Verifying API Key Policy
Adding Verify API Key Policy
To add a Verify API Key Policy, please perform the following actions in the API Management Dashboard:
- Click the API Projects prompt.
Figure 1: API Projects prompt in API Dashboard
- Double-click the project to which the policy is to be added.
- Go to the Policies tab and click the Add icon to add a new policy.
- In the dialog box, select the Create a Policy option, add a policy ID and select the type of policy to be added (Eg: Security > Verify API Key) from the drop-down menu and click OK.
- Select the Policy ID and environment to navigate to the respective Policy Configuration page.
Configure the Key Source as needed by clicking the Edit icon
Create a sample Verify API Key policy (refer to the Adding Verify API Key Policy section above) with the following configuration in Key Source:
- Type: PARAMETER
- Name: apiKey
- Default value: Provide a preferred value.
- Click Save to add the policy.
After the policy is created, attach the policy to the project by performing the following actions under the same page:
- Go to the Resources tab.
- Edit the DefaultResource which is already present or add a new resource.
- Click the resource, expand the Policy Configuration section and click the Add icon in the Proxy Request part to attach the policy to the proxy request endpoint.
- Click the Save icon to attach the policy to the project.
The project can now be deployed with the Verify Key Policy attached to the project.
Testing the Policy
To test the policy, perform the following actions:
Pass the consumer Key received from the Subscribed Products section (Refer to the Generating API Key section) to the API proxy access URL on the gateway server as a parameter in the following format:
http://<ip-address-of-gateway-machine>:2160/<project-context-path>/<version-number>?apiKey=<ConsumerKey>
Example
http://192.168.2.34:2160/http://www.fiorano.com/1.0?apikey=-VlbTfAR-dpHljhSElVv-WsP
The URL till the version number part in the above format will be available in API Projects > Overview > URIs under the specific server group where the project is deployed.
If the Consumer Key is correct, the request will succeed, and if not correct, the Authentication Failure code will be displayed.
After making changes to a deployed project, the project will need to be redeployed for changes to be applied.