Your developers use apps to access the resources in your API products. When you create an app, you select the API product to include, and Apigee generates a key. Each app has a single key that provides access to multiple API products.
Apps allow you to control who can access your resources. You can control who has access to your API products by revoking and refreshing an app's key. And you can also control access to bundles of resources by revoking or deleting access to the products in an app.
You can see all of your organization's apps on the Apps summary page. This page displays performance data for each app, and general information on app keys and user tokens. You can select a specific app from the table to get more detailed information, including the API products that app can access and the resources those products expose. You can also see the key and access token associated with the app. An access token is generated if an app requires login. See End-user tokens for more information.
In general, developers add their own apps through your developer portal. However, in some cases you need to add apps for your internal development teams or on behalf of a developer. See What is a developer portal? for more on developer portals. When you set up an app, you decide which products it will contain. When the app is created, a key is automatically generated to grant access to the selected products. Any additional products you add use the same key.
Adding an app
- Click App (+) on the Apps tab.
- Enter an application name.
- Enter the URL for the callback.
A callback is the location of a resources that belongs to the applications. In most cases, this is the location of a login screen where users enter their username and password.
- Select a developer from the Developer list.
Your app must have a developer.
- Select the API product you want to add to the app and click Save.
Your new app appears in the summary table along with its key.
You can expand an app's access to your APIs by adding more products. If you want to limit an app's access, you can temporarily revoke access to a product, or permanently cut off access to a product by deleting the product from the app.
Revoking access to a product
- Select an app in the App summary table.
- In the API Products Used table, click Revoke in the Actions column for the product.
You are revoking access to the this product and the resources it contains. You can re-enable access at any time.
Deleting a product from an app
- Select an app in the App summary table.
- In the API Products Used table, click Delete in the Actions column for the desired product.
You are permanently removing the product from this app.
Keys are automatically generated when you create an app. Each app is assigned a key and secret key. Together, these keys act like a username/password combo. When an application makes a request, Apigee inspects it to verify that the API key matches the resource that the app is requesting, and checks the API product definitions associated with API key to see whether the resource is permitted. If everything lines up, Apigee sends back the requested resource data.
Controlling access using keys
As the API provider, you can decide who gets a key and whether that key is enabled or disabled. This gives you a lot of control over your resources. When you disable a key, any call that contains that key no longer has access to the resources in the associated API product. Keys also act as identifiers for an app. By tracking a key, you can quickly locate an app that's causing issues. Likewise, you can revoke an app's key to block an app that's causing issues.
Enabling and disabling keys
- On the All App summary page, roll over the Keys column for the desired app and select either Enable all keys or Disable all keys in the pop-up.
If an app has some type of security applied, such as OAuth, each call requires a valid access token. An end-user token controls a user's access to an app. When the user has access to the app, they have access to all the API products that app contains, which in turn gives them access to all the resources within those API products. End-user tokens are automatically generated when a user logs in to an app for the first time. The token stores the scope. As an API provider, you define a scope when you set up your OAuth policy.
Refreshing end-user tokens
- Choose an app in the All App summary page
- On the App details page, roll over the End User Token column for the app and select Refresh all tokens in the pop-up.