Hello,
We're leaning towards choosing Apigee as our API gateway and I have a few questions to complete the picture:
Thanks in advance,
Anton.
Solved! Go to Solution.
@Anton+Bar , Great Questions once again, Please find answers below,
Does Apigee allow at attach our own ID string to a developer who signs up and getting it later along with the parameters of each API call?
We have our Terms of Service which each Developer who signs up has to accept as a "click through", basically check a box that he or she agrees to the ToS. Is this possible in the Apigee dev portal?
How can we extract the data stats collected by Apigee for our own BI system?
I recall that the data retention is 90 days, and I assume that after that the data is archived or deleted. Correct?
That's correct. But, You can take the backup to your own systems using the Apigee Analytics APIs. If it's on-premise , Basically you manage the data & retention.
About data retention again - what kind of data is deleted after the retention period ends?
How can we ensure in our API target endpoint that it's the Apigee proxy that's calling us and not some imposer?
Hope it helps. Keep us posted if any.
@Dino - thought you might be interested in this one
@Anton+Bar , Great Questions once again, Please find answers below,
Does Apigee allow at attach our own ID string to a developer who signs up and getting it later along with the parameters of each API call?
We have our Terms of Service which each Developer who signs up has to accept as a "click through", basically check a box that he or she agrees to the ToS. Is this possible in the Apigee dev portal?
How can we extract the data stats collected by Apigee for our own BI system?
I recall that the data retention is 90 days, and I assume that after that the data is archived or deleted. Correct?
That's correct. But, You can take the backup to your own systems using the Apigee Analytics APIs. If it's on-premise , Basically you manage the data & retention.
About data retention again - what kind of data is deleted after the retention period ends?
How can we ensure in our API target endpoint that it's the Apigee proxy that's calling us and not some imposer?
Hope it helps. Keep us posted if any.
Where can I find documentation on the first feature on this list - keeping and passing on the developer ID string?
Wow, I'm not sure there's a whole lot of documentation on the developer ID. Apigee Edge manages several kinds of "entities" to support secure access to APIs. These entities are:
Each entity, when created, implicitly gets a unique "id".
The normal course of action is:
Does this make sense?
Does it answer your question regarding "keeping and passing on" the developer ID? If not, what do you mean by "passing on" ?
@Dino , I believe @Anton+Bar is talking about Developer Custom Attributes. For example, Let's say i have a internal team member who is consuming APIs. Every team member will have an internal Id. They might need to access this in run time for various purposes.
@Anton+Bar , Am i right ?
Yes @Anil Sagar, you are right, that's exactly what I mean. We need to get something that identifies the application that calls our Target Endpoint. This is because some partners that use our API's get results that are different than the rest.
Let me take a step back - Freightos.com is a marketplace for instant quotes for international door-to-door freight. Everyone can sign up and search for quotes, however larger partners that have private rates on some routers can import them to the marketplace and get them when someone searches for rates on through their software. These rates are private and should not be available to anyone else.
This is why we need to identify the application / developer that calls our API.
Actually identifying an application is even better because the same developer could have different applications pulling different rates.
As you see, this feature is critical for our workflow.
Possible? Thoughts?
@Anton+Bar , Absolutely possible, You can have App Attributes similar to Developer Attributes. You can use these Attributes in API runtime & implement business logic.
For example,
When silver partner creates an app & access API /hello he will get response like ,
{ "hello": "world", "premiumcontent1": "secretdeal1", "premiumcontent2": "secretdeal2", }
When Public Developer creates an app & access API /hello he will get response like,
{ "hello": "world"}
I have created a sample poc for you where you can play with same. Too see it in action. Follow below steps.
http://apigee4mv4d-test.apigee.net/v1/hellomock?apikey=YOURKEYHERE
You should see,
{ "hello": "world" }
Now,
http://apigee4mv4d-test.apigee.net/v1/hellomock?apikey=YOURKEYHERE
You should see response like,
{ "hello": "world", "premiumcontent1": "secretdeal1", "premiumcontent2": "secretdeal2" }
As you can see, Same API different response based on Developer Type.
API Proxy Screenshot, See verify api key, Access Entity policies in request & assign message policies with conditions that sends above response based on the attribute value.
Hope it helps. Keep us posted if any.
@Anil Sagar, can you pls post a Access Entity policy XML that gets an app value called "partner-id" and add it to the query parameters received by the target endpoint? I read all the docs you have and am still at lost on this one...
Actually I managed to get it through the verification as you previously suggested. The Trace feature is very helpful. Here's how I did it:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <AssignMessage async="false" continueOnError="false" enabled="true" name="Set-Partner-ID"> <DisplayName>Set Partner ID</DisplayName> <Properties/> <Copy source="request"> <Headers/> <QueryParams/> <FormParams/> <Payload/> <Verb/> <StatusCode/> <ReasonPhrase/> <Path/> </Copy> <Add> <Headers> <Header name="freightos-partner-id">{verifyapikey.verify-api-key.freightos-partner-id}</Header> </Headers> </Add> <Set> <Headers/> <QueryParams/> <FormParams/> <!-- <Verb>GET</Verb> --> <Path/> </Set> <AssignVariable> <Name>name</Name> <Value/> <Ref/> </AssignVariable> <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables> <AssignTo createNew="false" transport="http" type="request"/> </AssignMessage>
@Anton+Bar , You don't need to use Access Entity policy to retrieve app attributes. When you verify App key using verify API key policy, App Attributes are automatically populated by Apigee. They are available as flow variables. You can use same & send it to target using Assign Message Policy. For developer attributes, You need to use Access Entity Policy if you would like to retrieve the developer attributes.
Assign Message Policy that adds partner-id to target,
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <AssignMessage async="false" continueOnError="false" enabled="true" name="AddQueryParamTarget"> <DisplayName>AddQueryParamTarget</DisplayName> <Properties/> <Set> <QueryParams> <QueryParam name="partner-id">{verifyapikey.Verify-API-Key-1.partner-id}</QueryParam> </QueryParams> </Set> <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables> <AssignTo createNew="false" transport="http" type="request"/> </AssignMessage>
I have created a proxy that has Verify API key in request that takes the key verifies it, When it happens apigee auto generates the flow variables that includes app attributes. I am using same in Assign Message Policy to add it to request that will be sent to target.
You can see same in action by following below steps,
1. Create an account in developer portal here,
http://dev-4mv4d.devportal.apigee.io/user/register
2. Create an App
http://dev-4mv4d.devportal.apigee.io/user/me/apps/add
3. Provide Partner Id (App Attribute) of your choice & Select Product as helloMock
4 . See the app details, Get the app key,
5. Make API call to proxy, Replace the api key from the app consumerkey
http://apigee4mv4d-test.apigee.net/v1/hellomock?apikey=6FGWRwqpCzocluH578qD1eFnq3DjPvBm
6. See response, Query Params, I am using httpbin.org/get as target which sends back the request. Notice args, It has partner-id that developer has given while creating the app.
See attached proxy for your reference,
Proxy Trace ,
Hope it helps.
Another followup question @Anil Sagar- how do I enable the Legal module? I don't see any modules in the Admin site...
@Anton+Bar , Do you have access to Apigee Drupal based Developer Portal ? OOB, It looks something like site here, dev-4mv4d.devportal.apigee.io . By default, It's not available for trial users.
Believe me, Apigee is just not about building APIs / Managing APIs like transformation, mediation, traffic management like above. We believe API Gateway is a commodity already though Apigee API Gateway is very powerful & has many out of the box features.
Apigee value comes with End to End visibility using Analytics, Handling billions of API calls with SLA's like 99.999%, Developer Services which provides flexibility & on boarding partners within matter of hours using self service portal powered by famous open source CMS Drupal, Scaling your APIs using Apigee Edge powerful cache features, API SmartDocs Documentation and many more. Just FYI, 60% of Top World Global Retailers API traffic is powered by Apigee & We handle thousands of TPS, Billions of API calls every day on cloud including events like Black Friday.
Many see API Management as API Gateway, But, We see it as Digital Transformation value chain that connects End User -> App -> Developer -> APIs -> API Team -> Backend & Apigee offers capabilities that helps you achieve same using API Services, Analytics Services, Developer Services, Monetization Services.
Another followup question - how do I enable the Legal module? I don't see any modules in the Admin site...
@jwyatt FYI
User | Count |
---|---|
1 | |
1 | |
1 | |
1 | |
1 |