API Platform Cloud Service – Application Key override rules


Consumers create Applications on the Developer Portal and register to the APIs that they intend to consume.
The Developer portal generates a default Application Key (AppKey) as an identifier for every Application, during creation.
Often, consumers/developers may wish to override the default AppKey far various purposes. A common use case is to allow for pre-existing identifiers within the company to be used.

Note that the following rule exists when overriding an AppKey –
“The AppKey cannot be empty, its trimmed value can not contain space, and its trimmed length can not be less than 9 characters”

As of API Platform Cloud Service – ‘Release 17.3.3-88 – September 2017’, the above rule is not enforced during edit of the AppKey on developer portal. This could lead to further errors during deployment of the registered API to a target gateway. The following section details the issue and how to avoid them by choosing a proper AppKey.


Consider an Application that registers to an API of interest. The application would have a default generated AppKey as shown below.


Now when a developer overrides the default AppKey with a short AppKey, the developer portal will save and display the new AppKey without any errors, as shown below.
During the next polling cycle, the registered API with the above mentioned AppKey based policies is deployed to the gateway and the app subscription with the modified AppKey details is synced to the gateway nodes.



Now if the API uses the AppKey as part of the configured policies, the above edit will cause failure during runtime. Examples of API policies that use the AppKey are ‘Key Validation’ and ‘Application Based Routing’.

During testing, when a request is submitted to the API using the new AppKey, an HTTP 401/ unauthorized runtime error is encountered.

This is caused due to the gateway not being updated with the latest changed AppKey
On closer inspection, one can see that the app subscription has failed validation on the gateway node due to the short AppKey
This can be seen from the API Platform server diagnostic logs as an error like below at the time of saving the Application

"errorSummary":"setting AppKey failed with Status:400 message: {\"SOAPException\":{\"message\":\"The AppKey cannot be empty, its trimmed value can not contain space, and its trimmed length can not be less than 8.\"}}
Meanwhile, the requests that use the original AppKey will continue to work correctly.

The fix for this issue is to ensure that an AppKey which is at least 9 characters long is used, without counting any leading or trailing spaces.

  Ensure that an AppKey is at least 9 characters long after trimming the leading and trailing spaces !

Also, note that this issue will be resolved in near future upgrade of the API Platform Cloud service. The fix will enforce the required AppKey validation on Developer portal !

Add Your Comment