Revoking and approving developer app keys

This page applies to Apigee and Apigee hybrid.

View Apigee Edge documentation.

This topic explains how to use the UI and APIs to revoke or approve API keys for products in developer apps and for developer apps.

Using the UI to revoke the key for a specific API product in a developer app

You can revoke the key associated with a specific API product through the UI. The effect is that the API resources defined in that API product will no longer be accessible unless the key is re-approved.

To revoke the key using the Apigee UI:

  1. Open the Apigee UI.
  2. Select Publish > Apps in the left navigation bar.
  3. Select the app that contains the key you wish to revoke.
  4. Click the Edit icon Image of an edit icon..
  5. In the Credentials section, select Revoke in the Status drop-down menu.

Using the UI to approve the key for a specific API product in a developer app

You can approve a previously revoked consumer key for an API product in a developer app through the Apigee UI. The client app will once again be able to access the APIs in that product.

To approve an API product key:

  1. Open the Apigee UI.
  2. From the main menu, select Publish > Apps.
  3. From the list of apps, select the one that contains the key you wish to approve.
  4. Click the Edit icon Image of an edit icon..
  5. In the Credentials section, select Approve in the Status drop-down menu.

Revoking and approving keys for API products with the Apigee API

Apigee provides APIs that let you manage API key status, depending on your use case. In the developer app JSON below, the location of each approve/revoke flag is indicated for each of these three cases:

  • (1) Shows key status for a specific API product in a developer app. This API does exactly what the UI operations described previously in this topic do. See the API for approving or revoking an app's consumer key..
  • (2) Shows key status for a developer app key. Revoking the key renders it unusable for the app to use it to access an API. Any access tokens associated with a revoked app key will remain active, but Apigee checks the status of the app key first. If the status is set to "revoked," Apigee will not allow the call go through. See the API for approving or revoking an API key for a developer app.
  • (3) Shows the key status for all keys associated with a developer app. A revoked app cannot access any API products and cannot invoke any API managed by Apigee. See the API for approving or revoking all keys for a developer app.
{
  "accessType": "",
  "appFamily": "default",
  "appId": "6ed3a4d1-4733-439a-80a4-0d71149ec9ad",
  "attributes": [
    {
      "name": "DisplayName",
      "value": "AnotherTestApp"
    },
    {
      "name": "Notes",
      "value": ""
    }
  ],
  "callbackUrl": "",
  "createdAt": 1415728893126,
  "createdBy": "wwitman@apigee.com",
  "credentials": [
    {
      "apiProducts": [
        {
          "apiproduct": "Weather-Product",
          "status": "revoked" // (1)
        }
      ],
      "attributes": [],
      "consumerKey": "giIC9Au6XP82wJ1oxZuQU4L75OdNKLhb",
      "consumerSecret": "SXg8JizqeTA8j3gX",
      "expiresAt": -1,
      "issuedAt": 1415728893154,
      "scopes": [],
      "status": "approved" // (2) 
    }
  ],
  "developerId": "Z2S37rxX2Suzkwtg",
  "lastModifiedAt": 1420682967414,
  "lastModifiedBy": "wwitman@apigee.com",
  "name": "AnotherTestApp",
  "scopes": [],
  "status": "approved" // (3)
}