If I have a restful API with 2 resources in an API -
POST /r1
PATCH /r2
The API is protected with x-Gateway-APIKey request header.
Consumer 1 is allowed to access only /r1, and consumer 2 is allowed to access only /r2.
How to achieve the same?
With OAuth, I can restrict the consumers with scoping, however the API is to be protected only with x-Gateway-APIKey request header.
Hi @mofarhan,
As you said this can be easily achievable using OAuth scope.
The other option i could think of is to create the scope for each resources .
Under each scope use the identify and authorize policy.
Under authorize policy we should use API key and header name to authenticate the request.
In my use case i created an application and inside the application we have 2 headers one for each resource.
And now when i am invoking the request I am passing the header also apart from API key.
And this should get validated.
@Vikash_Sharma1 Thanks. Let me go through your solution. However, the product version I use is 10.7 and I am not able to import the same. I get this error - Importing an archive failed.
The selected archive is not supported by this API Gateway version. The archive was exported from API Gateway version: 11.0. If possible, please export them using a lower version.