Protect Your API Proxy by Adding Application Key Verification
SAP Integration Suite, API Management offers several out of the box policies which help you protect, model and “work” with your APIs. One of the security related Policies is the “Verify API Key” Policy.
- Tutorials: Add the API Proxy to a product
In this tutorial you will learn how to protect your API Proxy with the “Verify API Key” Policy. This policy allows you to add a simple protection via a so called API Key. Only calls which send a valid API Key along with the main request will be allowed to call the API Proxy.
- When you now open the API Proxy in a browser you will get an error message stating that you need to pass an API Key in the header
- Step 1
It is important to understanding the API policy flow so you gain an understanding of why a policy is applied at a certain time in the flow. For instance, access policies should be verified before the API call to reduce using resources unnecessarily. The entire request/response cycle is divided up, first into segments, then within each segment, into processing stages.
Where do you check the fundamentals requirements of an Incoming Request?
- Step 2
When creating a policy, you will need to know how the information is available in the policy and policy editor. Understand how the Policy Designer accesses the proxy flow by reading this blog post.
When looking at the stages of the request flow in the Policy Editor, which policies are shown?
- Step 3
Edit a policy and assign it to your proxy flow. This blog will ensure you know how to identify the proper stage to add a policy, as well as how to assign a policy to the flow.
What is the value for ref in the the APIKey tag for the CheckAPIKey Policy?
- Step 4
You will look at assigning multiple policies to various processing stages, and how the outcome of one policy can be used to influence the behavior of another policy.
Which property do you set when creating a policy to determine if you should check the response or request?
- Step 5
Open the SAP API Management API Portal (you can get the URL from Enable the SAP Integration Suite, API Management Service).
- Step 6
- Step 7
Select the API
GWSAMPLE_BASICcreated in a previous step in the this tutorial series.
- Step 8
In the upper right corner click on Policies to open the policy information for the API.
- Step 9
- Step 10
- Step 11
On the right hand, find the Security Policies section under the Policies pane. Find the Verify API Key policy and click the + next to the policy name.
- Step 12
- Step 13
In the Code Editor found in the bottom pane, look for the
<APIKey ... />tag. Replace the string
- Step 14
Click on Update to apply the new policies.
Click on Save to save the changes to the API and enforce the new policies.
- Learn about the API call flow
- Learn about the Policy Editor
- Learn about how to assign a policy to a proxy
- Learn about assigning multiple policies
- Access the SAP API Management API Portal
- View created APIs
- Select an API
- View API Policies
- Open the edit page for policies
- Edit the PreFlow policies
- Add Verify API Key policy
- Enter policy name
- Update API Key tag
- Update and save changes