Was this helpful?

Use the GetAPIProduct policy when you need access to API product settings (usually Quota settings) when no security policy (API key or OAuth) is enforced. This policy specifies an API product name and returns the complete profile and settings for that API product. Using this policy type, API products can be accessed statically, by setting the API product name as the element value.

The name attribute for this policy is restricted to these characters: A-Z0-9._\-$ %. However, the Management UI enforces additional restrictions, such as automatically removing characters that are not alphanumeric.

For example:

<GetAPIProduct name="GetProductProfile">
    <APIProduct>PremiumAPIProduct</APIProduct>
</GetAPIProduct>

Usually, however, an API product must be retrieved dynamically, based on a variable associated with a request.

For example:

<GetAPIProduct name="GetProductProfile">
    <APIProduct ref="{variable_name}" /> 
</GetAPIProduct>

When the GetAPIProduct policy executes, a set of variables are populated with values for the API product retrieved.

The variables have the following prefix:

“getapiproduct.{policy_name}”

With reference to the sample policies above, the variables would have the form:

getapiproduct.GetProductProfile.apiproduct.name

The following variables are populated on successful execution of the GetAPIProduct policy:

Name Description
apiproduct.name The user-given name of the API product. API product names are unique across an organization.
apiproduct.organization The organization in which the API product is deployed
apiproduct.display.name The friendly name of the API product.
apiproduct.description A user-friendly description of the API product, typically displayed in a Developer Portal.
apiproduct.{attribute_name} A custom attribute defined for an API product
apiproduct.apiresources A list of URIs bundled into the API product
apiproduct.scopes A list of OAuth scopes defined for the API product
apiproduct.environments A list of valid environments where the API product is enforced
apiproduct.proxies A list of valid API proxies against which the API product is enforced
apiproduct.developer.quota.limit An integer that specifies the number of requests permitted by the Quota. For example in the case of 10 requests per 1 hour, this value is 10.
apiproduct.developer.quota.interval An integer that specifies the number of time intervals over which the Quota is counted. For example in the case of 10 requests per 1 hour, this value is 1.
apiproduct.developer.quota.timeunit The time unit (minute, day, week, month) over which the Quota is counted. For example in the case of 10 requests per 1 hour, this value is hour.
apiproduct.approval.type A setting that determines whether consumer keys are automatically approved for API products, or whether an admin must manually approve requests to use the API product. If set to manual, the consumer key is returned in the 'pending' state, and must manually be approved before the app can access the provider resources.
apiproduct.created_by Username (email) of the Apigee user who created this API product
apiproduct.created_at UNIX-formatted timestamp indicating when this API product was created
apiproduct.last_modified_at UNIX-formatted timestamp indicating when this API product was last modified
apiproduct.last_modified_by Username (email) of the Apigee user who last modified this API product
failed Indicates that the attempt to retrieve the API product failed

Policy schema

Each policy type is defined by an XML schema (.xsd). For reference, policy schemas are available on GitHub.

Help or comments?

  • Something's not working: See Apigee Support
  • Something's wrong with the docs: Click Send Feedback in the lower right.
    (Incorrect? Unclear? Broken link? Typo?)