Configure access permissions to API products

Last updated on
23 January 2024

Configure access permissions to API products in one of the following ways:

Note: You must have write permission for API products within your organization in order to configure the access permissions in Drupal.

You can also override access permissions by role. In this case, the role will be selected by default. You will not be able to change the access permissions for the role unless you disable the permission override.

If you disable access permissions for a particular role, app developers assigned to that role will not be able to view the API product when registering an app. Optionally, you can manage API products on behalf of the app developers from the Apigee Administration UI, as described in Managing API products.

Note: By default, public API products are visible to app developers.

Configure access permissions to API products by visibility

Configure access permissions for public, private, and internal API products by defining their visibility by role. 

Note: You configure the public, private, or internal access settings when creating or editing an API product in Apigee.

To configure access permissions to API products by visibility:

  1. Ensure the Apigee Edge API Product RBAC module is disabled.

    Note: This module is disabled by default. 

    1. Select Extend > Uninstall Module in the Drupal administration menu.
    2. Select the Apigee Edge API Product RBAC module.
    3. Click Uninstall.
  2. Select Configuration > Apigee > API products in the Drupal administration menu.
  3. Click the API product access tab.
    Note: If you do not have write permissions for API products within your organization, the page will be read-only.
  4. In the Access by Visibility section, assign access permissions (visibility) by role to public, private, and internal API products, as required.

    Note: If you override the access permissions for a specific role, as described in Overriding access permissions by role, then the role will be selected by default. You will not be able to change the access permissions for the role unless you disable the override.

  5. Click Save configuration.

Configure access permissions to API products individually

To configure access permissions to API products individually:

  1. Enable the Apigee Edge API Product RBAC module:
    1. Select Extend in the Drupal administration menu.
    2. Select the Apigee Edge API Product RBAC module.
    3. Click Install.
  2. Select Configuration > Apigee > API products in the Drupal administration menu.
  3. Click the API product access tab.
    Note: If you do not have write permissions for API products within your organization, the page will be read-only.
  4. Optionally, configure the custom attribute name used to store the role assignments for the API product.
    The attribute name defaults to APIGEE_EDGE_APIPRODUCT_RBAC.
  5. Enable Show API products with missing or empty attribute to everyone to allow app developers access to API products if access is not otherwise specified. If this option is disabled, only users with the Bypass API product access control permission set can see API products with missing or empty attribute. (See Override access permissions by role.)
  6. Configure access permissions for each API product, as required.

    Note: If you override the access permissions for a specific role, as described in Overriding access permissions by role, then the role will be selected by default. You will not be able to change the access permissions for the role unless you disable the permission override.

  7. Click Save configuration.

Override access permissions by role

You can override the access permissions for a specific role on the Permissions page. In this case, access permissios configured on the API Products Access control tab are ignored.

  1. Select People > Permissions in the Drupal administration menu.
  2. In the Apigee section, assign the Bypass API product access control to user roles, as required.
  3. Click Save Permissions.

Configure the access permissions to API products in Apigee

You can configure the access permissions in Apigee by modifying the value of the DRUPAL_RBAC custom attribute for an API product.

Note: You can customize the custom attribute name used to store access permissions, as described in Configure access permissions to API products individually.

To configure access permissions in Apigee:

  1. Edit the API product in Apigee. See Editing an API product in the Apigee documentation.
  2. In the Custom attributes section, update the Value field for the custom attribute used to store access permissions (for example, DRUPAL_RBAC). For example:
    apigee edge product custom attribute
  3. Click Save.

Help improve this page

Page status: No known problems

You can: