Internal backend system as a client making an Outb...

nathanaw · 06-21-2019 03:15 AM

Can an internal backend system becomes a client making an outbound API call via Apigee to an external payment gateway? The external payment gateway, then, becomes a target endpoint.

Roles reversal, that is.

How should I configure this? the proxy endpoint is traditionally exposed to the outside world but now the internal system needs to be able to evoke this proxy endpoint. How should one best approach this?

danielhoenig

We have done this for all of our outbound 3rd party integrations. It's nice because we can abstract away the numerous ways other companies handle security and make a more consistent developer experience for our teams.

Just configure it like you described and if you want to restrict access to the proxy beyond the regular security options, you can use the Access Control Policy in Apigee to setup IP restrictions.

dchiesa1

Yep - that's a good practice!

Report Inappropriate Content

@Daniel can you explain litter more how to do the internal backend as client and external service as resource server?

danielhoenig

@Priyadarshi Ajitav Jena - Sure! Lets use the SWAPI API as an example. If I wanted to put Apigee infront of that API all I would do is create a Proxy and set the Target Endpoint HttpTargetConnection>URL to https://swapi.co/api/. The client can be from anywhere, since Apigee proxies are publicly available. To lock it down, you can add any of the security features Edge provides out of the box, OAuth, API Key, IP Restrictions...etc.

Report Inappropriate Content

Thanks....

Internal backend system as a client making an Outbound API call via Apigee to an external payment gateway