Flow between Apigee Cloud Proxy and Microgateway-aware Proxy

Hello Apigee Team,

On-Cloud to On-Prem topology: Client->Apigee Cloud->External Firewall->DMZ(SSL termination in LB here)->Internal Firewall->Apigee Microgateway(2 Way SSL is configured here)->Backend Systems exposing APIs

Current Design: One backend system is exposing a POST /booking API, client POSTs some data thru Apigee Cloud API Proxy and backend API returns Sucess/Failure responses appropriately. Apigee API Proxy passing through the responses back to the client. Currently all the required policies are written in Apigee Cloud Proxy.

In this case, I have some clarifications on the southbound flow while incorporating the microgateway based on the above mentioned topology

1) What are efficient way to make use of the microgateway?

2) What should be the flow between Apigee Cloud Proxy and microgateway-aware proxy (Can microgateway call the target API and cloud proxy call the microgateway-aware proxy)

3) Could you please provide an example between Edge Proxy and microgateway-aware proxy?

Thanks!

0 3 358
3 REPLIES 3

Former Community Member
Not applicable
@TGP

I think you are on the right path. From a Cloud proxy's point of view, a microgateway endpoint is nothing special (it is another target endpoint hosted on-prem).

One variation I would add, and perhaps you had already thought about it, for your external clients, I would expose the Edge OAuth token (opaque tokens) only. Once authenticated (using the OAuth v2 policy), swap it for a JWT token and send it to the MG endpoint. The JWT token can be generated at the same time you generated the opaque token. The JWT token can be stored as an attribute of the opaque token.

@srinandans Thanks for your response.

// From a Cloud proxy's point of view, a microgateway endpoint is nothing special (it is another target endpoint hosted on-prem). //

I am understanding that, Cloud proxy should call the microgateway-aware proxy as a target endpoint AND microgateway-aware proxy should call the actual target endpoint.

Is it a api proxy chaining?

Please correct me If I am wrong.

Please provide us a use case example.

Thanks!

Former Community Member
Not applicable

Your understanding is correct. However, "Proxy chaining" is a term reserved to chain one or more proxies in the Cloud (not Cloud to MG).