Here's a really common technical use case for an API Proxy: Header Injection.

The Apigee gateway is quite powerful, able to do things like authorization, threat protection, rate limiting, quota enforcement, monetization, routing, load balancing, response shaping, and more.

ONE of the things Apigee can do is inject headers in the request that gets sent to the upstream system.

In the simplest form, a proxy works like this:

1. A client sends a request into the proxy endpoint. Maybe it's "GET /foo"
2. The proxy receives the request, and makes some decision on whether it ought to be permitted.
3. If so, the proxy send a "mirrored" request, "GET /foo" to some upstream endpoint

In the default case, the 2nd request essentially duplicates the first, except that the hostname or endpoint is different.

By using an API Proxy in front of an existing endpoint, especially a proxy that is so configurable like the Apigee proxy, we can insert a set of rules and policies that get enforced. As one example, the upstream endpoint doesn't need to worry about authentication if Apigee does the work.

But while there are 2 requests and the 2nd request by default duplicates the first one, Apigee can introduce differences. We might call this "mediation". One type of difference is: inserting or adding headers.

As an example, Apigee might receive a JWT, and then verify it. Apigee could then extract claims from the verified JWT and insert headers holding a few selected claims, into the 2nd request that goes to the upstream.

This is a really basic, foundational technique that is used by many different customers.

Here is a screencast that shows this in action.

Here is the Github repo for the proxy used in this example.

LMK if you like these videos, and what other topics I should cover.