Security best practices/approaches - between Apigee Cloud and internal systems

Not applicable

In the attached diagram below, it shows how Apigee cloud can call Internal Systems and that there's an internal firewall and secured connection etc.

In other words "Proxy Endpoint" (Api cloud) can call "Target Endpoint" (Internal Systems) in a secure fashion. I'm trying to figure out how that security part can be implemented (best practices/documentation link)

More info.......

I have a developer account (my company will eventually get a license) and want to call a service that's on one of our internal systems.

I'm trying to find documentation for our Infrastructure team, in terms of how to secure calls from my account on apigee cloud and our internal systems

For instance - Can I white List an IP address?

apigeeclouddeploymentmodel.jpg

Solved Solved
0 2 1,333
1 ACCEPTED SOLUTION

sgilson
Participant V

You might start with the doc on SSL, including making secure calls to a backend server:

http://apigee.com/docs/api-services/content/ssl

There is other doc as well, including this page on "last-mile security"that might address some of your questions:

http://apigee.com/docs/api-services/content/last-mile-security

Stephen

View solution in original post

2 REPLIES 2

sgilson
Participant V

You might start with the doc on SSL, including making secure calls to a backend server:

http://apigee.com/docs/api-services/content/ssl

There is other doc as well, including this page on "last-mile security"that might address some of your questions:

http://apigee.com/docs/api-services/content/last-mile-security

Stephen

@Amit A Phatarphekar For your question about whitelisting -- for paid orgs, support can give you message processor IP addresses to whitelist.

However, Apigee will sometimes scale the number of MPs if traffic is running at close to capacity or is expected to do so, or to fix certain issues with backends under load. This can be difficult if the whitelisting process takes a significant amount of time, which it often does at larger organizations. Whitelisting is also not as secure as 2-way SSL, which is why we generally steer people toward 2-way SSL where possible.