问题
I have an existing backend API with methods like:
(GET) /user/{id}
(GET) /user/delete/{id}
(GET) /user/create/firstName={firstName},lastName={lastName}
(yes, not exactly RESTful, since everything is a GET)
I want to configure my Apigee proxy to reject "/delete/" and "/create/" paths making my proxy read-only. I'm not sure whether to use some kind of conditional flow for this. How is it done?
Thanks!
回答1:
You can achieve this using the following steps:
Create three different resources in a proxy as:
a. /user/{id} - GET b. /user/delete/{id} - GET c. /user/create/{abc} - GET
Now, attach 'Raise Fault' policy to 'delete' and 'create' flows.
I hope that helps. Please let me know if you have any questions.
回答2:
An alternate way of doing the same is using APIProducts.
1)Create an API product and add only a as the resource to the Product. (a. /user/{id} - GET b. /user/delete/{id} - GET c. /user/create/{abc} - GET)
2)Attach your developer apikey to this product
3)When you do APIkey Validation automatically the developer will be allowed what is there in his APIProduct and nothing else.
来源:https://stackoverflow.com/questions/20054707/how-do-i-block-access-to-certain-api-resources-on-apigee