Is it a right choice of architecture to have two Apigee Instances one acting as API Gateway and other as IDP ?

Hi,

One of our requirement is to have two Apigee instances with two separate infrastructure models sitting in their own dedicated DCs.

One instance we would like to use it as Resource Server which hosts all the API resources which can consume by the external parties. The other instance would act as Authorisation Server which hosts OAuth 2.0 API endpoints.

The first instance will talk to second instance for any generation and validation of OAuth tokens.

The idea here is to completely separate our Authentication and Authorisation module from the API Gateway and make it future ready for replacing it with any other external Authentication and Authorisation provider.

Could anyone please help me on how feasible this solution can be? and what are the Pros and Cons?

Thanks.

0 1 152
1 REPLY 1

Not applicable

I assume that by instances you mean actual Edge installations (aka Planet), if so:

Why two?, you can have a single Edge planets and Org handling both functions.

Edge is not an IDP but it will allow you to implement similar functions.

Having one will eliminate the need to force APIs or Apps go to a third system for those functions/data. Allows you to use Edge out of the box policies in your APIs and dramatically reduces architecture complexity and implementation time.

I think the question to answer is not: Can we have two?, but, is there any limitation on having one?