apps are registered under a developer needs to be moved to a team

Google Cloud Apigee
,
1

We have an app that is registered with a developer but since it is hard for developers within a team to share the apikey/secret manually we wanted to move the registration of the app to the team instead of developer in apigee integrated portal. Is that possible in apigeex?

1 Like
2

This is not yet possible, but is something in the works. Here’s a brief excerpt on what we’re thinking around this feature set:

Multiple people often share the responsibility for a client application, and that group of people will naturally change over time. In a business-to-business relationship, an app itself might even be considered to be “owned” by the company that employs those app developers. For an app to access an API product, it must be registered in the management plane. This journey is often accommodated by a developer portal, which acts on behalf of portal users to register and manage the credentials that will authorize an app.

Apigee X/hybrid has introduced an entity in the management plane called AppGroup. An AppGroup enables client applications to share a common parent. That parent may then be associated with a portal-managed roster of people who share responsibility for those apps.

As this feature set evolves and becomes available, we will share more details in the Apigee community.

3

It would be super convenient to merely update the developer for an existing App, but that’s not possible.

You can “effectively” transfer a Developer app to a Team using Apigee APIs.

A Team is merely a developer with a special value for email: (e.g. 76defc9a-f471-40b1-8f3f-2123efa7a0f8@devteam.apigee.io ).

The steps to move ownership from one developer to another (e.g. Team) are:

  1. Get the details for the current Developer App (name, attributes, products, and credentials)
  2. Delete the current Developer Key or App (this frees up the existing key to be recreated)
  3. Create the new Team App (using the name, attributes, and products)
  4. Create (re-create) and assign the original Developer App key to the Team App
  5. Add the API Products to the Team App key
  6. Delete the keys that were created when the new Team App was created.

This is easy enough for simple apps, but would take a bit of scripting if the Developer App had multiple credentials, API Products.

4

Hi Kurt - apikeys which are used by this app are live in production. above solution which involves app deletion & recreation would have a brief outage correct?

5

Yes, it is possible to register an app with a team instead of a specific developer in Apigee’s integrated portal. This can be achieved by creating a new developer team and then registering the app with that team.

Here are the steps to register an app with a team in Apigee’s integrated portal:

  1. Log in to the Apigee integrated portal as an administrator.
  2. Navigate to the “Developers” tab and click on “Teams”.
  3. Click on the “New Team” button and fill in the required information, such as team name and description.
  4. Once the team is created, navigate to the “Apps” tab and click on “Add App”.
  5. Fill in the required information for the app, such as app name and callback URL.
  6. In the “Developer” field, select the newly created team from the dropdown list.
  7. Click on “Create” to register the app with the team.

Once the app is registered with the team, any developer who is a member of that team can access the app’s API key and secret. This allows for easier sharing of the app’s credentials within the team, without the need for manual sharing between individual developers.

To ask more you can go on KiasK.xyz.

6

There would be a brief time between when the API key is deleted and re-created on the new App.

I’ve tested this and did not notice any bad responses. I made calls to a proxy in a loop and then ran a script to delete the keys on the Dev App and re-create the keys on the new Team App. It took awhile (2-3 minutes) for the API response to show that it was coming from the new Team App. But I didn’t see any errors. My loop was running from my Mac making calls every 1/2 second.

7

Hello @apickelsimer ,

Is the feature available?

8

Hello @kurtkanaskie

When we export keys and secrets to an APP, the keys will never expire which is a security risk. how can we export key and secret with an expiry ?

https://docs.apigee.com/api-platform/publish/import-existing-consumer-keys-and-secrets

9

I think you mean import external keys.

Importing keys always sets expiration to -1, and I’ve not found a way to set the expiration.

I’ve opened an internal customer requirement for this.