Layer 7 API Management

Expand all | Collapse all

Apikey validation

Jump to Best Answer
  • 1.  Apikey validation

    Posted 05-22-2017 05:14 AM

    I need to verify incoming apikey( in header) with the key that is generated in the portal while registering and App creation.

    Following is the policy fragment that I have developed, In this the apikey field in lookupApikey assertion is hardcoded to what i got from portal and i think this assertion sets the {apikeyRecord.key} variable to this value.

    But I don't want that, it has to be a context variable which should pick apikey that is generated from portal(so that if another App wants to use same API it can using different Apikey)  


    Is there something that I am missing. Please help.




  • 2.  Re: Apikey validation
    Best Answer

    Posted 05-22-2017 08:37 PM

    Hello alok612 ,

    The apikey can be passed by request parameter/header, then in your policy, you can get the apikey from request and validate it via lookup api assertion, so the policy can be re-used.


    ie. the client should be aware of the apikey of the application it is trying to call.