Nainaz's Blog

Apigee Assignment - Based on Basic authentication, Verify API key, and Javascript policy

Nainaz's photo
Nainaz
·

3 min read

Apigee Assignment - Based on Basic authentication, Verify API key, and Javascript policy

  • CREATE an API proxy with an appropriate base path.

  • Attach a verify API key policy {the client_id and client_secret must be sent in the Basic Authorization encoded form from Postman}.

  • The base64 encoded authorization should be decoded using Basic Authorization and the client_id should be verified in Verify API key policy.

  • In the header, the below values have to be sent:

    - FirstName: {your_firstname}
    - LastName: {yout_lastname}
    - Operation: FirstName/LastName

  • Attach the Javascript policy and the following has to be done:

    • If operation = FirstName --> "Hi, {your_firstname}" should be the response.

    • If the Operation = Lastname --> "Hi, {your_lastname}" should be the response.

Implementation

CREATE NEW no target API proxy without selecting an API key security option while creating.

The request message consists of an encoded form of client_id and client_secret (we will know how to get this client_id and client_secret later).
To Decode it use the Basic Authentication policy.
Proxyendpoint -> Preflow -> Request -> ADD Basic Authentication policy.

The basic Authentication policy code should look like below.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<BasicAuthentication continueOnError="false" enabled="true" name="Basic-Authentication-1">
    <DisplayName>Basic Authentication-1</DisplayName>
    <Operation>Decode</Operation>
    <IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
    <User ref="request.queryparam.client_id"/>
    <Password ref="request.queryparam.client_secret"/>
    <Source>request.header.Authorization</Source>
</BasicAuthentication>

After decoding the client_id should be verified in the Verify API key policy.
Proxyendpoint -> Preflow -> Request -> ADD Verify API key policy.

Verify API key policy code should look like below.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<VerifyAPIKey continueOnError="false" enabled="true" name="Verify-API-Key-1">
    <DisplayName>Verify API Key-1</DisplayName>
    <Properties/>
    <APIKey ref="request.queryparam.client_id"/>
</VerifyAPIKey>

ADD Javascript policy to operate.
Proxyendpoint -> Preflow -> Request -> ADD Javascript policy.

The Javascript policy code should look like the below.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<Javascript continueOnError="false" enabled="true" timeLimit="200" name="JavaScript-1">
    <DisplayName>JavaScript-1</DisplayName>
    <Properties/>
    <ResourceURL>jsc://JavaScript-1.js</ResourceURL>
</Javascript>

JavaScript-1.js (Below the resources) code should look like below.

 var firstname = context.getVariable("request.header.Firstname");
 var lastname = context.getVariable("request.header.Lastname");
 var operation = context.getVariable("request.header.Operation");

 const result = operation === 'Firstname';
 var ot;

 if(result){
     ot = 'Hi,' + firstname;
 }
 else{
     ot = 'Hi,' + lastname;
 }
 context.setVariable("output",ot);

ADD Assign Variable policy to construct the response message.
Proxyendpoint -> Postflow -> response -> ADD Assign Variable policy.

Assign Variable policy code should look like below.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AssignMessage continueOnError="false" enabled="true" name="Assign-Message-1">
    <DisplayName>Assign Message-1</DisplayName>
    <Properties/>
    <Set>
        <Headers/>
        <QueryParams/>
        <FormParams/>
        <Verb>POST</Verb>
        <Payload contentType="application/text">
            "{output}"
        </Payload>
        <Path/>
    </Set>
    <AssignVariable>
        <Name>name</Name>
        <Value/>
        <Ref/>
    </AssignVariable>
    <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
    <AssignTo createNew="false" transport="http" type="request"/>
</AssignMessage>

Save and Deploy the Proxy.

Create an APP to get the client_id and client_secret.

CREATE an API product.

Click on ADD AN OPERATION to add a proxy.
Fill in the corresponding details and click on SAVE.

Click on SAVE to create a proxy.
Add Developer.

Create an App developer by selecting the required API product.

Fill in the corresponding details and click on Create.

After the App gets approved we will get the key(client_id) and secret(client_secret).

Encode the client_id and client_secret by using the below website. By pasting client_id and client_secret in colen separated formate.
https://www.base64encode.org/

Send the request message: yourhost/proxy_basepath, add the below values in the header:
Authorization = Basic encoded_id_and_secret
FirstName: {your_firstname}
LastName: {yout_lastname}
Operation: FirstName/LastName.

Apigee Assignment Javascript policyVerify API key Based on Basic authenticationApigee Assignment - Based on Basic authentication, Verify API key, and Javascript policyAPIsAPI Managementgoogle cloud