Difference between API access key in API Gateway and API access key in API Portal

Hi Experts,

We are working with securing the API with API key. I observed that both API access keys from API Gateway and API Portal are different.

Example:
For same registered application with only single API.
API access key in API Gateway is “05ef65bbb664cb442cf12664066e3a71744f2282dd2437cbaf214b86d831b6cb”
API access key in API Portal is “c9db3409-eb6c-42aa-8f44-848eb6f881a5”

We are able to access services using API Portal “API access key” with postman but not from API Gateway “API access key”. Is this expected behaviour?
Also why API Portal key is different and how to regenerate the API access key in Portal?
Incase if we use or don’t use API Portal, where to find the API access key in API Gateway that works from postman?
Additionally if we regenerate API access key in API Gateway then we API access key in API Portal expires but didn’t get updated with the new one. I tried to clear cache, logout/re-login but it didn’t get changed. How to get it refreshed?

We have installed 10.3 version of API Portal, API Gateway and IS.

Kind regards,
Vineet Sharma.

API Access key that you see in API Gateway is encrypted one. Actual one will be shown only if you are the true owner of the application.

For the applications that are requested from API Portal, API Gateway user will never be the true owner and hence you see a encrypted value. As you mentioned whatever the value that you see in API Portal is the actual value of access key.

If you regenerate the access token in API Gateway , if you republish the associated API, then applications will be sync’d with API Portal.

Modifications in application assets in API Gateway are not sync’d immediately with API Portal BUT they will eventually(when APIs are republished) sync’d up.

1 Like

What if Application owner leaves the company and his/her account is no longer accessible.

How to change the ownership or Application?

Is it possible to have group of owners so that all the group members can see the unencrypted key?

Please point to right documentation if any.

Kind regards,
Vineet Sharma.

Currently changing the owner of an application is not possible but we are enhancing this in the upcoming 10.5 release.