Contents

Popular
 Contents

When this policy is used, API manager allows only those apps which hold the valid API Key to access your API resources. It restricts the users to use specific resources from those present in your API products.

Icon

When you add your API resources to API products, a unique key is generated for each registered Client Subscription that uses those products. The generated API key is used by Verify API Key policy for verification. Conversely, the generated API key is of no use without this policy.

Configuration


Figure 1: Verify API Key Policy Configuration attribute

Click Edit  icon against Key Source to configure Message Part Identifier.

Icon

 Edit  icon against Policies tab helps to rename the policy ID, that is, the policy name under Policies tab.

Steps

To configure the Verify API Key policy, perform the following actions:

  1. In the Policies section inside the project, configure Verify API Key policy with the values shown below:
    • Type: PARAMETER
    • Name: apiKey (The name of the query parameter which needs to be used as the identifier)
    • Default Value: null (can be any value)


      Figure 2: Providing values for the KeySource Message Part Identifiers 

  2. Create a product and add the project for which Verify API Key Policy is created by navigating to Apps module.

    Icon

    A group of projects can be made available for your clients by adding them to the product that is created.


    Figure 3: Adding a the project (for which API Key is generated) in the product

  3. Create a client.
    Clients can access your APIs after you add them under Clients section and then add a Client Subscription to them, thereby binding with a single API consumer key which allows them to access the subscribed API products.


    Figure 4: Creating Client 

  4. Create a Client Subscription with the client created above and perform the following actions to this Client Subscription:

    1. Add the product to which the project is bundled.

    2. Save the configuration.

    3. Click the product to generate the API Consumer Key.

    Consumer Key and Consumer Secret are displayed below the API Products table.


    Figure 5: Creating Client Subscription and generating Consumer Key and Consumer Secret
     

  5. Pass this Consumer Key to the API proxy access URL as a parameter in the following format:

    http://<ip-address-of-gateway-machine>:2160/<project-context-path>/<project version>/?apiKey=<Consumer Key value>

    If API Key value is not provided or a wrong value is given then an error like below is displayed:

    {

      "ErrorMessage" : "The subscription corresponding to the key defaultvalue is invalid",

      "ErrorCode" : "Invalid Subscription",

      "MoreInfo" : "Policy Name - VerifyApiKeyPolicy, Type - VERIFY_API_KEY"

    }

    Icon

    While configuring the Verify API Key policy, if the Consumer Key value is provided as the Default Value, then apiKey parameter need not be provided in API Proxy URL.

Adding the policy while Creating a project

Select API Keys option while creating the project from any of the following services:

  • REST/HTTP Service (in the New Backend Service dialog box)
  • WSDL (in the New WSDL Project dialog box)


Figure 6: Attaching Verify API Keys to the project while creating it

After adding a policy, this can be configured as per requirement

 

Adaptavist ThemeBuilder EngineAtlassian Confluence