This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Is Apigee needed while consuming API within a shared PC in GCP since communication is internal

Posted on 06-13-2022 09:50 PM
abhijithsh
Bronze 5
Bronze 5
Reply posted on --/--/---- --:-- AM

I was having some questions and confusions while implementing this. An internal API inside GCP has to be added to Apigee and this will be consumed by another service within same GCP. I am trying to find answers to these questions

1. In this case both client and API is in same GCP. When API is added to Apigee, will the request travel through internet or inside the internal network. 

2. If it is travelling through internet, is it not better to not add the proxy to Apigee. Rather communicate directly to the API.  

3. Since Apigee exposes the API to internet, is there any way I can allow only requests from a particular client using IP address or something.

Thanks in advance. @dchiesa1 @API-Evangelist 

0 2 82
Topic Labels
0 Likes
2 REPLIES 2

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

1. Your choice. Probably you will want the data traffic to remain on the GCP-managed network. (VPC to VPC).  You have the option to alternatively route traffic via a public network. 

2. I think the decision on whether to manage the API through Apigee is independent of the data path. You should use Apigee if you want the API Management capability, including things like authentication+authorization (verifying API keys or OAuth tokens),  rate limiting, monetization, transformation, security mediation, payload transformation, etc.  The data path is a separate concern.

3. Yes, Apigee has flexibility in how you can restrict things. There is an AccessControl policy which can restrict by IP Address. Of course that's not very friendly to apps that move around on the internet, such as mobile clients.  In that case the client will have a varying IP Address over time, so using an AccessControl policy that restricts by IP Address will be unsatisfactory.  Your question said "or something".  You can also restrict or validate based on client credential (apikey) or based on client TLS certificate (Transport layer security).  Or some combination of those things.

0 Likes

Posted on --/--/---- --:-- AM
abhijithsh
Bronze 5
Bronze 5
In response to dchiesa1
Reply posted on --/--/---- --:-- AM

Thanks for the quick reply on this @dchiesa1 

1.  Is the network restriction, the one we do while configuring the Apigee.

2. I already have an Apigee configured which allows communication over internet. I was trying to see if there is a way to restrict the traffic in internal network for a few proxies. May be those in one environment or group.

3. Got your point on rest of the questions.

Thank you.

0 Likes
Top Solution Authors
View all