How can I have different permissions for resources ?

Google Cloud Apigee
1

Bellow you can see my resource

<Flow name="get /v1/myresource">
       <Description/>
       <Request/>
       <Response/>
       <Condition>(proxy.pathsuffix MatchesPath "/v1/myresource") and (request.verb = "GET")</Condition>
</Flow>
<Flow name="options /v1/myresource">
        <Description/>
        <Request/>
        <Response/>
        <Condition>(proxy.pathsuffix MatchesPath "/v1/myresource") and (request.verb = "OPTIONS")</Condition>
</Flow>
<Flow name="put /v1/myresource/{Id}">
         <Description>Update myresource by id</Description>
         <Request>
            <Step>
              <Name>Verify-Api-Key</Name>
            </Step>
         </Request>
         <Response/>
         <Condition>(proxy.pathsuffix MatchesPath "/v1/myresource/*") and (request.verb = "PUT")</Condition>
</Flow>

How can I define different permissions for my resource? What I mean is with an Api key:

  1. I want Dev A - App A just access the verb GET

  2. I want Dev B- App B access GET and PUT

  3. I want Dev C - App c access GET, OPTION, and PUT

Thank you very much for your help

1 Like
2

@Lucio Moraes,

I have recently posted an answer to a similar query here. I think you can use similar logic to achieve your use case. Please go through the community post and let me know if that helps.

3

Dear @AMAR DEVEGOWDA

your tip was very useful. I added a js script to verify the api key and redirect or not to resource. I’ve added this on response.

Thank you

4

@Lucio Moraes, I think a much cleaner approach would be to create three different products and configure them for the respective developer.

In your case,

  • Product A with access to GET resource
  • Product B with access to GET and PUT resources
  • Product C with access to GET, OPTION and PUT

You may now configure product A for developer app A, product B for developer app B and product C for developer app C.

Please refer this link for more details.

5

@Abhiram M. Hemanna,

If the permissions are different for different resources, then your suggestion works.

If the resource is same then the suggestion that I made works. There might be other solutions as well, I am happy to hear about them if there are any.