Layer7 API Management

Expand all | Collapse all

Usage of API-Key for validation

Jump to Best Answer
  • 1.  Usage of API-Key for validation

    Posted 05-04-2017 08:30 AM

    Hi, i am looking for any document / guide which details the usage of API-Key. Following is the scenario:


    An user will register itself using the API Gateway Portal. An API-Key will be generated for the user.

    Same key will be send in the API request, which will be validated at the Gateway before accessing the back-end API.


    Any specific assertion used to validate API-Key?




  • 2.  Re: Usage of API-Key for validation

    Posted 05-07-2017 11:20 PM

    Is this what you are looking for Convert the Gateway Service - CA API Developer Portal - 3.5 - CA Technologies Documentation 


    Look for the section " Line 10: Look Up API Key"  & "Lines 11-18: Check API key record found" in the documentation part.

  • 3.  Re: Usage of API-Key for validation
    Best Answer

    Posted 05-09-2017 08:34 AM

    Just to add on to the comment above....


    If you publish an API from the Portal first, this policy logic will get laid down automatically. So it's the policy for the API itself that will enforce the logic behind API Key validation. The Look Up API Key assertion within the logic we're talking about, collects the API Key, and continues through to verify the key it found actually has access to the API. 


    I hope this helps.


    -Alec Daniello

    APIM Support

  • 4.  Re: Usage of API-Key for validation

    Posted 05-15-2017 06:16 AM