Solved: What is the recommended method to restrict access ...

mail-2 · 07-16-2020 07:42 AM

Hello!

What is the recommended method to restrict access to the backend to the Apigee platform?

Also links to the relevant section in the manual are welcome.

Cheers

Raffael

dchiesa1

With Apigee SaaS (current generation), the two most common approaches are:

mTLS
IP whitelisting at the firewall

With Apigee hybrid, you have more options because you can co-locate the Apigee gateways on the same network as your backend. You can design your VPCs the way you like.

This will also be true with the next generation SaaS offering!

View solution in original post

Report Inappropriate Content

To restrict access you can use API key verification, Oauth 2.0, JWT, LDAP, etc.

I would suggest going for Oauth 2.0. There is a scope attribute in this, which can be used for restricting access.

You can also use any third-party identity access management system with service-callout.

mail-2

I was more thinking about how to restrict access to the backend itself - on a lower network level. Technically your suggestions don't prevent access to the backend but usage of services on the backend.

Report Inappropriate Content

It seems you want to add authentication. As you specified restrict access, I answered regarding authorization.

For authentication, you can use Access-Control that is used for whitelist and blacklist of client ip. Other security policies in apigee also restricts access to backend.

dchiesa1

With Apigee SaaS (current generation), the two most common approaches are:

mTLS
IP whitelisting at the firewall

With Apigee hybrid, you have more options because you can co-locate the Apigee gateways on the same network as your backend. You can design your VPCs the way you like.

This will also be true with the next generation SaaS offering!