How to use PAPI to create Application with hashed secret (with specified apikey and secret)

book

Article ID: 207419

calendar_today

Updated On:

Products

CA API Developer Portal

Issue/Introduction

Start from portal 4.5, hashed secret is supported.

It can be enabled as per document,

https://techdocs.broadcom.com/us/en/ca-enterprise-software/layer7-api-management/api-developer-portal/4-5/set-up-and-maintenance/enable-hash-client-secret.html

 

But if the application is created with specified apikey and secret (via PAPI), the secret is still shown as plain text.

Environment

Release : 4.5

Component : API PORTAL

Resolution

As a work around, need to create application without specifying apikey/secret, then update the application with the specified apikey/secret.

Example,

1. create application with payload as below,

POST /Applications

{
 "ApiIds": {
                "results": [
                  "ecc3c2d6-729a-48b5-b7bf-34c7710e2111"
                ]
              },
"ApiApiPlanIds": {
                "results": [
                  {
                    "ApiUuid": "ecc3c2d6-729a-48b5-b7bf-34c7710e2111",
                    "ApiPlanUuid": "7611bd55-d846-4b65-87e3-4c68224bf454"
                  }
                ]
              },
  "Name": "testappbymarkPAPI",

  "OrganizationName": "Sample Org",
  "OrganizationUuid": "e69e34f1-1977-43f0-9bbe-c22d6dc5c4b3",

  "Uuid": "9dcc89c6-6027-11eb-bc45-005056b278cb"
}

 

The application created with random key and secret, shown as below,

And go back to portal UI, the secret is hashed as expected,

2. update the application with specified apikey and secret, (the apikey is now ending with "0588")

PUT /Applications('{uuid}')

uuid: 9dcc89c6-6027-11eb-bc45-005056b278cb

Body:
{
"KeySecret": "aee5f76d3b43420eb24129af3a66b62a",
"ApiKey": "l7b8cdaab345bd44efa8479a2eff4bb0588",
"OauthScope": "OOB",
"OauthCallbackUrl": "",
"OauthType": "public",
"MagMasterKey": "51a4c71b-97c8-4fc3-b259-42b81e1b3039",
"ApiIds": {
                "results": [
                  "ecc3c2d6-729a-48b5-b7bf-34c7710e2111"
                ]
              },
"ApiApiPlanIds": {
                "results": [
                  {
                    "ApiUuid": "ecc3c2d6-729a-48b5-b7bf-34c7710e2111",
                    "ApiPlanUuid": "7611bd55-d846-4b65-87e3-4c68224bf454"
                  }
                ]
              },
  "Name": "testappbymarkPAPI",

  "OrganizationName": "Sample Org",
  "OrganizationUuid": "e69e34f1-1977-43f0-9bbe-c22d6dc5c4b3",
"Status": "ENABLED",
"Uuid": "9dcc89c6-6027-11eb-bc45-005056b278cb"
}

 

Now, the application is updated with specified apikey/secret and the secret is still hashed.

Additional Information

https://techdocs.broadcom.com/us/en/ca-enterprise-software/layer7-api-management/api-developer-portal/4-5/set-up-and-maintenance/enable-hash-client-secret.html

Attachments