When should I put a policy in Proxy Endpoint versus Target Endpoint?

Not applicable

Hi there,

I don't understand when I should put a policy in the flow of the target endpoint versus the flow of the proxy endpoint. Can you please give me a relevant example?

Thank you,

Emilia

Solved Solved
2 9 4,709
1 ACCEPTED SOLUTION

@Emilia Ipate ,

Great Question, Take a look at our documentation that explains flows & endpoints here. Regarding your question , "I don't understand when I should put a policy in the flow of the target endpoint versus the flow of the proxy endpoint"

It depends on API Proxy requirements, For Example, If you have multiple target servers in a single proxy & you route the request to the particular target server using route rules & conditional flows. If you would like to execute some logic for a specific target server then you will use Target End Point. If you would like to execute some logic no matter what target server then you will use Proxy End Point.

For Example, Spike Arrest Policy, You would like to check for DOS attacks at the beginning of API Proxy flow, so , you generally apply this policy in Proxy EndPoint PreFlow. For Example, I would like to cache if request comes to target server 1 but not target server 2 then i will attach Response Cache Policy in Target EndPoint.

Also , Some policies can be attached only to target end point. For example, take a look at Concurrent Rate Limiting Policy which can be attached only at Target EndPoint side.

Hope it helps. Keep us posted if you have any queries.

View solution in original post

9 REPLIES 9

Not applicable

Hello @Emilia Ipate,

When you want the policies to be executed at the entry point of the proxy, you should place them in the proxy endpoint, so that when the request comes to the proxy, the policies would be executed.

Once the policies are executed, if you have a backend and want specific policies to be executed during the backend request/response, you should place them in target endpoint.

Nice documentation could be found here.

Hi @MEGHDEEP BASU,

Thank you for your fast answer. You are stating exactly what is in the documentation and I indeed read the information you mention in the link upfront.

The theory is clear and I am searching for a relevant practical example because I really don't see a use-case when for adding a policy on the target endpoint flow (except for spikeArrest mentioned in the academy video which is not a good example because everything should put it in the proxy endppoint flow to protect both the backend and the apigee infrstructure for DoS attacks).

All the best,

Emilia

@Emilia Ipate ,

Great Question, Take a look at our documentation that explains flows & endpoints here. Regarding your question , "I don't understand when I should put a policy in the flow of the target endpoint versus the flow of the proxy endpoint"

It depends on API Proxy requirements, For Example, If you have multiple target servers in a single proxy & you route the request to the particular target server using route rules & conditional flows. If you would like to execute some logic for a specific target server then you will use Target End Point. If you would like to execute some logic no matter what target server then you will use Proxy End Point.

For Example, Spike Arrest Policy, You would like to check for DOS attacks at the beginning of API Proxy flow, so , you generally apply this policy in Proxy EndPoint PreFlow. For Example, I would like to cache if request comes to target server 1 but not target server 2 then i will attach Response Cache Policy in Target EndPoint.

Also , Some policies can be attached only to target end point. For example, take a look at Concurrent Rate Limiting Policy which can be attached only at Target EndPoint side.

Hope it helps. Keep us posted if you have any queries.

Hi @Anil Sagar,

You said: "For Example, If you have multiple target servers in a single proxy & you route the request to the particular target server using route rules & conditional flows. If you would like to execute some logic for a specific target server then you will use Target End Point."

I'm sorry, the answer is a bit too abstract. Can you please provide an example with a single proxy and several target servers as you mention?

Thank you,

Emilia

@Emilia Ipate ,

Sure, Please find attached proxy that demonstrates same.

singleproxymultipletargets-rev1-2016-07-12.zip

My route rule in proxy end point looks like this ,

    <RouteRule name="routeToHttpBin">
        <Condition>(proxy.pathsuffix MatchesPath "/ip") and (request.verb = "GET")</Condition>
        <TargetEndpoint>httpBin</TargetEndpoint>
    </RouteRule>
    <RouteRule name="default">
        <TargetEndpoint>default</TargetEndpoint>
    </RouteRule>
<br>

So,

http://anildevportal-test.apigee.net/singleproxymultipletargets/ - default target

http://anildevportal-test.apigee.net/singleproxymultipletargets/json - default target

http://anildevportal-test.apigee.net/singleproxymultipletargets/xml - default target

http://anildevportal-test.apigee.net/singleproxymultipletargets/ip - httpBin target

Find more about routes here.

For example, If i want to cache the responses from target "httpBin" but not default target then i will add response cache policy to target endpoint instead of proxy endpoint.

Hi @Anil Sagar,

In the example you provided, I would create one extra proxy endpoint ProxyEndpoint1 (besides the Default one) with base path: /singleproxymultipletargets/ip and point it httpBin target endpoints.

Like this I satisfy this separate route through a separate proxy ProxyEndpoint1 with it's own flow and not through a conditional flow for the Default proxy.

I think my solution is easier to maintain and I do not see yet the disadvantages. Can you help me here?

If my solution is correct, then I can easily attach the response cache policy for httpBin target on the ProxyEndpoint1 proxy flow. So I still don't see a use-case of adding the policy flow on the target endpoint flow.

Thank you,

Emilia

@Emilia Ipate , When you create a new proxy, proxy base path changes, Each proxy will have unique basepath. If you would like to re-use some of the policies & have different target servers then above example will help. Yes, You can also create new proxy itself.

Also , Some policies can be attached only to target end point. For example, take a look at Concurrent Rate Limiting Policy which can be attached only at Target EndPoint side.

I will post the question about whether to have 1 proxy with 2 target endpoints through conditional flows or 2 proxies each with a target endpoint in a separate discussions thread.

I take it from our discussion that there are policies (like concurrentRateLimit) which apply on the target endpoint flow. @Anil Sagar, let me know if I misunderstood you.

@Emilia Ipate , Yep, That works. BTB, if your above query is resolved please click on Accept link below answer so that it will be helpful for others.