This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

API access

Posted on 11-03-2019 08:56 PM
somarjunchandol
New Member
Reply posted on --/--/---- --:-- AM

Hi,

We have an internal API, we currently have it open to everyone to configure apigee.

Is it possible to whitelist apigee with server?

0 2 59
Topic Labels
0 Likes
2 REPLIES 2

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

Your question is not clear.

Can you elaborate?

I might guess that you want an API proxy to enforce an IP access list. So that only requests originating from a specific set of IP addresses can call the proxy. Yes, you can do that. Use the AccessControl policy.

If this is not what you're intending, then please explain in more detail.

0 Likes

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

I think maybe you are talking about how Apigee connects to the upstream system.

It's true that the upstream system needs to be accessible from the internet.

Most customers use 2-way TLS to secure that point.

Configure a TLS termination point on the network (aka a firewall) and configure that endpoint to validate the TLS certificate presented by Apigee. Likewise Apigee will validate the certificate presented by the firewall.

How to do this is documented.

https://docs.apigee.com/api-platform/system-administration/configuring-ssl-cloud-based-edge-installa...

0 Likes