This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Use Apigee in between client and other API's

Posted on 01-25-2015 09:08 AM
Not applicable
Reply posted on --/--/---- --:-- AM

Hi all

We a developing a system with a bunch of plugins for different CMS systems and would like to now how we can use apigee in the best way.

The plugins we have created are communicating with our server by JSON formatted API calls and executed by our customers (CMS administrators). Our server then saves the data in MySQL databases and creates another JSON formatted API call to external API's. Each of these API's have different names and formats since they originate from various corporations. The response is handled, saved to the database and a complete answer to the plugin is made (JSON response).

We were planning to use apigee in between our server and the plugins. That way the dataflow would look like this: Plugin (request) -> apigee -> our server -> corporations -> our server -> apigee -> plugin (answers)

Now my question is if this is the correct way? Also, how do I authorize my users? We have a user database at the server with email and password for all users and almost all API calls should only be available with an active user account. I would prefer an authentication process that would work with the API call instead of having to firstly make a token and secondly an API call. This is because I think it is faster since most users will only make a single api call per day.

I will appreciate all and any input in regards to our setup 🙂 Have a nice day.

Kind regards

Anders

Solved Solved
0 4 932
Topic Labels
Jump to Solution
0 Likes
Reply
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

Hello Anders,

This is a perfectly reasonable implementation of an Apigee proxy and the expected flow.

There are a number of options with regards to authorization. It appears you would not want to use OAuth2 for your API since this requires first making a call to get an access token before calling the proxy. I recommend that you at least use a VerifyApiKey policy, which would only require sending in a valid API key as a query parameter. For any production API, that is the minimum you would want to do.

There are a number of ways to implement user authorization. Since you already maintain a database of active users, you could have user names and passwords set in a header (preferred) or query parameter and send that to your backend. Your backend could query your user database and continue with the operation if all is well or return an error (usually a 401 Unauthorized).

View solution in original post

Jump to Solution
0 Likes
Reply
4 REPLIES 4

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

Hello Anders,

This is a perfectly reasonable implementation of an Apigee proxy and the expected flow.

There are a number of options with regards to authorization. It appears you would not want to use OAuth2 for your API since this requires first making a call to get an access token before calling the proxy. I recommend that you at least use a VerifyApiKey policy, which would only require sending in a valid API key as a query parameter. For any production API, that is the minimum you would want to do.

There are a number of ways to implement user authorization. Since you already maintain a database of active users, you could have user names and passwords set in a header (preferred) or query parameter and send that to your backend. Your backend could query your user database and continue with the operation if all is well or return an error (usually a 401 Unauthorized).

Jump to Solution
0 Likes
Reply

Posted on --/--/---- --:-- AM
Not applicable
In response to
Reply posted on --/--/---- --:-- AM

Thank you for your answer. I am correct that the solution of a dataflow like this

Plugin (request) -> apigee -> our server -> corporations -> our server -> apigee -> plugin (answers)

is a APIGEE proxy setup while a flow like this

Plugin (request) -> apigee -> corporations -> apigee -> plugin (answers)

is an APIGEE BaaS setup? It would be interesting if this is possible since we are looking at dropping our current LAMP setup and having our entire system hosted in the cloud.

Jump to Solution
0 Likes
Reply

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

Anders,

Your flow is very common to what we provide in many of our solutions. Depending upon what your target is doing, you may want to call the third party target directly or from Apigee and do a mashup in Edge. Here is a sample flow diagram that I think illustrates your options:

94-cdraw.png

Many variations possible, but this is what I think you described in your original question. This is precisely what Edge was built for.

Regards,

David

Jump to Solution
0 Likes
Reply

Posted on --/--/---- --:-- AM
Not applicable
In response to
Reply posted on --/--/---- --:-- AM

Hi David.

Thank you for your answer. If I am to make external calls from Apigee to lets say a resource called: www.test.com/api/people?name=frank what policy would be the correct one to use?

Best regards

Jump to Solution
0 Likes
Reply