App keys: Developer
Manage consumer credentials for apps associated with individual developers.
Credential pairs consisting of consumer key and consumer secret are provisioned by Apigee Edge to apps for specific API products. Apigee Edge maintains the relationship between consumer keys and API products, enabling API products to be added to and removed from consumer keys. A single consumer key can be used to access multiple API products. Keys may be manually or automatically approved for API products--how they are issued depends on the API product configuration. A key must approved and approved for an API product to be capable of accessing any of the URIs defined in the API product.
Resource Types
Keys
Method | Endpoint | Description |
---|---|---|
post | /organizations/{org_name}/developers/{developer_email}/apps/{app_name}/keys/create | Creates a custom consumer key and secret for a developer app. This is particularly useful if you want to migrate existing consumer keys/secrets to Edge from another system. After creating the consumer key and secret, associate the key with an API product, as described in Add API Product to Key. Consumer keys and secrets can contain letters, numbers, underscores, and hyphens. No other special characters are allowed. Note: Be aware of the following size limits on API keys. By staying within these limits, you help avoid service disruptions.
If a consumer key and secret already exist, you can either keep them or delete them, as described in Delete Key for a Developer App. In addition, you can use this API if you have existing API keys and secrets that you want to copy into Edge from another system. For more information, see Import existing consumer keys and secrets. |
delete | /organizations/{org_name}/developers/{developer_email}/apps/{app_name}/keys/{consumer_key} | Deletes a consumer key that belongs to an app, and removes all API products associated with the app. Once deleted, the consumer key cannot be used to access any APIs. After you delete a consumer key, you may want to:
|
get | /organizations/{org_name}/developers/{developer_email}/apps/{app_name}/keys/{consumer_key} | Gets details for a consumer key for a developer app, including the key and secret value, associated API products, and other information. |
post | /organizations/{org_name}/developers/{developer_email}/apps/{app_name}/keys/{consumer_key} | Enables you to perform one of the following tasks:
|
put | /organizations/{org_name}/developers/{developer_email}/apps/{app_name}/keys/{consumer_key} | Updates the allowed OAuth scopes associated with an app. Note: Specify the complete list of scopes to apply. The specified list replaces the existing scopes on the app. Therefore, to add a scope, you must specify all of the existing scopes along with the added scope. This API does not change the list of scopes in the API product(s) included in the app; rather, it sets allowed list of scopes in the scopes element under the Important: The specified scopes must already exist on the API product(s) associated with the app. You can't arbitrarily add a scope that does not already exist in an API product. For example, if the app has one API product with these scopes: READ, WRITE. You can't use this API to add a new scope, such as DELETE (unless the app has another product with that scope). If you do this, you'll get a 400 Bad Request error. For example:
It would be allowed to remove one or both of the existing scopes, and later add one or both back. |
delete | /organizations/{org_name}/developers/{developer_email}/apps/{app_name}/keys/{consumer_key}/apiproducts/{apiproduct_name} | Removes an API product from an app's consumer key, and thereby renders the app unable to access the API resources defined in that API product. Note that the consumer key itself still exists after this call. Only the association of the key with the API product is removed. |
post | /organizations/{org_name}/developers/{developer_email}/apps/{app_name}/keys/{consumer_key}/apiproducts/{apiproduct_name} | Approves or revokes an API product for an API key.
Call the API with the To consume API resources defined in an API product, an app's consumer key must be approved and it must also be approved for that specific API product. Notes:
|