Contents

Popular
 Contents

When this policy is used, API manager allows only those applications which hold the valid API Key to access API resources. It restricts users to specific resources from those present in API products.

Icon

When API resources are added to API products, a unique key is generated for each registered Client Subscription that uses those products. The generated API key is used by Verify API Key policy for verification. Conversely, the generated API key is of no use without this policy.

Configuration


Figure 1: Verify API Key Policy Configuration attribute

Click Edit  icon against Key Source to configure Message Part Identifier.

Icon

 Edit  icon against Policies tab helps to rename the policy ID (the policy name under Policies tab).

Steps

To configure the Verify API Key policy, perform the following actions:

  1. In the Policies section inside the project, configure Verify API Key policy with the values shown below:
    • Type: PARAMETER
    • Name: apiKey (The name of the query parameter which needs to be used as the identifier)
    • Default Value: null (can be any value)


      Figure 2: Providing values for the KeySource Message Part Identifiers 

  2. Create a product and add the project for which Verify API Key Policy is created by navigating to the Apps module.

    Icon

    A group of projects can be made available for clients by adding them to the product created.


    Figure 3: Adding a the project (for which an API Key is generated) in the product

  3. Create a client.
    Clients can access APIs after they are added under the Clients section. Then add a Client Subscription to them, so as to bind with a single API consumer key which allows access to the subscribed API products.


    Figure 4: Creating a Client 
     

  4. Create a Client Subscription with the client created (in the above step) and perform the following actions to the Client Subscription:

    1. Add the product to which the project is bundled.

    2. Save the configuration.

    3. Click the product to generate the API Consumer Key.

    Consumer Key and Consumer Secret are displayed below the API Products table.


    Figure 5: Creating Client Subscription and generating Consumer Key and Consumer Secret
     

  5. Pass this Consumer Key to the API proxy access URL as a parameter in the following format:

    http://<ip-address-of-gateway-machine>:2160/<project-context-path>/<project version>/?apiKey=<Consumer Key value>

    If API Key value is not provided or a wrong value is given then an error is displayed:

    {

      "ErrorMessage" : "The subscription corresponding to the key defaultvalue is invalid",

      "ErrorCode" : "Invalid Subscription",

      "MoreInfo" : "Policy Name - VerifyApiKeyPolicy, Type - VERIFY_API_KEY"

    }

    Icon

    While configuring the Verify API Key policy, if the Consumer Key value is provided as the Default Value, then apiKey parameter need not be provided in the API Proxy URL.

Adding the policy while Creating a project

Select the API Keys option when creating the project from any of the following services:

  • REST/HTTP Service (in the New Backend Service dialog box)
  • WSDL (in the New WSDL Project dialog box)


Figure 6: Attaching Verify API Keys to the project

After adding a policy, this can be configured as per requirement

 

Adaptavist ThemeBuilder EngineAtlassian Confluence