Expand my Community achievements bar.

SOLVED

consuming apigee api through oauth in aem application

Avatar

Level 7

Hi,

 

I have an apigee api end point which require api key, oauth token to make a post request from client library js.

Could any one share their experience on how to achieve this. 

Where to store client id / consumer key, consumer secret if I need to get oauth token first ?

 

Thanks for any insights.

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Hi @sreenu539 

Its not recommended to store the client id/ secret in client side because it can be easily exploitable and extracted from dev tools.

 

My suggestion would be a two step approach where you have a BE call a servlet that can inturn fetch you the oauth token using the ID and secret stored in BE. This token can be stored in client side based on the expiration time and can be used to make the apigee request. 

At the apigee side you can configure rate limit to ensure you are not getting too many requests and also restrict the endpoint usage to certain domain probably your website to make sure invalid requests are blocked.

 

Hope it helps

View solution in original post

1 Reply

Avatar

Correct answer by
Community Advisor

Hi @sreenu539 

Its not recommended to store the client id/ secret in client side because it can be easily exploitable and extracted from dev tools.

 

My suggestion would be a two step approach where you have a BE call a servlet that can inturn fetch you the oauth token using the ID and secret stored in BE. This token can be stored in client side based on the expiration time and can be used to make the apigee request. 

At the apigee side you can configure rate limit to ensure you are not getting too many requests and also restrict the endpoint usage to certain domain probably your website to make sure invalid requests are blocked.

 

Hope it helps