This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Apigee Edge - Count of API calls - Pricing - Target API Calls Vs Proxy API Calls - Which one is taken ?

Posted on 05-27-2016 09:49 PM
anilsr
Staff
Reply posted on --/--/---- --:-- AM

Apigee Edge pricing is based on number of API calls / quarter. For Example, 1 API request into Edge, which then does a mashup of 5 backend API calls, back to 1 response out of Edge. Is that counted as 1 call or 5 or 1 + 5 = 6 ?

So, Is it one proxy in & out of Apigee / Is mashup backend calls are also counted ?

Solved Solved
0 18 3,711
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
anilsr
Staff
Reply posted on --/--/---- --:-- AM

Answer is 1 ,

Backend API calls within API proxy call is not counted. Even if you make, 100 API calls inside an API Proxy to target systems , it is still counted as one.

API Count = 1 Proxy Request In & Response Out. Even if you mashup multiple API calls inside proxy it doesn't make any impact in counting logic.

View solution in original post

Jump to Solution
18 REPLIES 18

Posted on --/--/---- --:-- AM
anilsr
Staff
Reply posted on --/--/---- --:-- AM

Answer is 1 ,

Backend API calls within API proxy call is not counted. Even if you make, 100 API calls inside an API Proxy to target systems , it is still counted as one.

API Count = 1 Proxy Request In & Response Out. Even if you mashup multiple API calls inside proxy it doesn't make any impact in counting logic.

Jump to Solution

Posted on --/--/---- --:-- AM
Not applicable
In response to anilsr
Reply posted on --/--/---- --:-- AM

Just to clarify @Anil Sagar - 1 call means 1 call to Edge, that is, it goes to the domain that backed by Edge and is handled by an API proxy, correct?

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
anilsr
Staff
In response to
Reply posted on --/--/---- --:-- AM

@tpearson , Yes, 1 API call to Apigee Edge & Response back to the client. Doesn't matter what's the target / Apigee API proxy making multiple calls to backends using service callout. API calls no-target Apigee API Proxy also counted as 1. API Count = 1 Proxy Request In & Response Out.

Jump to Solution

Posted on --/--/---- --:-- AM
Not applicable
In response to anilsr
Reply posted on --/--/---- --:-- AM

@Anil Sagar, what if the api call is rejected by a rate limit, quota, or spike arrest policy? Does it still get counted for billing?

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
anilsr
Staff
In response to
Reply posted on --/--/---- --:-- AM

@Jonatan Soffer , Yes, We count them. At the end of the day we are processing them & machines are provisioned to handle the load on cloud.

But, We are more than happy to understand if you are getting >10 Billion API calls / Year in Cloud Enterprise license !!

It's a great problem to have 😉

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
alexchaly13
Bronze 3
Bronze 3
In response to anilsr
Reply posted on --/--/---- --:-- AM

Hey, want to clarify another option in case of counting API calls. We have Hosted Target App that calls existing proxies, which calls some other proxies. As the result we get full response and return it to client. As I understand we pay only for the first API call? We do not count all internal requests on proxies despite we have 1 API Call + Response from each of these proxies? It still counts as one?

P.S. Need this to be clarified cause we get a really huge amount of calls 🙂

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to anilsr
Reply posted on --/--/---- --:-- AM

@Anil Sagar In scenario where API is secured using OAuth, would that be counted as two calls- Where the consumer is calling the OAuth endpoint to get the token and then call the actual API ?

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
anilsr
Staff
In response to
Reply posted on --/--/---- --:-- AM

@Ram Krishna , Welcome to Apigee Community !

Yes, Any API Call in and out of Apigee Edge is counted as 1 call. In your case, Generate token - 1 API, Actual API - 1 API - In total 2 calls.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to anilsr
Reply posted on --/--/---- --:-- AM

Thank you @Anil Sagar for the clarification.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
rai_ashwinikuma
New Member
In response to anilsr
Reply posted on --/--/---- --:-- AM

Hi @Anil Sagar do we have this limitation even for On Premise installation?


Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
trpitta
New Member
Reply posted on --/--/---- --:-- AM

How does this work in case proxy chaining?

Client -> Proxy A -> Proxy B (proxy chain) -> Backend.

Does it count as 1 or 2?

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
dchiesa1
Staff
In response to trpitta
Reply posted on --/--/---- --:-- AM

Two! Each call handled by a proxy counts as one call.  

Jump to Solution

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

@TIM, the simple way you can understand is how many consumer/client requests.

So, in your case it's 1. Only one consumer request is served, so pricing will be only for one request.

Jump to Solution

Posted on --/--/---- --:-- AM
anilmoregfs
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

If we are counting each API call coming to Apigee against the license then how to stop them from coming inside? Because no matter which throttling, or access control policy we add in Apigee, It will still come inside. So technically any bad actor can keep sending requests to increase the number of calls and increase our cost.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
dchiesa1
Staff
In response to anilmoregfs
Reply posted on --/--/---- --:-- AM

You are correct. A good practice is to use a WAF in front of Apigee, something like Google Cloud Armor or Akamai or some other system that can present a shield against DDoS and DoS attacks, and perhaps rate limit based on IP address and etc. That wAF will give you more features that just this kind of protection.  

Of course you can use Apigee without a WAF, but you may be charged $$ for the calls that a "bad actor" sends in, as you described. 

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
anilmoregfs
Bronze 2
Bronze 2
In response to dchiesa1
Reply posted on --/--/---- --:-- AM

But isn't that a security issue and should be addressed, especially for the Apigee SaaS? Because now they don't need credentials. They just need a URL for the attack.

Jump to Solution

Posted on --/--/---- --:-- AM
bayblues
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

what about if there is an attack against invalid base paths -- the APIs don't exist in Apigee. Does this count too?

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
anilmoregfs
Bronze 2
Bronze 2
In response to bayblues
Reply posted on --/--/---- --:-- AM

End up adding cloud armor + LB in front of Apigee for better control

Jump to Solution
0 Likes