How to create api proxies for a saas application with different sub-domains?

Not applicable

In my saas application, instead of a having a common sub-domain for all the clients I have different sub-domains for different clients such as http://www.abc.myapp.com, http://www.def.myapp.com and http://www.ghi.myapp.com. Thousands of sub-domains are already there and more will be added in future.

we have Oauth based authentication, API key based and basic authentication with username/password. Basic authentication will be used most of the time. An example curl command to get all the users will look like this

curl -v -u sample@myapp.com:xxxxx -X GET 'https://abc.myapp.com/api/users'

curl -v -u username:password -X GET 'https://abc.myapp.com/api/#endpoint#'

I want to get the API analytics for each of these clients separately and also as a whole, and manage the same. Is it possible?

1 2 639
2 REPLIES 2

yes you could do that.

First we need to understand each other though. When you say "clients" I think you are talking about "companies" or "customers". In API-speak, "client" has a particular meaning, and it is closer to "user-facing application". The Starbucks mobile-order-pay app for iOS is the API client. Embedded somehow in the program logic for each client, is the client id. That client app sends the client id, explicitly or implicitly with each outbound request. The server can then collect analytics based on that client id.

ok, you said, _I want to get the API analytics for each of these clients separately_

And In your curl examples, I don't see anything that would identify the _client_ - that is to say, the app that is requesting the service.

In the best practices recommended by Apigee, you will use an OAuth2 token to identify the app, or maybe the app+user. The OAuth token is not a client id, but it is derived from a client id, and Apigee will be able to retrieve the originating client id from any valid OAuth2 token. Therefore, for the purposes of analytics, the OAuth2 token identifies the client. If the inbound request carries a token that you validate within Apigee Edge via OAuthV2/VerifyAccessToken, then you can get analytics on the "client" (= the requesting app). This happens automatically.

Getting the analytics for that is possible visually, in the UI, or via the API.

If instead, you want to do analytics on the USERS, or maybe the COMPANIES that those users belong to, then that is llama of a different color.

Let's say

  • you want to do analytics on the COMPANY
  • You're using basic auth. not using OAuth2. There is no application ID, no token, no client id.
  • There is some way to map from username to "company"

In THAT case you would need to create your proxy to:

  • validate the user credentials
  • derive the company name from the validated user
  • add a StatisticsCollector to your API Proxy, and store the company name.
  • Then do custom analytics queries based on that "company name" dimension.

Clear?

In my case, I can get the customer/company name from the url itself. if the url is abc.myapp.com then customer/company is abc and if the url is def.myapp.com then the customer/company is def. I have individual sub-domain for individual customer/company. Getting the customer/company name is easy.

My question is how can I create api proxy for this scenario. In my case the base path has unique sub-domain for each customer.