This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Best Practices for Consumer/API key provisioning and management

Posted on 10-21-2015 12:54 PM
Not applicable
Reply posted on --/--/---- --:-- AM

We're having some spirited debate on best way to manage API keys for our vendors. Some promote a per-vendor key, others per-developer key. Additionally, some want a key-per-environment, so we can authorize a key against our API product per environment (you can hit production once you've seen you can properly hit test). For this, we're thinking of creating different API products for each environment, which seems like a hacky workaround.

Finally, it appears that the same API key is generated for each developer app- not each product that developer. I can see both sides of that argument.

What (best) practices are recommended by Apigee and/or the community for these areas?

Thanks...

1 4 2,733
Topic Labels
4 REPLIES 4
Top Solution Authors
View all