Does API Key authenticates or identifies the client application?
Yes ,
verify api key policy show many variables those includes details like product , app , developer etc.
client application details you can find using the below variable -
apigee.developer.app.name |
---|
Check below attached screen for reference -
thanks @Sartaj Singh Sisodiya but i want to know if api key authenticates or identify the client app.
@Ilyas shah May I know what is your use case and what you want to achieve ?
Like as I given the example, Verify API Key policy validate the request api key and retrieve the related information of app, product and developers. This will just verify the api-key. if you want to verify authenticate the app, after Verify API Key policy you can check using javascript policy.
Let me know your use case So I can help in that
@Ilyas shah@Sartaj Singh Sisodiya
Typically , there is other way to do it instead of Java Script.
When verify AP key is executed , after the success it will populate the variable as in the above image ; one of it is the secret of the product. You can add a condition by verifying the client secret in the flow and raise a fault .
Condition would be like (verifyapikey.<<Name of the module>>.client_secret != <<User provided client secret>>
Hope this helps.
Thanks,
Latheef D
thanks now i understood.