to deploy it using Ci/CD pipeline he needs to have a product, and then an app with client id, secret as a prerequisite, because to generate a token and get it validated in a proxy product and app association is required. Also, additional step would be required in pipeline to associate Proxy to Product.

3. To get it past the CI/CD do we maintain a mock product and app in configurations applicable for all environments, and get it associated with new proxies that are being deployed so that Integration tests do not fail.

4. Also, if we take Developer portal in consideration then Apps would also be created directly from that interface against the API product line that we expose. If we go with maintaining Configurations as a Code practice then we would need to find some way to export these app details and then maintain them in Source Code Repository corresponding to the environment to which they belong. How others are doing it using Management APIs, jobs etc.

I do not find much documentation covering these topics, and how others have dealt with them in past.

Any help is appreciated.

thanks,

Aakash