This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

API Key validation error

Posted on 07-03-2023 01:32 PM
anannra
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Have been configuring and testing our proxy for some time now.
I can prove that spike arrest and other features work correctly, but the moment we enable api verification and supply valid api keys, we continually see the following response from the proxy:

{
    "fault": {
        "faultstring": "Invalid ApiKey for given resource",
        "detail": {
            "errorcode": "oauth.v2.InvalidApiKeyForGivenResource"
        }
    }
}
 
Our configuration is not very complex, as we have just a simple endpoint that takes in a very simple request. 
 
Users, apps, and keys are all approved from what we can tell, and with api key validation turned off, our proxy works as expected.
 
any suggestions would be great.
Solved Solved
0 12 5,688
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
dchiesa1
Staff
In response to anannra
Reply posted on --/--/---- --:-- AM

ok thanks for that. Either the header or the queryparam should work. 

I understand, and see from the trace, that the VerifyAPIKey policy is retrieving the APIKey you passed in, as a queryparam.  It is trying to validate the thing you passed in.  Therefore we know the problem is not in the configuration of the policy or the format of the request - those are both good. 

you can check the app, key and product: 

apigee-app-key-and-product.jpg

  • does the app and key exist in Apigee? I know you have an API key. But can you also check the origin of the API Key?   What I mean: The app entity in Apigee can host one or more credentials. The cred is the combination of API key and secret.  (Because you are using VerifyAPIKey you need only the APIKey, can ignore the secret.)   Have you verified that the value you are inserting into x-apikey header (or the queryparam) is actually one of the Keys that is attached to your desired app?  You have correctly copied the value out of the key - there is no corruption or modification of the key value?  No extra characters. 
  • The app should be authorized for one or more API products. Let's keep it simple and make it just one API product. Click through the link to the API Product and check the operations on the product. Because you are sending in a POST to /query, your operation should include 
    • the API proxy that is handling the request.  In your case, this will be the proxy that has /tgapi as the basepath, from the screenshot, it l ooks like it is called "tgapi". 
    • at least the /query path.  You can use wildcards like /* or /** to denote any single segment, or any combination of segments, respectively. Any path like {/query , /* , /** } is fine. 
    • at least the POST method (verb).  You can have other methods. 
  • If your product does not include the right operation, the VerifyAPIKey will return with InvalidApiKeyforGivenResource. For example if the verb list includes only GET but not POST, ... or if the path is only / , ... Or if you have the "wrong" proxy here, ... in any of these cases you will see the error you are seeing at runtime.  To fix this, Edit the product, add an operation that includes the right combination of {proxy, path, method} and save the product.  Or modify the existing operation to correct the set of methods or the path, or the proxy.

check-the-operations.jpg

Even after you correct the API Product definition, you may still see the error you observed!!  for a little while.  Apigee caches the API product definition and it make take up to 3 minutes for the changes you have made in the administrative UI, to take effect in the gateways.  

View solution in original post

Jump to Solution
0 Likes
12 REPLIES 12
Top Solution Authors
View all