IBM Cloud Functions with API Key Access

Question

I have created an IBM Cloud Function ACTION and attached Web Actions to it. In "API" I was able to define the function to be accessed with "POST https:// example.com/hello". After tests, this all works fine.

Now I want to secure this API by distributing API Keys to some of my clients. In the API Management I can see this is feasible by activating the Require applications to authenticate via API key slider. Once activated, I can also rate-limit the calls on a per-key basis.

The problem is: how do I create API Keys ? and how do I call my endpoint ?

So far, I have been to "Manage > Access (IAM)", then IBM Cloud API keys and created an API Key for me (which is not what I what because this is an API Key for ALL my account with admin priviledges, what I would like is an API Key allowing my users to call my API only). With my API Key, I called the API like so in curl:

curl -X POST "https:// example.com/hello" -H "X-IBM-Client-Id: <MY-API-KEY>"

Still, I get a 401 unauthorized... So I guess there is something wrong but I can't get what exactly.

Answer 1

You are right. The key you created is for all of your namespace. Here are the docs to create a key for your API end point - https://cloud.ibm.com/docs/api-management?topic=api-management-keys_secrets

It is a little confusing :(. After you have created and mapped your API endpoint to an action. You do not have to enable as web action in order to use with the API Gateway.

1. You can enable authentication and then save the API. This is important. The docs say Note: You cannot see the tabs until you save your application or API for the first time.

2. Now you can go to the Sharing tab and create a new API key just for this API (and not your namespace)

3 I am able to use the key at this point. I am using the Try it feature within the API Explorer.