This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

How to secure API for single partner.

Posted on 09-30-2016 11:35 AM
paul_martin
New Member
Reply posted on --/--/---- --:-- AM

We have a partner that wants to call an API on our side through a somewhat outdated system. We have asked them if the could modify their system to send a API Key. Their answer was no. We don't want to leave our API unsecure as this API will save data in our sytem and we don't want to end up with fictitious data in our system. We tried using the Access Control Policy but what I have found is that the client.ip or X-Forwarded-For is the same whether I hit our API from their website or if I hit our API from within our network using postman. Is their something I am doing wrong? Does apigee need to configure something so we see the correct IP Address? Are there other alternatives I should be considering to secure this API that don't require our partner making changes? Thanks, Paul

Solved Solved
0 8 635
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
paul_martin
New Member
Reply posted on --/--/---- --:-- AM

I was able to get Access Control Policy to work, once I figured out that Zscaler was the problem. I was able to test from a machine that didn't have Zscaler on it. Thank you everyone for the help.

View solution in original post

Jump to Solution
8 REPLIES 8
Top Solution Authors
View all