I am defining an API Proxy and am confused about the best way to get an access_token, and use it with an external target. My API flow looks like this
client -> edgeApiProxy -> yelp
Authentication between client and Apigee Edge is out of scope of this question.
My API Proxy is the client for the request to Yelp, and Yelp will require me to get an access token via the client_credentials grant type. It seems I can do this with a service callout policy and just cache the token until it expires. Is this the best way to retrieve the token and use it when making calls to Yelp or other OAuth protected external resources? Looking at the OAuth policies in Apigee they all seem to be related to Edge being the authorization server and/or resource owner.
Thank you
Solved! Go to Solution.
Hi @Kd Ford,
Generally for handling tokens of target systems we use a populate cache and lookup cache policy combination.
Where first you do a service callout to get the token and populate the cache with token with token expiry time as cache expiry time.
Then when you receive a request for a protected resource just do a lookup on cache for the token if the lookup fails then do service callout to fetch new token and populate cache again.
This is explained in detail in answer here