Apigee Edge GW + Micro Gateway as Target Endpoint

I want to use both APIGEE Edge GW as well as Edge Micro GW as part of API routing.

Scenario : APIGEE Edge SaaS (GCP ) and Backend Services running on K8S Cloud ( AWS , AZURE ) . In this scenario can we route API traffic from Edge GW to Micro GW [Acting as Target Endpoint , doing JWT Validation , key validation ] , leverage capabilities of Edge as well as micro GW.

Client --> APIGEE Edge GW(Proxy ) ---> Micro GW ( Target Endpoint) -- > Backend Service

Is this pattern Possible ?

Happy to detail further .

Thank you

0 1 200
1 REPLY 1

Yes, quite possible. Not typical.

Normally there is a single gateway that performs validation, authentication, and authorization of the request. Then that gateway proxies to the upstream (backend?) service.

There is often some sort of transport-level trust associated between the initial gateway and the upstream. Often there is a network load balancer, like an F5 BigIP or a Citrix Netscaler betwen the gateway and the upstream. Or maybe the software analogue of those things. That device or that software router will terminate the TLS connection from the gateway; that device or software will verify the trust of the connecting peer. Which in your case is the Apigee Gateway running in the cloud.

So at this point... Apigee has authorized the inbound connection from the original client. Apigee has connected to the F5 or Netscaler or sw NLB, and that element (let's call it the "firewall") has authorized the inbound connection from Apigee. And so the firewall can route to the upstream system.

9383-screenshot-20191031-114202.png

Do you NEED another gateway between the firewall and the upstream system?

do you NEED to re-authenticate and re-authorize the request?

You could do that. Do you need it?

I don't know, that's up to you.