This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Best Practice for granting API permission based on the caller's credentials

Posted on 12-01-2015 12:18 AM
Not applicable
Reply posted on --/--/---- --:-- AM

What is the best practice for granting API permission based on the caller's credentials?

For example, suppose there is a /basepath/v1/items resource and I want only UserA can do CRUD operations on it while UserB can only GET it, how can this be achieved in Apigee?

Actually, I have a solution but not sure if it is the recommended ways:

1. Create two separate API Products, which contains the same API proxy for /basepath/v1/items

2. Following steps in https://community.apigee.com/articles/2514/how-to-restrict-api-resources-by-their-full-path-a.html, add different Resource Paths for different API Products.

1 3 289
Topic Labels
3 REPLIES 3
Top Solution Authors
View all