Open in app

Sign in

Write

Sign in

Apigee Edge on a Page

Chary Lingachary
6 min readJul 2, 2021

If you are new to the Apigee Edge product, this is everything you need to know about it in a nutshell.

Apigee Edge is an API Managemenuctt Platform from Google. It's designed to protect services by creating an API gateway.

API Gateway acts as an entry point for both internal and external clients and controls access to both backend resources such as applications, web services, databases, queues, and files and external resources such as SFDC, Workday, and Vertex. It can publish APIs, products, and bundles, enforce security and rate limits and offer tiered rate plans.

Within Apigee Edge, there are four areas you can work on.

In the development area, you can

  • design APIs by describing them in Open API Specification (OAS) format or import them from an URL or a file.
  • create proxy APIs, a SOAP service, a no target API proxy, hosted target, or simply upload a proxy bundle. You can also create shared flows

In the publish area, you can

  • create an API product
  • create developer portal and
  • register developers and apps

In the analyze area, you can

  • define API metrics and monitor API performance, cache performance, and target performance
  • analyze error codes and latency
  • monitor developer engagement and traffic composition
  • monitor devices and
  • view built-in reports and generate custom reports

In the admin area, you can

  • create a cache, flow hooks, key-value maps, references, target servers, and key stores
  • add extensions (Google, AWS, Salesforce, and Informatica)
  • define roles and users
  • define virtual hosts
  • define security and privacy officers and
  • view audit logs

Apigee Apps

You can create a good number of apps in Apigee Edge. They are

  • Reverse Proxy
  • SOAP Service
  • No Target Service
  • Node.js App
  • Shared Flow

Reverse Proxy

At the center of the Apigee platform is the Reverse Proxy. A proxy can be created from scratch or from an existing Open API Specification (OAS). The proxy can be secured with

  • an API Key or
  • with OAuth

In both cases, Apigee can generate an API Key or act as an OAuth provider.

From an API proxy, you can create an API product and an API package. API product is a collection of proxy APIs and an API package is a bundle of API products created mainly for metering and monetization purposes.

An API Proxy routes the request to a target endpoint which may be either behind a firewall or another SaaS service. It’s deployed on the edge API gateway.

SOAP Service

If you have an existing SOAP service that needs to be exposed as a RESTful endpoint, SOAP Service is the option.

No Target API Proxy

As the name suggests, this proxy doesn’t have any targets.

Hosted Target

You can create a new node.js application as a backend resource and host it in Apigee Edge.

Shared Flow

Shared flows are like sub-flows that can be reused across multiple API proxies. Shared flows may have policies and resources but cannot contain an endpoint.

API Policies

Policies are how you configure proxy behavior in Apigee. There are four types of policies: traffic management, security, mediations, and extensions.

Traffic Management

In addition to securing target service, you can also manage traffic by defining several policies: Quota, Spike Arrest, and Concurrent Rate Limit.

While quota policy limits the number of API requests over a period of time, spike arrest protects against traffic surges and concurrent rate limit policy throttles traffic to slow targets.

Security

Security involves controlling access to target resources. This is implemented by controlling access to proxies. There are several types of security policies that can be implemented.

API Key

Also known as the consumer key, this is the simplest one to implement. It requires an API product and a developer app to create an API key. A client app submits the request along with the API key which is then validated by VerifyAPIKey policy.

An example of an API Key: lP4AWbbeGsRDqfn7gwKNr0GPKjAi62HU

OAuth 2.0

OAuth is the preferred way of securing proxies. Apigee acts as an authorization server and supports all four grant types: auth code, implicit, password, and client credentials.

SAML

Apigee Edge can also act as an Id Provider (IdP) and validate SAML tokens on inbound requests.

Content-Based Security

Message content or payloads are significant attack vectors. To protect backend resources from becoming compromised, Apigee Edge supports three types of content protection: JSON threat protection, XML threat protection, and general content protection.

Data Masking and Hiding

Sensitive data may be hidden or masked from appearing in debugging and trace statements using private variables and defining masking configurators. The data to be masked may be part of JSON, XML payloads, and flow variables.

Last Mile Security

Last-mile security protects the backend resource when the proxy is bypassed and the resource is directly accessed using the resource’s endpoint URL. This can be set up using TLS/SSL, outbound authentication, and the node.js TLS module.

Mediation

Mediation is a set of policies that help you enrich or enhance payload and headers.

XML2JSON and JSON2XML

These policies can be used to convert XML payload to JSON and vice-versa.

XLSTransform

This policy lets you convert XML from one format to another using extensible stylesheet language.

AssignMessage

Assign message policy changes or creates new request and response messages during the proxy flow.

OASValidation and SOAPMessageValidation

The OASValidation policy validates request or response messages against OAS 3.0 specs. SOAPMessageValidation policy validates XML messages against their schemas and SOAP messages against WSDL.

ExtractVariables

With this policy, you can extract a part or the whole message from a request or a response and assign it to a variable.

AccessEntity

In Apigee, you can create profiles for a number of entities: App, API Product, Company, Company Developer, Consumer Key, and Developer. AccessEntity policy can be used to get or set profiles for these entities.

KeyValueMapOperations

Provides policy-based access to key-value map store available in Apigee Edge. The policy can be used on PUT, GET, and DELETE operations on a store.

RaiseFault

Apigee enables you to perform custom error handling using the RaiseFault policy.

Extensions

Extensions are a way to integrate external resources with API proxies. Apigee supports four extensions at this time: Google, AWS, Salesforce, and Informatica. This is achieved by using the ExtensionCallout policy.

Google Extensions

Apigee supports 12 Google extensions such as Google Auth, BigQuery, Cloud Firestore, Cloud Functions, etc.

AWS Extensions

Apigee supports two AWS extensions: S3 and Lambda

In addition, Salesforce extension and Informatica Integration Cloud extension are supported.

Caching

Apigee provides caching to persist data across requests. This is achieved by using cache policies. There are four policies available in this category.

  1. Populate Cache
  2. Lookup Cache
  3. Invalidate Cache and
  4. Response Cache — caches data returned from backend resource

Error Handling

API proxies automatically throw errors when certain conditions occur. In other situations, a custom error handler may be developed. The custom error handler is also useful to send meaningful error messages to the API caller. You can throw an error by using the RaiseFault policy.

Fault Rules are always evaluated when an error occurs in a proxy. In addition, the default fault rule can be defined to handle generic errors.

Apigee Tools

Apigee provides four tools that could be used for development and deployment purposes.

  1. apigeetool — it’s a command-line tool that can be used for deploying proxies and node.js applications to Apigee Edge. This is a node.js application.
  2. apigeelint — it’s a code analysis tool for proxies and shared flows. This is designed to help developers adopt best practices and avoid anti-patterns.
  3. Python Deploy Tool — this is another way to deploy proxies. This is written in python.
  4. Apigee Edge Maven Plugin — This is a build and deploy utility that can be used for offline build automation.

apigeelint, Python deploy tool, and Maven plugin are available from GitHub.

Deployment Options

Apigee Edge API platform offers multiple deployment options.

  • Apigee Edge — this is the default option where proxies are deployed to Apigee Edge Google Cloud Platform
  • Edge Microgateway — this is the on-prem version of Edge
  • Edge for private cloud — this version is for private instance of Edge
  • Apigee Hybrid — In this hybrid mode, Edge runtime is hosted by you in a compatible private k8 environment but the management plane is hosted by Google
  • Apigee Adaptor for Envoy — Envoy is an open-source edge and service proxy designed for cloud-native applications. Apigee adaptor for Envoy enables Envoy to be used as the proxy layer while leveraging Google management pane for other services

--

--

Chary Lingachary

Written by Chary Lingachary

6 Followers

Chary Lingachary is an Enterprise Architect and a Digital Evangelist. His focus areas include Smart Integrations and Accelerated Integration Ecosystem.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams