You are correct. The call in step 7 does indeed work. For the VerifyApiKey call to succeed, either one of the following needs to be true:

  • The resource being accessed (proxy.pathsuffix) is specified in the API Product.
  • Either the API proxy or the environment in which proxy is deployed is specified in the API Product.

No resources are specified in step 7. However, that means that all resources are allowed. The call is validated against API resources only if those resources are specified in the API product.

Also, you won't get the CLASSIFICATION_FAILURE shown in step 7 if the call failed because it didn't meet the requirements listed above. Instead, you would get either of the following:

Invalid Resource:
HTTP/1.1 401 Unauthorized
{"fault":{"faultstring":"APIResource {./resource/accessed} does not exist","detail":{"errorcode":"keymanagement.service.apiresource_doesnot_exist"}}}

No match for ApiProduct (With Env & Proxy Configured)
HTTP/1.1 401 Unauthorized
{"fault":{"faultstring":"Invalid API call as no apiproduct match found","detail":{"errorcode":"keymanagement.service.InvalidAPICallAsNoApiProductMatchFound"}}}

We are in the process of updating the tutorial accordingly.

Provide your email address if you wish to be contacted offline about your comment.
We will not display your email address as part of your comment.

We'd love your feedback and perspective! Please be as specific as possible.
Type the characters you see in this picture. (verify using audio)

Type the characters you see in the picture above; if you can't read them, submit the form and a new image will be generated. Not case sensitive.