Technical Articles
F5 SMEs share good practice.
Showing results for 
Search instead for 
Did you mean: 
Custom Alert Banner
F5 Employee
F5 Employee

This article covers the use case to use APM and an external API Server to store DeviceID+.


As you learnt in the previous articles in this series, DeviceID+ is a way to "identify" a user. And of course, it is a great solution to combine with F5 APM (Access Policy Manager) -


The F5 Shape DeviceID+ solution does not store the IDs anywhere. It is up to you to store/use/consume them on your own. To do so, I propose to use an external API Server to store the DeviceID / Username peer.





First of all, watch the demo video to understand the use case and the outcomes:




The API Server:

The API server has a Swagger UI installed so you can "watch" the API (go to /explorer)







Structure of the API

Below is the structure of the API payload. As you can see, we store the username with the associated DeviceIDs


    "username": "dierick",
    "deviceid": [



The REST calls used by APM


1. GET DeviceID per username


GET /api/deviceids/findOne?filter={"where":{"username":"dierick"}}


2. POST a new DeviceID


POST /api/deviceids HTTP/1.1
      "username": "dierick",
      "deviceid": [


3. UPDATE DeviceID per username


POST /api/deviceids/upsertWithWhere?where={"username": "dierick"} HTTP/1.1
      "deviceid": [



The iRule to collect the DeviceID from the Shape cookie


  log local0. "Access Session Started"
  if [HTTP::cookie exists _imp_apg_r_] {
    set deviceid [URI::decode [HTTP::cookie _imp_apg_r_]]
    log local0. "URL Decoded cookie is $deviceid"
    set deviceida [lindex [regexp -inline -- (?:"diA":")(.*?)(?:") $deviceid] 1]
    log local0. "diA = $deviceida"
    set deviceidb [lindex [regexp -inline -- (?:"diB":")(.*?)(?:") $deviceid] 1]
    log local0. "diB = $deviceidb"
    log local0. "IP is [IP::client_addr]"
    log local0. "Path os [HTTP::path]"
    ACCESS::session data set session.logon.deviceid $deviceid
    ACCESS::session data set session.logon.deviceid.A $deviceida
    ACCESS::session data set session.logon.deviceid.B $deviceidb
  } else {
  log local0. "No cookie"



The APM Per Request Policy


Below an example using the APM Per Request Policy. A Per Request Policy is required instead of a Per Session Policy in order to use the HTTP Connector.

HTTP Connector is a REST API client. Create the different CALLS, and assign each call in the right branch (new DeviceID, update DeviceID ...)




Version history
Last update:
‎22-Jun-2021 08:12
Updated by: