Reputation: 43
How do I block access to certain API resources on Apigee
I have an existing backend API with methods like:
(GET) /user/{id}
(GET) /user/delete/{id}
(GET) /user/create/firstName={firstName},lastName={lastName}
(yes, not exactly RESTful, since everything is a GET)
I want to configure my Apigee proxy to reject "/delete/" and "/create/" paths making my proxy read-only. I'm not sure whether to use some kind of conditional flow for this. How is it done?
Thanks!
Upvotes: 1
Views: 796
Answers (2)
Reputation: 1457
An alternate way of doing the same is using APIProducts.
1)Create an API product and add only a as the resource to the Product. (a. /user/{id} - GET b. /user/delete/{id} - GET c. /user/create/{abc} - GET)
2)Attach your developer apikey to this product
3)When you do APIkey Validation automatically the developer will be allowed what is there in his APIProduct and nothing else.
Upvotes: 1
Reputation: 96
You can achieve this using the following steps:
Create three different resources in a proxy as:
a. /user/{id} - GET b. /user/delete/{id} - GET c. /user/create/{abc} - GET
Now, attach 'Raise Fault' policy to 'delete' and 'create' flows.
I hope that helps. Please let me know if you have any questions.
Upvotes: 2
Related Questions
- How can I disable some APIs of my ASP.NET application
- Block users from REST API endpoint while still grabbing data from it
- REST API - How to restrict access to resources by role?
- Apigee - how to restrict resource in product via verb
- How to stop consumers from hitting invalid resources in APIGee API
- How to prevent 3rd part services from using my API?
- Apigee - How to block access to paths that aren't explicitly defined as resources
- Setting user specific permissions on Apigee
- Restricting access to REST API
- Lock down API to specific URL