Was this helpful?

Before you give developers access to your API you should secure it from unauthorized access. One way to do this is to attach a policy to set up API key validation. An API key is a string with authorization information. Developers need to embed this key in their apps to access your API’s resources. An API key is provisioned for an API product, and is generated when a registered app is associated with an API product. You'll register an app and associate it with your API product in a later step. 

Note: You can automatically generate a policy for API key validation when you create an API proxy. To do that, check the Security checkbox in the Add Features section of the New API Proxy page. However, in this tutorial, we'll show you how to add the policy after you've initially created the API proxy.

Add policy for key validation

The Verify API Key policy verifies the API key for an API product defined in the API Platform, returns an error if it is invalid, and if it is valid, looks up the attributes from the API product.

To add a Verify API Key policy:

  1. In the API Proxy Editor, click New Policy, and select Verify API Key in the Security category.
  2. Accept the defaults in the New Policy dialog and click Add.
  3. Click the Project  button, then select Save in the drop-down menu to save the the current revision.

The new policy is attached to the request message flow at the ProxyEndpoint.

Deploy the API

Finally, you can deploy the revision you've been working on.

Do this

On the top of the screen, click the Deployment button and select test. This will replace the existing API with your new secure API. 

Learn more

Add new comment

Provide your email address if you wish to be contacted offline about your comment.
We will not display your email address as part of your comment.

We'd love your feedback and perspective! Please be as specific as possible.
Type the characters you see in this picture. (verify using audio)

Type the characters you see in the picture above; if you can't read them, submit the form and a new image will be generated. Not case sensitive.