Organizing client app ownership

This page describes tools and strategies used to organize client app ownership.

Using AppGroups to organize app ownership

This section provides an overview of AppGroups and how to manage them.

What are AppGroups?

An AppGroup represents a relationship between one or more apps that are managed by the same set of people.

An AppGroup is associated with another system that is responsible for managing the roster of people who share responsibility for these apps, such as a portal. Both Apigee apps and Apigee developers are associated to the AppGroup.

AppGroups provide:

A method of organizing and viewing app ownership and associations.
The ability to create a roster for a portal or API storefront of workers who are responsible for an app. For example, you might set up different AppGroups for billing purposes.
Flexibility for tracking app ownership by partner, business unit, product line, division, or other corporate entities.
A potentially multi-level structure for tracking how apps are logically related to app owners and developers.

IAM roles and permissions

To control permissions required for AppGroup management, you can view and grant roles using the permissions panel on the IAM & Admin > IAM page in your Google Cloud project.

Go to IAM & Admin

The following table lists the role and the corresponding individual permissions required to create and manage AppGroups resources.

IAM role name Role scope Required permissions Description

Apigee Developer Admin

Developer admin of apigee resources

IAM role name	Role scope	Required permissions	Description
Apigee Developer Admin	Developer admin of apigee resources	Managing AppGroups: `apigee.appgroups.list` `apigee.appgroups.get` `apigee.appgroups.create` `apigee.appgroups.update` `apigee.appgroups.delete` Managing AppGroup apps: `apigee.appgroupapps.list` `apigee.appgroupapps.get` `apigee.appgroupapps.create` `apigee.appgroupapps.manage` `apigee.appgroupapps.delete` Managing app keys for AppGroups: `apigee.appkeys.get` `apigee.appkeys.create` `apigee.appkeys.manage` `apigee.appkeys.delete`	Allows managing AppGroups and associated apps and keys. Users with this role have the ability to manage all aspects of AppGroups unless individual permissions are removed.

Managing AppGroups:

apigee.appgroups.list
apigee.appgroups.get
apigee.appgroups.create
apigee.appgroups.update
apigee.appgroups.delete

Managing AppGroup apps:

apigee.appgroupapps.list
apigee.appgroupapps.get
apigee.appgroupapps.create
apigee.appgroupapps.manage
apigee.appgroupapps.delete

Managing app keys for AppGroups:

apigee.appkeys.get
apigee.appkeys.create
apigee.appkeys.manage
apigee.appkeys.delete

Allows managing AppGroups and associated apps and keys. Users with this role have the ability to manage all aspects of AppGroups unless individual permissions are removed.

Viewing and managing AppGroups

This section shows how to view and manage AppGroups. You can manage AppGroups and AppGroup apps via the Apigee APIs and Drupal portals.

AppGroup settings

AppGroups include these settings:

Setting	Description
Name	Required. The AppGroup name. AppGroup names must be unique across an organization. Allowed characters are alphanumeric characters and any of these special characters: ._\-$ %.
AppGroup Id	Created automatically and not editable. Created in the form "OrgName@@@AppGroupName". For example, with an Apigee org name `XYZDev` and AppGroup name `ABCMarketing`, the AppGroup Id is `XYZDev@@@ABCMarketing`.
Display Name	Optional. A friendly display name for the AppGroup.
channelId	Optional. Identifies the system responsible for creating and managing the AppGroup. This could be a storefront or marketplace. Multiple AppGroups might share the same channelId.
channelUri	Optional. Reference to the group of people who share responsibility for the AppGroup. Often the channelUri links to or refers to a group or team in a developer portal or other system such as Apigee's Drupal Teams module.

Managing AppGroups using Drupal-based portals

Apigee's Team module for Drupal works with AppGroups in Apigee X and hybrid and is the primary interface for managing AppGroups. For information on Drupal-based portals, see Building your Portal using Drupal.

Managing AppGroups using the Apigee APIs

Use these APIs to manage AppGroups in your orgs:

Activities	Link
View and manage AppGroups	https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.appgroups
View and manage the apps that belong to AppGroups	https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.appgroups.apps
View and manage the app keys associated to AppGroups	https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.appgroups.apps.keys

AppGroups limitations and known issues

In Apigee hybrid, AppGroups are available in versions 1.10.0 and later.

At this time AppGroups do not support:

Quota enforcement
Updates to the scope for API keys
Monetization

Migrating from Apigee Edge for Drupal users

Migrating a company-developer and its role involves creating an AppGroup representing the company, and adding the company-developer and its role(s) as custom Attributes of the AppGroup. The expected syntax to store this is:

[{
      "developer":"<developer email>",
      "roles":[
        "<role(s)>"
      ]
    },
    ...
]

Using developer-app association to organize app ownership

A less comprehensive and flexible method of tracking app ownership than AppGroups is tracking apps by developer association.

For information on managing developer-app associations, see Registering app developers for information on registering developers and associated apps.