How to callout to Node.js?

Not applicable

Is there a way to callout to a Node.js service as part of our proxy flow without creating a separate API proxy for the Node and doing a proxy-proxy service callout (which is not recommended)?

Examples would be

  • adding legacy login credentials from secure storage to the request
  • augmenting responses with data from BAAS

In the former case I wouldn't necessary want to create an endpoint for that internal service outside the scope of my consumer facing API proxy.

Edit: It's implicit in the question that we don't want to call Node instead of our original target (by e.g. creating a new Node.js target and a route rule). We want to call Node as well as our original target (before or after doesn't matter)

0 10 1,181
10 REPLIES 10

anshul_
Participant IV

In the API proxy we can't make callout to node.js as we do for Javascript or Java, but it can be used as a target.

@Adam Johnston This might not be possible, to make a callout to the NodeJS on the same proxy.

However, what you could do if the logic is straightforward is to simply use a Javascript Policy and do the processing that you want directly in Javascript.

If you need to make a call to BaaS, then you could use a service callout and then process that in JS

Similarly, if you need to add legacy credentials, then you could read the values using a KVM operation and then subsequent processing in the JS policy.

Would this be a solution for you?

Edit: Adding some more hints from the comments below. Since KVM is not encrypted, have a jar that can encrypt and decrypt. Use this to push encrypted values into KVM, and again while reading the value out of KVM use the policy to decrypt and then use the values in JS.

This can be done via JS as well, but we can use Java to add a little more obscurity to someone accessing the encryption keys. 🙂

Not applicable

KVM is not encrypted (I think?) so I guess I would have to do that myself from the JS. That is only disadvantage I see.

KVM is not encrypted, you could use Vault. Here is an useful post on the comparison.

I can't use the vault if I can't use Node.js surely?

You can also use the management APIs - but not sure how it fits into your existing requirement.

That would mean authenticating the request with our apigee credentials which, even if that wasn't a bad idea in its own right, would require its own secure storage to store those 🙂

So we do it via a Java policy. Have a jar that can encrypt and decrypt. Use this to push encrypted values into KVM, and again while reading the value out of KVM use the policy to decrypt and then use the values in JS. Can be done via JS as well, just use Java to add a little more obscurity to accessing the encryption keys. 🙂

Yes... unfortunately this sounds like the only way to do this at the moment, until secure storage is exposed via JS or we can directly callout to Node.js within a flow

Hello all, I wanted to add an important note: encrypted KVMs are here. Details are in our documentation: http://docs.apigee.com/api-services/reference/key-value-map-operations-policy . You now have an option for encrypted data without having to use Node.js.