Solved: Re: Secure connection between back-end API and Api...

murhaforarticle · 06-01-2021 07:00 AM

Hi,

I would like to establish connection between Apigee EDGE and my back-end service, using OAuth2.
It is very good documentation how to do that, but there is a question:

If credentials are checked on Apigee EDGE side, it means everyone who know back-end server IP or DNS can access data without of any creds.

How to protect back-end server.

I discovered that trafic from Apigee EDGE comes from small amount of IPs:
34.121.117.173

35.238.134.168
35.238.203.12
35.238.87.87

It means, I have to create inbound firewall rules allow trafic only from these IPs or not?

Is it good idea to use Apegee Edge micro agent on my kubernetes cluster? What are advantages of this approach?

In general, what is the best practice to protect back-end api server connected to Apegee and uses Apigee OAuth2 or Apikey?

Thank you!

Report Inappropriate Content

Firewall is a good option.

You can do mutual TLS. I feel that will be better one. We do use mutual TLS.

View solution in original post

murhaforarticle

I moved a little bit further in this direction.

Will post to these sources:

https://community.apigee.com/questions/92273/secure-communication-channel-between-apigee-and-gk.html

https://discuss.kubernetes.io/t/nginx-ingress-kubernetes-io-auth-tls-verify-client-on-is-not-working...