This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Use Apigee to expose internal api to Internet

Posted on 09-08-2020 04:13 AM
rhitabrataroy
New Member
Reply posted on --/--/---- --:-- AM

We have API endpoints hosted on internal servers and are not exposed to the internet, is there any option in Apigee to expose these internal API to the internet with a layer of authentication so that it can be consumed by our external partners?

0 1 464
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

Yes, this is a common pattern for using Apigee.

It looks like this:

  • expose the internal service to the internet via a firewall
  • Do one of the following
    • enforce mutual TLS on the firewall and configure the Apigee southbound interface to present the correct TLS keys + certificates
      OR
    • enforce an IP allowlist on the firewall, configured with the Apigee southbound IP Addresses.
  • Construct an API Proxy that enforces OAuth token security (or JWT, or HMAC, etc) on the northbound (inbound) side.
  • Publish that API to a developer portal
  • invite external partners to authenticate to the portal, self-provision App credentials. The developers of the apps then embed those credentials into the app, and that allows the app to connect to the inbound interface of Apigee.
0 Likes