How do I block access to certain API resources on Apigee
Question
I have an existing backend API with methods like:
(GET) /user/{id}
(GET) /user/delete/{id}
(GET) /user/create/firstName={firstName},lastName={lastName}
(yes, not exactly RESTful, since everything is a GET)
I want to configure my Apigee proxy to reject "/delete/" and "/create/" paths making my proxy read-only. I'm not sure whether to use some kind of conditional flow for this. How is it done?
Thanks!
2 answers
solution1
2 ACCPTED 2013-11-18 18:58:09
You can achieve this using the following steps:
Create three different resources in a proxy as:
a. /user/{id} - GET b. /user/delete/{id} - GET c. /user/create/{abc} - GET
Now, attach 'Raise Fault' policy to 'delete' and 'create' flows.
I hope that helps. Please let me know if you have any questions.
solution2
1 2014-01-22 07:25:38
An alternate way of doing the same is using APIProducts.
1)Create an API product and add only a as the resource to the Product. (a. /user/{id} - GET b. /user/delete/{id} - GET c. /user/create/{abc} - GET)
2)Attach your developer apikey to this product
3)When you do APIkey Validation automatically the developer will be allowed what is there in his APIProduct and nothing else.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.