Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.

Verify API Key - Query parameter or Form Parameter

Is there a way to setup the Verify API Key policy to have it look for either a query parameter OR a form parameter? We would like the calling part to be able to provide it in either place.

Solved Solved
0 10 1,963
1 ACCEPTED SOLUTION

I guess we can use the ref attribute and reference variable value coming in query or form param,

<VerifyAPIKey async="false" continueOnError="false" enabled="true" name="Verify-API-Key-1">
    <DisplayName>Custom label used in UI</DisplayName>
    <APIKey ref="variable_containing_api_key"/>
</VerifyAPIKey>

Before this policy maybe use a JS to get key from either query/form param and set it to a variable. You can also use a couple of extract variable policies with appropiate conditions to set a variable.

It's a good practice to pass the API key in a header or form parameter rather than in a query parameter. The reason is that query parameters can show up in browser histories and network logs, which could present a possible security risk.

View solution in original post

10 REPLIES 10
Top Solution Authors