Developer apps API

download spec authorize

post /organizations/{org_name}/developers/{developer_email}/apps

Creates an app associated with a developer, associates the app with an API product, and auto-generates an API key for the app to use in calls to API proxies inside the API product.

The name is the unique ID of the app that you can use in Edge API calls. The DisplayName (set with an attribute) is what appears in the Edge UI. If you don't provide a DisplayName, the name is used.

The keyExpiresIn property sets the expiration on the API key. If you don't set a value or set the value to -1, the API key never expires.

Ensure optimal API product and app security

An organization-level property, features.keymanagement.disable.unbounded.permissions, strengthens the security of API products in verifying API calls. When the property is set to true, the following features are enforced.

  • App creation: When creating a developer or company app, the Edge API requires that the app be associated with an API product. (The Edge UI already enforces this.)

  • API product configuration: To create or update an API product, the API product must include at least one API proxy or a resource path in its definition.

  • Runtime security: API calls are rejected by an API product in the following situations:

    • An API product doesn't include at least one API proxy or resource path.

    • If the flow.resource.name variable in the message doesn't include a resource path that the API product can evaluate.

    • If the app making the API call isn't associated with an API product.

Note: Setting this organization property requires system administrator privileges. Edge for Private Cloud system administrators can add this property when updating organization properties. If you are an Edge for Public Cloud user, contact Apigee Support to set the organization property.

HTTP request

https://api.enterprise.apigee.com/v1/organizations/{org_name}/developers/{developer_email}/apps

Path Parameters

org_name (required)

string

Organization name.

developer_email (required)

string

Email address for the developer.

Request Body

Developer app details.

application/json

Example

{
"apiProducts": [
"myProduct"
],
"attributes": [
{
"name": "ADMIN_EMAIL",
"value": "admin@example.com"
},
{
"name": "DisplayName",
"value": "My App"
},
{
"name": "Notes",
"value": "Notes for developer app"
},
{
"name": "MINT_BILLING_TYPE",
"value": "POSTPAID"
}
],
"callbackUrl": "example.com",
"name": "myapp",
"scopes": [],
"status": "approved"
}
DeveloperAppRequest

Developer app request.

apiProducts

array

List of API products to which the app is associated (when creating or updating an app). The name of the API product is the name returned when you list API products. For example, if the Display Name of the API product in the Edge UI is Premium API Product, then the name is premium-api-product (all lowercase with spaces replaced by hyphens). You can add API products later when you update the developer app. Existing API products are listed in the credentials array.

attributes

array

List of attributes used for customizing profile information or for app-specific processing. With Apigee Edge for Public Cloud, the custom attribute limit is 18. Note the folowing:

  • DisplayName is an attribute that provides the app name in the Edge UI. This can be different from the name (unique ID) of the app.
  • Notes attribute lets you add notes about the developer app.
  • Any other arbitrary name/value pairs you create are included as custom attributes.
Attribute

Developer app attribute name and value.

name

string

Name of attribute.

value

string

Value of attribute.

callbackUrl

string

Callback URL used by OAuth 2.0 authorization servers to communicate authorization codes back to apps. See the OAuth 2.0 documentation for more details.

keyExpiresIn

integer (int32)

Lifetime of the consumer key that will be generated for the developer app, in milliseconds. The default value, -1, indicates an infinite validity period. Once set, the expiration can't be updated.

name (required)

string

Name of the developer app. Required when creating a developer app; not required when updating a developer app.

The name is used to uniquely identify the app for this organization and developer. Names must begin with an alphanumeric character and can contain letters, numbers, spaces, and the following characters: . _ # - $ %. While you can use spaces in the name, we recommend that you use camel case, underscores, or hyphens instead. Otherwise, you will have to URL-encode the app name when you need to include it in the URL of other Edge API calls. See the naming restrictions.

scopes

array

Scopes to apply to the app. The specified scope names must already exist on the API product that you associate with the app.

status

string

Status of the credential.

Response Types

201: 

Created

Body

application/json

Example

{
"appFamily": "default",
"appId": "123abc-456-def",
"attributes": [
{
"name": "ADMIN_EMAIL",
"value": "admin@example.com"
},
{
"name": "DisplayName",
"value": "My App"
},
{
"name": "Notes",
"value": "Notes for developer app"
},
{
"name": "MINT_BILLING_TYPE",
"value": "POSTPAID"
}
],
"callbackUrl": "example.com",
"createdAt": 1568312504191,
"createdBy": "ahamilton@example.com",
"credentials": [
{
"apiProducts": [
{
"apiproduct": "myproduct",
"status": "approved"
}
],
"attributes": [],
"consumerKey": "F91jQrfX6CKhyEheXFBL3gxxxxx",
"consumerSecret": "TLbUJFyzOlLxxxx",
"expiresAt": -1,
"issuedAt": 1568312504682,
"scopes": [],
"status": "approved"
}
],
"developerId": "1234-abcd",
"lastModifiedAt": 1568313405903,
"lastModifiedBy": "ahamilton@example.com",
"name": "myapp",
"scopes": [],
"status": "approved"
}
DeveloperApp

Developer app details.

appFamily

string

Output only. App family.

apiProducts

array

List of API products to which the app is associated (when creating or updating an app). The name of the API product is the name returned when you list API products. For example, if the Display Name of the API product in the Edge UI is Premium API Product, then the name is premium-api-product (all lowercase with spaces replaced by hyphens). You can add API products later when you update the developer app. Existing API products are listed in the credentials array.

appId

string

Output only. ID of the app.

attributes

array

List of attributes used for customizing profile information or for app-specific processing. With Apigee Edge for Public Cloud, the custom attribute limit is 18. Note the folowing:

  • DisplayName is an attribute that provides the app name in the Edge UI. This can be different from the name (unique ID) of the app.
  • Notes attribute lets you add notes about the developer app.
  • Any other arbitrary name/value pairs you create are included as custom attributes.
Attribute

Developer app attribute name and value.

name

string

Name of attribute.

value

string

Value of attribute.

callbackUrl

string

Callback URL used by OAuth 2.0 authorization servers to communicate authorization codes back to apps. See the OAuth 2.0 documentation for more details.

createdAt

integer (int32)

Output only. Time the app was created in milliseconds since epoch.

createdBy

string

Output only. Email address of the developer that created the app.

credentials

array

Output only. Set of credentials for the app. Credentials are API key/secret pairs associated with API products.

object
apiProducts

array

Name and status of API products associated with the app.

APIProductRef

API product information.

attributes

array

List of attributes.

Attribute

Developer app attribute name and value.

consumerKey

string

Consumer API key.

consumerSecret

string

Consumer secret.

expiresAt

integer (int32)

Time the credentials expire in milliseconds since epoch.

issuedAt

integer (int32)

Time the credentials were issued in milliseconds since epoch.

scopes

array

OAuth scopes.

status

string

Status of the credentials.

developerId

string

Output only. ID of the developer.

keyExpiresIn

integer (int32)

Lifetime of the consumer key that will be generated for the developer app, in milliseconds. The default value, -1, indicates an infinite validity period. Once set, the expiration can't be updated.

lastModifiedAt

integer (int32)

Output only. Last modified time as milliseconds since epoch.

lastModifiedBy

string

Output only. Email of developer that last modified the app.

name (required)

string

Name of the developer app. Required when creating a developer app; not required when updating a developer app.

The name is used to uniquely identify the app for this organization and developer. Names must begin with an alphanumeric character and can contain letters, numbers, spaces, and the following characters: . _ # - $ %. While you can use spaces in the name, we recommend that you use camel case, underscores, or hyphens instead. Otherwise, you will have to URL-encode the app name when you need to include it in the URL of other Edge API calls. See the naming restrictions.

scopes

array

Scopes to apply to the app. The specified scope names must already exist on the API product that you associate with the app.

status

string

Status of the credential.

400: 

Bad request

Authentication Requirements

Available Authentication Options
  • Basic
  • OAuth

Try this API

Request parameters
org_name
developer_email
Request body
For suggestions, press control+space or click one of the blue "add" circles.
Credentials
Multi-factor authentication is not supported.