I am using APIM 4.2.0 where I am subscribing API in an application ABC and using the API key as an authentication. It works fine when subscribing to the API and generates apikey after subscription.
Now I have subscribed another API in the existing application ABC and want to use the existing apikey that was generated earlier but it gives 403 forbidden when calling the new API with the old apikey. it works when generating a new API key but won't work on the old one.
Why is the old API key not being used for the newly subscribed API?
You can use the following configuration to get this behaviour.
However, it is recommended to keep this as
true. You can refer the official documentation [1] for more information.[1] - https://apim.docs.wso2.com/en/latest/design/api-security/api-authentication/secure-apis-using-api-keys/#validation-of-api-subscriptions