Layer7 API Management

  • Private Community
 View Only

  • 1.  Developer Portal 5.1 - Application API Key per API operation

    Posted Oct 06, 2022 10:38 AM
    Hi all,

    I have a requirement to restrict access with API Key per operation on a published API through the developer portal.

    For example for an API which is published through the developer portal and has two operations, create an application and with API Key 1 allow access only to /getitem, and with another API Key to allow access only to /updateitem.

    /products/getitem
    /products/updateitem

    At the moment when creating an application the products API is added and any API Key that is created is allowed to access all API operations. I was wondering if anyone had this scenario to cover and as the documentation does not provide any information regarding such functionality whether this is a feature that has been requested before or planned to be implemented.

    Thanks and regards,
    Theos



  • 2.  RE: Developer Portal 5.1 - Application API Key per API operation

    Posted Oct 07, 2022 10:06 AM
    Hi,

    we also have same requirement. Currently our solution is to split API to several APIs with different operations. Then we can grant access separately.

    Michal
    Original Message


  • 3.  RE: Developer Portal 5.1 - Application API Key per API operation

    Posted Oct 07, 2022 10:15 AM
    Hi Michal,

    Thanks for the info, I was wondering if anyone else came across this as this would be a very common scenario.

    It would be great if someone from Broadcom could comment on this and whether this feature has been requested or planned to be implemented.

    At the moment I am examining whether a field in OTK called resource maybe could provide a temporary solution for this, of course if it does this would be a dirty fix as the developer portal does not allow manipulation of this field, not at least without customization.

    Thanks and regards,
    Theos
    Original Message


  • 4.  RE: Developer Portal 5.1 - Application API Key per API operation

    Broadcom Employee
    Posted Oct 11, 2022 08:53 AM
    Hi Theos and Michal,

    The approach I have seen used is to break these into distinct APIs today. It would be possible to use OAuth Scopes to provide a more fine-grain access control, however Portal does not currently restrict scopes available to specific applications. We will consider enhancing this in the future. I also encourage you to add this as an idea under the "Ideas" menu item in the community. This would allow others to vote for this item which will help get feedback from the wider community as to the interest/need for this.

    Thanks!

    ------------------------------
    Greg Thompson
    Layer7 Product Management
    ------------------------------

    Original Message


  • 5.  RE: Developer Portal 5.1 - Application API Key per API operation

    Posted Oct 12, 2022 02:56 AM
    Hi Gregory,

    Thanks for the info. Added as an idea as suggested link below, hopefully this feature will be added in the future.

    Idea Details - Broadcom Community - Discussion Forums, Technical Docs, and Expert Blogs

    Regards,
    Theos
    Original Message


  • 6.  RE: Developer Portal 5.1 - Application API Key per API operation

    Posted Nov 15, 2022 01:51 PM
    Hi All, 

    If it was possible to assign attributes to API keys, maybe it would be similar to RBAC, with additional functionality on "Portal Look Up Api Key" assertion in the gateway.

    ------------------------------
    Regards,
    Mesut Yalcin - Senior Solution Engineer
    Apiida AG - https://www.apiida.com
    ------------------------------

    Original Message