When should I put a policy in Proxy Endpoint versus Target Endpoint?
Hi there,
I don't understand when I should put a policy in the flow of the target endpoint versus the flow of the proxy endpoint. Can you please give me a relevant example?
Thank you,
Emilia
Best Answer
Answer by Anil Sagar @ Google
·
Jul 12, 2016 at 07:34 AM
Great Question, Take a look at our documentation that explains flows & endpoints here. Regarding your question , "I don't understand when I should put a policy in the flow of the target endpoint versus the flow of the proxy endpoint"
It depends on API Proxy requirements, For Example, If you have multiple target servers in a single proxy & you route the request to the particular target server using route rules & conditional flows. If you would like to execute some logic for a specific target server then you will use Target End Point. If you would like to execute some logic no matter what target server then you will use Proxy End Point.
For Example, Spike Arrest Policy, You would like to check for DOS attacks at the beginning of API Proxy flow, so , you generally apply this policy in Proxy EndPoint PreFlow. For Example, I would like to cache if request comes to target server 1 but not target server 2 then i will attach Response Cache Policy in Target EndPoint.
Also , Some policies can be attached only to target end point. For example, take a look at Concurrent Rate Limiting Policy which can be attached only at Target EndPoint side.
Hope it helps. Keep us posted if you have any queries.
Hi @Anil Sagar,
You said: "For Example, If you have multiple target servers in a single proxy & you route the request to the particular target server using route rules & conditional flows. If you would like to execute some logic for a specific target server then you will use Target End Point."
I'm sorry, the answer is a bit too abstract. Can you please provide an example with a single proxy and several target servers as you mention?
Thank you,
Emilia
Sure, Please find attached proxy that demonstrates same.
singleproxymultipletargets-rev1-2016-07-12.zip
- I got two target endpoints in single proxy.
- Apigee Mock Target - http://mocktarget.apigee.net/ - default target
- HttpBin Target - https://httpbin.org/ - target when proxy path matches /ip & verb GET
My route rule in proxy end point looks like this ,
<RouteRule name="routeToHttpBin">
<Condition>(proxy.pathsuffix MatchesPath "/ip") and (request.verb = "GET")</Condition>
<TargetEndpoint>httpBin</TargetEndpoint>
</RouteRule>
<RouteRule name="default">
<TargetEndpoint>default</TargetEndpoint>
</RouteRule>
<br>
So,
http://anildevportal-test.apigee.net/singleproxymultipletargets/ - default target
http://anildevportal-test.apigee.net/singleproxymultipletargets/json - default target
http://anildevportal-test.apigee.net/singleproxymultipletargets/xml - default target
http://anildevportal-test.apigee.net/singleproxymultipletargets/ip - httpBin target
Find more about routes here.
For example, If i want to cache the responses from target "httpBin" but not default target then i will add response cache policy to target endpoint instead of proxy endpoint.
Hi @Anil Sagar,
In the example you provided, I would create one extra proxy endpoint ProxyEndpoint1 (besides the Default one) with base path: /singleproxymultipletargets/ip and point it httpBin target endpoints.
Like this I satisfy this separate route through a separate proxy ProxyEndpoint1 with it's own flow and not through a conditional flow for the Default proxy.
I think my solution is easier to maintain and I do not see yet the disadvantages. Can you help me here?
If my solution is correct, then I can easily attach the response cache policy for httpBin target on the ProxyEndpoint1 proxy flow. So I still don't see a use-case of adding the policy flow on the target endpoint flow.
Thank you,
Emilia
Hello @Emilia Ipate,
When you want the policies to be executed at the entry point of the proxy, you should place them in the proxy endpoint, so that when the request comes to the proxy, the policies would be executed.
Once the policies are executed, if you have a backend and want specific policies to be executed during the backend request/response, you should place them in target endpoint.
Nice documentation could be found here.
Hi @MEGHDEEP BASU,
Thank you for your fast answer. You are stating exactly what is in the documentation and I indeed read the information you mention in the link upfront.
The theory is clear and I am searching for a relevant practical example because I really don't see a use-case when for adding a policy on the target endpoint flow (except for spikeArrest mentioned in the academy video which is not a good example because everything should put it in the proxy endppoint flow to protect both the backend and the apigee infrstructure for DoS attacks).
All the best,
Emilia
