This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

​ClientKey (APIKey) validation is successful if a developer app is not associated with the product (API invoked)

Posted on 11-22-2017 04:34 AM
Not applicable
Reply posted on --/--/---- --:-- AM

All,

Can you please help us with this?

Please find below the steps :

Step 1 - Remove the API Product(i.e Authorisation – Internal) from the newly created Dev App such as Stream5 - QA - V2 - Client - XXX - Tomcat – Authorisation Than hit the V2- Authorisation endpoint for one of the market belongs to XXX.

Expected The call to (V2 - Authorisation – Internal Proxy) should fail, with a security error at VerifyClientKey policy level, as a dev app is trying to access a proxy in an API Product, i.e not subscribed.

The call went through successfully, with returning required set of data such as API key for that market.

Please note 'Key Approval Type' is set to Manual and still the doesn't fail and we are able to access the proxy.

Regards

Girish

1 1 183
Topic Labels
1 REPLY 1
Top Solution Authors
View all