Hi all,
If I am going to expose my internal APIs to the internet so Apigee can proxy it, how do I ensure developers don't call my internal APIs directly?
I have read about whitelisting IP addresses used by Apigee, but how would you go about this if your company's current Apigee setup does not have dedicated IP addresses?
Answer by Ravindra Singh · Jul 15, 2019 at 02:45 PM
Hi @Nicnic Nicnic,
If you are using APIGEE cloud version you can request for IPs which can be whitelisted from your backend. Still there are the options for you to protect your backend -
Even you whitelist Apigee IP, you should still consider to have above points as a part of better security model.
Hope this helps, and let me know if you need more information.
API definition by verb (GET, POST etc) 1 Answer
How do you access a server that returns a 307 redirect response 4 Answers
JSON with multipart attachment to SOAP with MTOM using JAVA service call out 1 Answer
How can I append a query parameter in the Target Url 1 Answer
apigee-access.getMode() in NodeJS always returns "standalone" 1 Answer