What is the best practice for securing communication between Apigee and the Origin

Not applicable

I have been reading up on how to use Apigee as an API proxy and I am clear on that. However, as Apigee is a PaaS product out on the Internet I wanted to understand what the best practice was for securing that proxied requests are indeed coming from Apigee and not an impostor.

What options do Apigee provide?

- IP White listing (I find this unlikely in a cloud based environment)

- Client certificates?

- Something else?

I have searched for answers but I have drawn a blank.

Thanks.

0 2 232
2 REPLIES 2

Not applicable

Hi @Simon Baynes, welcome to Apigee Community!

Apigee supports both IP White Listing and Client Certificates for securing traffic from the Apigee API proxies to a Customer's target servers in our Enterprise-level product.

If you would like to learn more about how these work and the options, please get in touch via this form.

If this has answered your query, please click the Accept link, below, or let us know how we can further help.

Hi Simon,

TLS/MA would be the best option i think. Check this link