This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Validation of requests with Apigee

Posted on 04-14-2023 01:10 PM
LauraRamirez22
New Member
Reply posted on --/--/---- --:-- AM

How can I validate in my api the requests that come from Apigee that I don't know by headers

0 2 88
Topic Labels
0 Likes
2 REPLIES 2

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

Usually this is done with mutual (aka 2-way) TLS - your upstream endpoint can validate that the incoming call used a specific TLS key. If you provision only Apigee with that TLS key, then you know the call came from Apigee. 

0 Likes

Posted on --/--/---- --:-- AM
API-Evangelist
Silver 5
Silver 5
Reply posted on --/--/---- --:-- AM

Curious why would you ignore headers?

You are discarding whole lot of patterns (ex: token exchange,signature verification, hmac etc) and it leads to only mutual tls pattern which requires proper pki infrastructure setup or by manipulating payload ( encryption/decryption of paylaod & validate) etc..

0 Likes
Top Solution Authors
View all