We are getting the 401 Unauthorized response code with the below error:
{"fault":
{
"faultstring":"Invalid ApiKey for given resource",
"detail":
{
"errorcode":"oauth.v2.InvalidApiKeyForGivenResource"
}
}
}
The curl command used is as follows:
curl -X GET "https://myorg-test.apigee.net/v1/profit_centers?page=2&size=25" -H "accept: application/json" -H "bypass-cache: false" -H "ApiKey: <API-Key>"
I have confirmed that the APIKey is correct.
Checked the base path of the API and found that it was “/v1/profit_centers”
Next looked into the VerifyAPIKey policy and confirmed that the ApiKey was accepted as a header.
<APIKey ref="request.header.ApiKey"/>
Issue #1
The API Product allow the requests only for the “dev” environment. But the calls were made to “test” environment.
Solution:
Modified the API Product to allow the API calls for “test” environment.
Issue #2
The Resource Path in the API Product was incorrectly set as follows:
"/v1/profit_centers**"
Please note the Resource Path applies to the path suffix after the base path. Since the basepath of the API Proxy is “/v1/profit_centers”, we don’t need to include in the Resource Path.
Solution:
Modify the Resource Path to include what you want to allow in the path after the base path.
For ex:
We could set the Resource Path as “/”, this will allow the base path /v1/profit_centers followed by anything like the ones shown below in your URL
/v1/profit_centers
/v1/profit_centers/
/v1/profit_centers/1
For more details on how to set the Resource Path, refer to the below link
After making the above modifications, the API started giving successful results.