App keys: Developer

download spec authorize

App keys: Developer

Manage consumer credentials for apps associated with individual developers.

Credential pairs consisting of consumer key and consumer secret are provisioned by Apigee Edge to apps for specific API products. Apigee Edge maintains the relationship between consumer keys and API products, enabling API products to be added to and removed from consumer keys. A single consumer key can be used to access multiple API products. Keys may be manually or automatically approved for API products--how they are issued depends on the API product configuration. A key must approved and approved for an API product to be capable of accessing any of the URIs defined in the API product.

Resource Types

URIs are relative to https://api.enterprise.apigee.com/v1, unless otherwise noted.

Keys

For more information, see Keys.
MethodEndpointDescription
post/organizations/{org_name}/developers/{developer_email}/apps/{app_name}/keys/create

Creates a custom consumer key and secret for a developer app. This is particularly useful if you want to migrate existing consumer keys/secrets to Edge from another system.

After creating the consumer key and secret, associate the key with an API product, as described in Add API Product to Key.

Consumer keys and secrets can contain letters, numbers, underscores, and hyphens. No other special characters are allowed.

Note: Be aware of the following size limits on API keys. By staying within these limits, you help avoid service disruptions.

  • Consumer key (API key) size: 2 KB
  • Consumer secret size: 2 KB

If a consumer key and secret already exist, you can either keep them or delete them, as described in Delete Key for a Developer App.

In addition, you can use this API if you have existing API keys and secrets that you want to copy into Edge from another system. For more information, see Import existing consumer keys and secrets.

delete/organizations/{org_name}/developers/{developer_email}/apps/{app_name}/keys/{consumer_key}

Deletes a consumer key that belongs to an app, and removes all API products associated with the app. Once deleted, the consumer key cannot be used to access any APIs.

After you delete a consumer key, you may want to:

get/organizations/{org_name}/developers/{developer_email}/apps/{app_name}/keys/{consumer_key}

Gets details for a consumer key for a developer app, including the key and secret value, associated API products, and other information.

post/organizations/{org_name}/developers/{developer_email}/apps/{app_name}/keys/{consumer_key}

Enables you to perform one of the following tasks:

  • Add an API product to a developer app key, enabling the app that holds the key to access the API resources bundled in the API product. You can also use this API to add attributes to the key. You must include all existing attributes, whether or not you are updating them, as well as any new attributes that you are adding. After adding the API product, you can use the same key to access all API products associated with the app.

  • Approve or revoke a specific consumer key for an app. Call the API with the action query parameter set to approve or revoke (with no request body) and set the Content-type header to application/octet-stream. If successful, the HTTP status code for success is: 204 No Content Currently, this action cannot be executed using the Try this API panel.

    You can approve a consumer key that is currently revoked or pending. Once approved, the app can use the consumer key to access APIs. Revoking a consumer key renders it unusable for the app to use to access an API.

    Note: Any access tokens associated with a revoked app key will remain active. However, Apigee Edge checks the status of the app key and if set to revoked it will not allow API calls to go through.

put/organizations/{org_name}/developers/{developer_email}/apps/{app_name}/keys/{consumer_key}

Updates the allowed OAuth scopes associated with an app.

Note: Specify the complete list of scopes to apply. The specified list replaces the existing scopes on the app. Therefore, to add a scope, you must specify all of the existing scopes along with the added scope.

This API does not change the list of scopes in the API product(s) included in the app; rather, it sets allowed list of scopes in the scopes element under the apiProducts element in the attributes of the app.

Important: The specified scopes must already exist on the API product(s) associated with the app. You can't arbitrarily add a scope that does not already exist in an API product. For example, if the app has one API product with these scopes: READ, WRITE. You can't use this API to add a new scope, such as DELETE (unless the app has another product with that scope). If you do this, you'll get a 400 Bad Request error. For example:

{
  "code": "keymanagement.service.InvalidScopes",
  "message": "Invalid scopes. Scopes must be contained in [READ, WRITE]",
  "contexts": []

}

It would be allowed to remove one or both of the existing scopes, and later add one or both back.

delete/organizations/{org_name}/developers/{developer_email}/apps/{app_name}/keys/{consumer_key}/apiproducts/{apiproduct_name}

Removes an API product from an app's consumer key, and thereby renders the app unable to access the API resources defined in that API product.

Note that the consumer key itself still exists after this call. Only the association of the key with the API product is removed.

post/organizations/{org_name}/developers/{developer_email}/apps/{app_name}/keys/{consumer_key}/apiproducts/{apiproduct_name}

Approves or revokes an API product for an API key. Call the API with the action query parameter set to approve or revoke (with no request body) and set the Content-type header to application/octet-stream. If successful, the HTTP status code for success is: 204 No Content

To consume API resources defined in an API product, an app's consumer key must be approved and it must also be approved for that specific API product.

Notes:

  • The API product must already be associated with the app.

  • Any access tokens associated with a revoked app key will remain active. However, Apigee Edge checks the status of the app key and if set to revoked it will not allow API calls to go through.

    • This API cannot be executed using the Try this API panel.