Skip to main content

Pre-configured shared flows

Combine policies and resources into a shared flow that you can consume from multiple API proxies, and even from other shared flows. Although it's like a proxy, a shared flow has no endpoint. It can be used only from an API proxy or shared flow that's in the same organization as the shared flow itself.Google Apigee Docs

Shared_preFlow-clientCredentials-v1

Specify the policy name in the format {Abbreviated-Policy-Type}_{Purpose of the policy}. In Shared Flow, select Shared_preFlow-clientCredentials-v1. This policy does the following:

  1. raiseFaultCORS: changes the error response to include CORS with each API call.
  2. spikeArrest: restricts the number of API calls possible per specific unit of time.
  3. verifyApiKey: makes sure that the request contains a correct API key.
  4. verifyAccessToken: checks token validity in the client credentials.
  5. imposeQuota: allows establishin a quota for the API.
  6. removeApikeyHeader: removes the user API key from the request before allowing it to pass through to the backend.

The list of shared flows commonly used are:

  • Shared_preFlow-clientCredentials-v1
  • Shared_preFlow-v2
  • Shared_preFlow-clientCredentials-withoutQuota-v1

Policy reference overview