How external partners can access internally exposed Apis? What is the best design?

Hi, I would like to know the best design .

We have existing on-premises platform in green zone for internal partners, would like to use same platform for external partners as well, by logically separating by organization level. To use the same platform for external partners, what is the best design? External firewall, DMZ zone and Internal Firewall approach? what is needed in DMZ zone? do we need to install any components like Router and MP additionally in DMZ zone? how to use DNS in DMZ zone? need detailed explanation on the setup.

0 2 295
2 REPLIES 2

sidd-harth
Participant V
What will the external partners do with the exposed APIs?

If they use the APIs to build applications, then the best design would be exposing the APIs using a Developer portal.

If it an older on-prem version then you can install Drupal-based Portal and expose the API securely along with documentation.

External partners are registered partners with an organization, who is dependent on the organization for the information/ want to send some information to update at organization as a partner. Partners will be sending their requests as a Partner Specific token/JWT token to get /set the information over the exposed APIs. To separate platform for internal and external, we are planning for the logical separation thru organization, with this, the platform will be separated logically 2 individual platforms, the proxies, tls, and etc are separate to each organization, there is no inter-connectivity between these 2 platforms.Infrastructure supports for these 2 platforms. The main this want to know is how to setup the DMZ zone where external partners get thru this zone. Open the external firewall, get them to DMZ zone and filter them/ mask their request and send it to Internal firewall..... Would like to know from External firewall to internal firewall setup.

Like what ports are needed to open at external firewall, what is needed to setup in DMZ zone? what ports are needed to open at internal firewall? Does DMZ zone will have any Router and Message Processor of Apigee? if so, how to configure this R+MP will send request to internal R+MP? or DMZ Zone R+MP will process the request and runtime data will be updated to Cassandra and Zookeeper? Please let me know the design, security and configuration and installation setup.