When creating an API Proxy - does the backend have to be a public URL ? What if it is inside a VPN / protected by a firewall ?

Not applicable
 
Solved Solved
0 3 899
1 ACCEPTED SOLUTION

Not applicable

Yes, the backend needs to be a public url. Apigee needs to be able to call the backend from its servers/message processors. If your backend is inside a VPN or behind a firewall you may first need to write a web service that exposes only those parts of the backend that will be used by Apigee. There are multiple ways you can do this and you can put whatever authorization you want in front of the service, but Apigee needs to be able to reach it in order to work.

View solution in original post

3 REPLIES 3

Not applicable

Yes, the backend needs to be a public url. Apigee needs to be able to call the backend from its servers/message processors. If your backend is inside a VPN or behind a firewall you may first need to write a web service that exposes only those parts of the backend that will be used by Apigee. There are multiple ways you can do this and you can put whatever authorization you want in front of the service, but Apigee needs to be able to reach it in order to work.

Not applicable

There are multiple ways to secure a target endpoint. I recommend strongly Client Certificate Authentications aka Mutual SSL. We have clients who prefer Basic Auth with IP white listing and we can accommodate those requests. But as Mike says, the endpoint has to be reachable over the public network to be accessible from the Apigee Cloud offering. On premises customers have greater options in this regard.

Hi, I am confused. Here you said that the backend must be public, but we found a document that talks about a VPN Pack:

https://apigee.com/about/sites/mktg-new/files/spec-sheets/EdgeCloud-VPNPackMay2015.pdf

Is this doc obsolete?

Thanks in advance!