API proxies - restrict calls by IP address? And, Can I send emails out after a threshold is exceeded?

Not applicable

Hello,

I have few questions regarding design of api proxy.

1. Is there any way in Apigee proxy to restrict (block) requests from some server based on their IP address?

2. I want to get some notification after hitting some threshold value.

eg: After reaching every 1000 request hits, need to send an email to some users mentioning about the threshold reached.


Is it possible to achieve above in apigee by adding some policies or by some other configuration changes in Proxy.

Thanks,

Mohan

Solved Solved
1 1 1,484
1 ACCEPTED SOLUTION

Some answers

1. Is there any way in Apigee proxy to restrict (block) requests from some server based on their IP address?

Yes. Apigee Edge includes an AccessControl policy that allows you to blacklist inbound requests based on IP address. You can also whitelist IP addresses or ranges. See the documentation here.

2. I want to get some notification after hitting some threshold value. eg: After reaching every 1000 request hits, need to send an email to some users

It is possible to do this, but not in an API proxy. I would do it with a nightly (or every 8 hours, whatever is appropriate) cron job or similar, which queries the Analytics for Apigee Edge, and then programmatically sends an email.

You said "send an email to some users". Which users? Developers? End-users of the app? If you want to send an email to the developer of each app that exceeds 1000 requests per day, you could do this query:

curl -X GET -i -n "https://api.enterprise.apigee.com/v1/o/ORG/e/ENV/stats/developer_app?select=sum(message_count)&timeRange=09%2F10%2F2017%2000%3A00~09%2F30%2F2017%2023%3A59&timeUnit=day"

Then, sort through those results, and filter the ones that have access over 1000 for any day. The results look like this:

{
  "environments" : [ {
    "dimensions" : [ {
      "metrics" : [ {
        "name" : "sum(message_count)",
        "values" : [ {
          "timestamp" : 1505865600000,
          "value" : "9834.0"
        }, {
          "timestamp" : 1505779200000,
          "value" : "10809.0"
        }, {
          "timestamp" : 1505692800000,
          "value" : "9235.0"
        }, {
          "timestamp" : 1505606400000,
          "value" : "9013.0"
        }, {
          "timestamp" : 1505520000000,
          "value" : "11825.0"
        } ]
      } ],
      "name" : "dpc1"
    }, {
      "metrics" : [ {
        "name" : "sum(message_count)",
        "values" : [ {
          "timestamp" : 1505865600000,
          "value" : "6340.0"
        }, {
          "timestamp" : 1505779200000,
          "value" : "6709.0"
        }, {
          "timestamp" : 1505692800000,
          "value" : "6048.0"
        }, {
          "timestamp" : 1505606400000,
          "value" : "5409.0"
        }, {
          "timestamp" : 1505520000000,
          "value" : "7747.0"
        } ]
      } ],
      "name" : "dpc2"
    }, ...


                     

Of course you could run this with a timeUnit of hour if you like.

Once you find the apps, then you can retrieve the email for the developer, by querying the app:

curl -i -n -X GET "https://api.enterprise.apigee.com/v1/o/ORG/apps?expand=true" 

And then you'd get the developerid for the app, and from that retrieve the developer email, and then send the email.

If you want to send an email to a particular END USER of the app, that's going to require a custom analytics dimension which stores the user email. You'd do the same kind of query but substitute the name of that analytics dimension in, where "developer_email" occurs.

You can read more about the stats API and custom dimensions, here.

View solution in original post

1 REPLY 1

Some answers

1. Is there any way in Apigee proxy to restrict (block) requests from some server based on their IP address?

Yes. Apigee Edge includes an AccessControl policy that allows you to blacklist inbound requests based on IP address. You can also whitelist IP addresses or ranges. See the documentation here.

2. I want to get some notification after hitting some threshold value. eg: After reaching every 1000 request hits, need to send an email to some users

It is possible to do this, but not in an API proxy. I would do it with a nightly (or every 8 hours, whatever is appropriate) cron job or similar, which queries the Analytics for Apigee Edge, and then programmatically sends an email.

You said "send an email to some users". Which users? Developers? End-users of the app? If you want to send an email to the developer of each app that exceeds 1000 requests per day, you could do this query:

curl -X GET -i -n "https://api.enterprise.apigee.com/v1/o/ORG/e/ENV/stats/developer_app?select=sum(message_count)&timeRange=09%2F10%2F2017%2000%3A00~09%2F30%2F2017%2023%3A59&timeUnit=day"

Then, sort through those results, and filter the ones that have access over 1000 for any day. The results look like this:

{
  "environments" : [ {
    "dimensions" : [ {
      "metrics" : [ {
        "name" : "sum(message_count)",
        "values" : [ {
          "timestamp" : 1505865600000,
          "value" : "9834.0"
        }, {
          "timestamp" : 1505779200000,
          "value" : "10809.0"
        }, {
          "timestamp" : 1505692800000,
          "value" : "9235.0"
        }, {
          "timestamp" : 1505606400000,
          "value" : "9013.0"
        }, {
          "timestamp" : 1505520000000,
          "value" : "11825.0"
        } ]
      } ],
      "name" : "dpc1"
    }, {
      "metrics" : [ {
        "name" : "sum(message_count)",
        "values" : [ {
          "timestamp" : 1505865600000,
          "value" : "6340.0"
        }, {
          "timestamp" : 1505779200000,
          "value" : "6709.0"
        }, {
          "timestamp" : 1505692800000,
          "value" : "6048.0"
        }, {
          "timestamp" : 1505606400000,
          "value" : "5409.0"
        }, {
          "timestamp" : 1505520000000,
          "value" : "7747.0"
        } ]
      } ],
      "name" : "dpc2"
    }, ...


                     

Of course you could run this with a timeUnit of hour if you like.

Once you find the apps, then you can retrieve the email for the developer, by querying the app:

curl -i -n -X GET "https://api.enterprise.apigee.com/v1/o/ORG/apps?expand=true" 

And then you'd get the developerid for the app, and from that retrieve the developer email, and then send the email.

If you want to send an email to a particular END USER of the app, that's going to require a custom analytics dimension which stores the user email. You'd do the same kind of query but substitute the name of that analytics dimension in, where "developer_email" occurs.

You can read more about the stats API and custom dimensions, here.