Solved: Restrict access to apis by product and HTTP method - Page 2

raanantharaman · 08-16-2020 08:49 PM

Hi,

I have a use case where I have to restrict access to our apis using api path and http method

Eg I have the below endpoints

GET /v1/organizations

POST /v1/organizations

DELETE /v1/organizations

I need to restrict access by both endpoint and http method. Some users should have access to only GET and some users should have only to POST while some will have to all the HTTP methods

We are using apikey authentication for the apis. Is there a way I can achieve the above using apikey validation ?

I see I can add specific endpoint to the product but the product doesn't allow to add http methods

Appreciate your help

Thanks

Ram

strebel

Hi Ram,

The products do not allow you to restrict the HTTP methods per endpoint. You would have to do this within the API Proxy.

One approach would be to add attributes to the product to define the allowed methods and then enforce these after the API key is validated. This could potentially also be done in a shared flow if this is a common functionality.

View solution in original post

Report Inappropriate Content

There is no inbuilt option for the method. You can specify allowed methods in the developer app or product custom attributes. Later in api flow fetch and verify. If ot matching with methods in attributes it will throw error.

View solution in original post