Integrating apigee with other API Gateway,Integrating apigee with other API Gateways

I have a solution that uses embedded reverse proxy API Gateway that uses OAuth2 for security. How can I integrate this solution with apigee that our customers may be using? Can apigee be configured to simply pass the client ID and secret key for authentication and the access token to the embedded gateway in my solution to manage?

,

Our solution has its own embedded Reverse Proxy API Gateway component that uses OAuth2 for security. How can I integrate this solution with apigee? Would apigee be able to simply pass the client ID and secret key for authentication and the generated access token to embedded gateway to manage?

0 1 550
1 REPLY 1

Yes, Apigee Edge can do that. A more interesting question is: should you do that?

Within Apigee Edge you as an API provider or API Administrator can design smart API Proxies. Those proxies can do anything you like. When a client sends in a request containing a client id and secret, you can configure Apigee Edge to:

  • validate the client ID and/or secret against its own store
  • send theclient id & Secret to an external system for validation
  • ignore the client id and secret completely
  • use the client id as a lookup key to find a different client id
  • some combination of the above

In short, you have complete control over the behavior of the smart proxy.

So yes, you could configure your proxy to extract the client id and secret from the inbound request, and send them to a different system for validation. Now, does it make sense to do that? Maybe.

If you use Apigee Edge to do the validation of credentials, you can take advantage of some additional Apigee capabilities including:

  • API products and metadata (custom attributes)
  • automated provisioning of application keys
  • quota enforcement on a per-app basis
  • API Analytics based by developer app
  • and more

if you do not use Apigee Edge to validate the app credentials, then you miss these capabilities.

So it's up to you, whether you want to use an external system, or use Apigee Edge.

By the way, you described your existing system as a "reverse proxy." This is exactly what Apigee Edge is. So you have some redundancy in your tools portfolio. Probably it would be a good idea to determine when you should use the other API Gateway, and when to best use Apigee Edge. Using both of them may be inefficient and unnecessarily complicated.