This policy is used to allow access to API resources only for those clients with valid product subscription. All API projects in which this policy is used are wrapped into one or more products and added to a client subscription. Each product under a specific subscription has a unique pair of customer key (API key) and customer secret. API manager allows requests only from those client applications which hold a valid API Key to access API resources.
Figure 1: Verify API Key Policy Configuration attribute
Click Key Source edit icon to configure Message Part Identifier.
To configure the Verify API Key policy, perform the following actions:
- In the Policies section inside the project, configure Verify API Key policy with the values shown below:
- Type: PARAMETER
- Name: apiKey (The name of the query parameter which needs to be used as the identifier)
- Default Value: null (can be any value)
Figure 2: Providing values for the KeySource Message Part Identifiers
Create a product and add the project for which Verify API Key Policy is created by navigating to the Applications menu.
Figure 3: Adding a project to the product
Create a client ensuring that the Status is "Active".
Figure 4: Creating a Client
Create a Client Subscription with the client created (in the above step) and perform the following actions:
Add the product to which the project is bundled.
Figure 5: Adding the product to which the Verify APIkey project is added
Save the configuration.
Click the product to generate the API Consumer Key.
Figure 6: Generating Consumer Key and Consumer Secret by clicking the product saved
Pass this Consumer Key to the API proxy access URL as a parameter in the following format:
Adding the policy while creating a project
Select the API Keys option (Secure API with) in the API Customization screen while creating the project from any of the following services:
- REST/HTTP Service
Figure 7: Attaching Verify API Keys to the project
After adding a policy, this can be configured as per requirement