How do I block access to certain API resources on Apigee

Question

I have an existing backend API with methods like:

(GET) /user/{id}

(GET) /user/delete/{id}

(GET) /user/create/firstName={firstName},lastName={lastName}

(yes, not exactly RESTful, since everything is a GET)

I want to configure my Apigee proxy to reject "/delete/" and "/create/" paths making my proxy read-only. I'm not sure whether to use some kind of conditional flow for this. How is it done?

Thanks!

Answer 1

You can achieve this using the following steps:

1. Create three different resources in a proxy as:

   a. /user/{id} - GET b. /user/delete/{id} - GET c. /user/create/{abc} - GET

Now, attach 'Raise Fault' policy to 'delete' and 'create' flows.

I hope that helps. Please let me know if you have any questions.

Answer 2

An alternate way of doing the same is using APIProducts.

1)Create an API product and add only a as the resource to the Product. (a. /user/{id} - GET b. /user/delete/{id} - GET c. /user/create/{abc} - GET)

2)Attach your developer apikey to this product

3)When you do APIkey Validation automatically the developer will be allowed what is there in his APIProduct and nothing else.