Exposing APIs for internal and external users

Not applicable

I have set of REST services and SOAP services. The REST services expose CRUD operations for the internal web applications (using Apigee Edge). I would like to expose the GET services outside my network for third party developers.

Is this possible to enable one or more subsets of my services outside my organization? I may want to enable another set for partners who have little more control over the APIs like POST, PUT and PATCH, but not DELETE.

Solved Solved
0 2 1,896
1 ACCEPTED SOLUTION

Not applicable

Hello Anbu,

That certainly can be done. The most straight forward way would be to create API Products for the specific APIs you want to expose and then create Apps based on these API products. The Apps would have API keys that would be needed to access the API. In order to do this, you would need to add a Verify API Key policy as the first step in your API Preflow.

You can find information on configuring API Products here: http://apigee.com/docs/developer-services/content/creating-api-products. Information on creating Apps can be found here: http://apigee.com/docs/developer-services/content/creating-apps-surface-your-api

View solution in original post

2 REPLIES 2

Not applicable

Hello Anbu,

That certainly can be done. The most straight forward way would be to create API Products for the specific APIs you want to expose and then create Apps based on these API products. The Apps would have API keys that would be needed to access the API. In order to do this, you would need to add a Verify API Key policy as the first step in your API Preflow.

You can find information on configuring API Products here: http://apigee.com/docs/developer-services/content/creating-api-products. Information on creating Apps can be found here: http://apigee.com/docs/developer-services/content/creating-apps-surface-your-api

In the Product, you can control the access by adding /resources - which allow accessing. If you do not add /resources, all the /resources of the Proxy allow to access but when you explicitly add particular /resource (example /resouce1, /resource2), only those allow to access, other not.