Hi, i am looking for any document / guide which details the usage of API-Key. Following is the scenario:
An user will register itself using the API Gateway Portal. An API-Key will be generated for the user.
Same key will be send in the API request, which will be validated at the Gateway before accessing the back-end API.
Any specific assertion used to validate API-Key?
Is this what you are looking for Convert the Gateway Service - CA API Developer Portal - 3.5 - CA Technologies Documentation
Look for the section " Line 10: Look Up API Key" & "Lines 11-18: Check API key record found" in the documentation part.
Just to add on to the comment above....
If you publish an API from the Portal first, this policy logic will get laid down automatically. So it's the policy for the API itself that will enforce the logic behind API Key validation. The Look Up API Key assertion within the logic we're talking about, collects the API Key, and continues through to verify the key it found actually has access to the API.
I hope this helps.