This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Using AccessEntity policy to retrieve API product data from app associated with multiple API product

Posted on 05-23-2024 03:59 AM
AlexCh
Bronze 4
Bronze 4
Reply posted on --/--/---- --:-- AM

Hello,

I have some issues with the AccessEntity policy on Apigee hybrid.

I would like to use the AccessEntity policy to retrieve information from the API product, in policy I'm using EntityType: apiproduct and EntityIdentifier: consumerkey:

AlexCh_0-1716457635092.png

But if we have more than one API product associated with the app, we need to add SecondaryIdentifier for that I've added secondaryIdentifier: apiresource

AlexCh_0-1716461365147.png

Supported entity types and identifiers can be seen in the next picture:

AlexCh_2-1716458211118.png

After that, I've added Operations with path to API products:

API product A:

AlexCh_1-1716461507624.png

API product B:

AlexCh_3-1716461563260.png

App:

AlexCh_4-1716461607156.png

But as a result, the AccessEntity policy can't retrieve any information from API products because can't find an appropriate APIproduct that is associated with SecondaryIdentifier: apiresource

AlexCh_5-1716461672379.png

So, my question is how can fix my code to be able to retrieve information from desired API products based on proxy.pathsuffix in case that app is associated with more than one API product? 

@dchiesa1  please look at this issue

 

Solved Solved
3 2 358
Topic Labels
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

retrieve information from desired API products based on proxy.pathsuffix in case that app is associated with more than one API product?

Apigee resolves the product name for you automatically when you call VerifyAPIKey or VerifyAccessToken. You do not need to "look up" the product based on the pathsuffix. For example after VerifyAccessToken, the variable apigee.apiproduct.name will hold the product name . Then you just use AccessEntity to get the product information.

 

<AccessEntity name='AE-Product-by-ProductName'>
  <EntityType value='apiproduct' />
  <EntityIdentifier type='apiproductname' ref='apigee.apiproduct.name' />
  <OutputFormat>XML</OutputFormat>
</AccessEntity>

 

and the product info (if you are using the new operationgroups configuration model) will look like this:

 

  <ApiProduct name="ApiProduct-B">
    <ApiResources/>
    <ApprovalType>auto</ApprovalType>
    <Attributes>
      <Attribute>
        <Name>access</Name>
        <Value>public</Value>
      </Attribute>
    </Attributes>
    <CreatedAt>1715288180075</CreatedAt>
    <CreatedBy>defaultUser</CreatedBy>
    <Description></Description>
    <DisplayName>ApiProduct-B</DisplayName>
    <Environments>
      <Environment>eval</Environment>
    </Environments>
    <LastModifiedAt>1715288180075</LastModifiedAt>
    <LastModifiedBy>defaultUser</LastModifiedBy>
    <OperationGroup>
      <operationConfigType>proxy</operationConfigType>
      <operationConfigs>
        <apiSource>proxyname-1</apiSource>
        <operations>
          <methods>GET</methods>
          <resource>/*</resource>
        </operations>
        <quota/>
      </operationConfigs>
    </OperationGroup>
    ...
  </ApiProduct>

 

If that's not sufficient, can you step back and explain your motivation behind your question?

If you use AccessEntity and specify EntityType = app, then you will get information on the app:

 

<AccessEntity name='AE-App-By-ClientID'>
  <EntityType value='app' />
  <EntityIdentifier type='consumerkey' ref='request.formparam.client_id' />
  <OutputFormat>XML</OutputFormat>
</AccessEntity>

 

The app information will be like this:

 

  <App name="app-name-1">
    <Credentials>
      <Credential>
        <Attributes/>
        <ConsumerKey>oyImNGbU29...kEAavfYbkQd</ConsumerKey>
        <ConsumerSecret>iLGaoIU...iN3dE</ConsumerSecret>
        <ExpiresAt>-1</ExpiresAt>
        <IssuedAt>1716570932516</IssuedAt>
        <ApiProducts>
          <ApiProduct>
            <Name>ApiProduct-A</Name>
            <Status>approved</Status>
          </ApiProduct>
          <ApiProduct>
            <Name>ApiProduct-B</Name>
            <Status>approved</Status>
          </ApiProduct>
        </ApiProducts>
        <Scopes/>
        <Status>approved</Status>
      </Credential>
    </Credentials>
    <AppFamily>default</AppFamily>
    <AppId>add6e8ec-8e52-43f3-92cc-xxxxxxxxxxxx</AppId>
    <Attributes>
      <Attribute>
        <Name>attr1</Name>
        <Value>123</Value>
      </Attribute>
    </Attributes>
    ...
  </App>

 

If you need more flexibility inquiring or searching through API Products, you can use the Apigee API. Use a ServiceCallout to send a GET request to https://apigee.googleapis.com . You need admin access to that, to do so.

View solution in original post

Jump to Solution
2 REPLIES 2

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

retrieve information from desired API products based on proxy.pathsuffix in case that app is associated with more than one API product?

Apigee resolves the product name for you automatically when you call VerifyAPIKey or VerifyAccessToken. You do not need to "look up" the product based on the pathsuffix. For example after VerifyAccessToken, the variable apigee.apiproduct.name will hold the product name . Then you just use AccessEntity to get the product information.

 

<AccessEntity name='AE-Product-by-ProductName'>
  <EntityType value='apiproduct' />
  <EntityIdentifier type='apiproductname' ref='apigee.apiproduct.name' />
  <OutputFormat>XML</OutputFormat>
</AccessEntity>

 

and the product info (if you are using the new operationgroups configuration model) will look like this:

 

  <ApiProduct name="ApiProduct-B">
    <ApiResources/>
    <ApprovalType>auto</ApprovalType>
    <Attributes>
      <Attribute>
        <Name>access</Name>
        <Value>public</Value>
      </Attribute>
    </Attributes>
    <CreatedAt>1715288180075</CreatedAt>
    <CreatedBy>defaultUser</CreatedBy>
    <Description></Description>
    <DisplayName>ApiProduct-B</DisplayName>
    <Environments>
      <Environment>eval</Environment>
    </Environments>
    <LastModifiedAt>1715288180075</LastModifiedAt>
    <LastModifiedBy>defaultUser</LastModifiedBy>
    <OperationGroup>
      <operationConfigType>proxy</operationConfigType>
      <operationConfigs>
        <apiSource>proxyname-1</apiSource>
        <operations>
          <methods>GET</methods>
          <resource>/*</resource>
        </operations>
        <quota/>
      </operationConfigs>
    </OperationGroup>
    ...
  </ApiProduct>

 

If that's not sufficient, can you step back and explain your motivation behind your question?

If you use AccessEntity and specify EntityType = app, then you will get information on the app:

 

<AccessEntity name='AE-App-By-ClientID'>
  <EntityType value='app' />
  <EntityIdentifier type='consumerkey' ref='request.formparam.client_id' />
  <OutputFormat>XML</OutputFormat>
</AccessEntity>

 

The app information will be like this:

 

  <App name="app-name-1">
    <Credentials>
      <Credential>
        <Attributes/>
        <ConsumerKey>oyImNGbU29...kEAavfYbkQd</ConsumerKey>
        <ConsumerSecret>iLGaoIU...iN3dE</ConsumerSecret>
        <ExpiresAt>-1</ExpiresAt>
        <IssuedAt>1716570932516</IssuedAt>
        <ApiProducts>
          <ApiProduct>
            <Name>ApiProduct-A</Name>
            <Status>approved</Status>
          </ApiProduct>
          <ApiProduct>
            <Name>ApiProduct-B</Name>
            <Status>approved</Status>
          </ApiProduct>
        </ApiProducts>
        <Scopes/>
        <Status>approved</Status>
      </Credential>
    </Credentials>
    <AppFamily>default</AppFamily>
    <AppId>add6e8ec-8e52-43f3-92cc-xxxxxxxxxxxx</AppId>
    <Attributes>
      <Attribute>
        <Name>attr1</Name>
        <Value>123</Value>
      </Attribute>
    </Attributes>
    ...
  </App>

 

If you need more flexibility inquiring or searching through API Products, you can use the Apigee API. Use a ServiceCallout to send a GET request to https://apigee.googleapis.com . You need admin access to that, to do so.

Jump to Solution

Posted on --/--/---- --:-- AM
AlexCh
Bronze 4
Bronze 4
In response to dchiesa1
Reply posted on --/--/---- --:-- AM

Yes, with the variable apigee.apiproduct.name, I can identify the exact API product from the app using the Access Entity policy. This solution resolved my task. Thanks a lot for your help.

Jump to Solution
Top Solution Authors
View all