Send Docs Feedback

Register apps and manage API keys

This topic explains how to register and manage apps by using the Apigee Edge management UI.

Overview

This topic explains how to create and manage developer apps through the Edge UI. The steps described in this topic require an Edge user with an org admin role or, otherwise, a role that grants sufficient permission to create and/or edit developer apps.

What is a developer app?

Let's assume you are an API provider and you have created one or more API products to bundle your APIs, as explained in Create API products. Typically, developers who want to consume your APIs go to your developer portal and register to use them. When registering, the developer gets to select which of your API products he or she wishes to use. For example, some products may be offered for free, while others require payment depending on a service plan. Upon completion, this registration step produces an Edge entity called a developer app. A developer app includes the products the developer selected and a set of API keys that the developer will be required to use to access the APIs that are associated with those products. See What is a developer portal? for more on developer portals.

However, a developer portal is not the only way to create developer apps. An Edge org admin, or another individual with the appropriate permissions, can also create developer apps directly in the Edge UI. As an API provider, you might want to maintain complete control over the app registration process and choose to register apps by using the Edge management UI. For example, you may want to register apps for your internal development teams or on behalf of a developer without access to your portal. Similar to registration through a portal, when you register an app in the Edge UI, you decide which API products to associate with it. When the app is registered, Edge automatically generates an API key to grant access to the selected API products. It is then up to you (the API provider) to determine how to pass that key to the app developer. Note that any additional API products you associate with the app all use the same key.

Apps provide the main mechanism for API providers to control who can access their APIs. At any time, someone with appropriate Edge organization permissions can revoke an app's key, preventing it from accessing all API products referenced by that app. Or access to a single API product associated with the app can be revoked.


As an org admin (or someone with appropriate role permissions), you can see all of your organization's apps in the Edge management UI on the Publish > Developer Apps summary page. This page displays performance data for each app, and general information on app keys. You can select a specific app from the table to get more detailed information, including the API products that app can access and the resources those products expose. You can also see the key associated with the app.

Registering an app in the Edge management UI

Note: You must be an org admin or someone with sufficient role permissions to perform these tasks.

To register an app:

  1. Login to the Edge management UI at https://enterprise.apigee.com.
  2. Click the Publish tab, then Developer Apps.
  3. Click (+) Developer App on the Developer Apps page.
  4. Enter an application name in the Display name field.
  5. Select a developer from the Developer list.
    An app must be associated with a registered developer. If the developer does not appear in the list, you can register them. See Adding developers to your organization for more.
    For performance reasons, not all developers are displayed in the Developer drop-down list. Start typing the developer email in the search box to locate the developer you want.
  6. If necessary, enter the Callback URL.
    A callback URL is the location of a resource that belongs to the app. For example, if you are using OAuth, this could be the location of a login screen where users enter their username and password. This value is not required for all API products.
  7. Optionally, add a descriptive note for the app.
  8. Add any custom attributes for the app. You can add up to 18 of them. For each custom attribute:
    • Click (+) Add Custom Attribute.
    • Add the attribute name and value.
  9. Click + Product to associate the app with at least one API product, then click the check mark icon. Add additional products this way.
    Edge auto-generates a consumer key (API key) and consumer secret that you send in requests to API proxies. For more information, see Create API products.
  10. Click Save.
    Your app is added to the apps list on the Developer Apps page.
  11. If the product(s) you associated with the app require manual approval for their API keys:
    1. Click the new app name.
    2. Click Edit to edit the app.
    3. Click Approve next to the Consumer Key and Consumer Secret.

You can specify an expiration time for the client key generated for a new developer app; however, you can only do that by using the API to create the app using the keyExpiresIn attribute. For details, see Create Developer App. Also, note that you cannot update the expiration time of any existing keys. You can only generate new keys with certain expiration time.

Managing API keys

Note: You must be an org admin or someone with sufficient role permissions to perform these tasks.

API calls to API proxies usually require an API key. Edge lets the calls through only if the API key is active, valid, and meets the conditions defined by the API product containing the API.

When you create an API product, you can also set its access mode to Internal only or Private. API products marked Internal only or Private do not appear to developers on the developer portal. To get access to these products, you manually add them to a developer's app from the Edge management UI.

Approving an API key for a product

If an API product is configured for Automatic approval of API keys, you don't need to do anything. However, if a product requires manual approval of API keys, follow this procedure.

  1. In the menu, select Publish > Developer Apps > developer_app_name.
  2. Click Edit to edit the app.
  3. Click Approve for the corresponding product.
  4. Click Save.

You can also approve API keys using the management API.

Revoking an API key for a product

You can revoke an API key, which means the app can no longer access APIs that are included in that API product.In this procedure. The key (Consumer Key and Consumer Secret) remain. You can re-enable access at any time by clicking Approve.

  1. In the menu, select Publish > Developer Apps > developer_app_name.
  2. Click Edit to edit the app.
  3. Click Revoke for the corresponding product.
  4. Click Save.

You can also revoke API keys using the management API.

Deleting an API key for a product (removing a product from an app)

In this procedure, you remove a product from an app.

  1. In the menu, select Publish > Developer Apps > developer_app_name.
  2. Click Edit to edit the app.
  3. Click Remove for the corresponding product.
  4. Click Save.

You can also delete API keys using the management API.

Regenerating a new key

You can regenerate the API key that Apigee automatically creates. For instance, you might do this if the security of the original keys is compromised. This is the same key that is used for all API products the app can access. Regenerating a key regenerates it for all products, and the old keys no longer work. To regenerate new consumer keys:

  1. In the menu, select Publish > Developer Apps > developer_app_name.
  2. Click Regenerate Key.
  3. In the pop-up, click Regenerate Consumer Key.

If you create custom keys (next procedure), this procedure does not regenerate those keys.

Importing existing API keys, creating custom keys

If you have existing consumer keys and secrets you want to import into Edge, or you want to create custom API keys, see Import existing consumer keys and secrets.

Editing an app in the Edge management UI

Note: You must be an org admin or someone with sufficient role permissions to perform these tasks.

To edit an app:

  1. In the menu, select Publish > Developer Apps > developer_app_name.
  2. Click Edit.
  3. Modify the configuration.
    Note: Be careful when you edit custom attributes. You may have a system that has dependencies on custom attributes.
  4. Click Save.

Deleting an app in the Edge management UI

Note: You must be an org admin or someone with sufficient role permissions to perform these tasks.

If you delete an app, all client keys associated with the apps become invalid. Using an invalid key on a request causes the request to fail.

 To delete an app:

  1. In the menu, select Publish > Developer Apps.
  2. Click Delete next to the app, then click Delete in the confirmation dialog.

Searching the Developer Apps page

The search menu has a dropdown menu that you can use to search for specific developer app attributes, such as App Family, Consumer Key, and others.

Help or comments?