Leveraging Apigee Management APIs For Your Web Based Applications

Apigee is a platform/ API gateway that manages and proxies multiple APIs hosted as backend services. Apigee contains the following features.

• Security features like OAuth/API Key for authorizations to protect your services from unauthorized access. 
• Rate limiting to ensure that your backend services aren’t overwhelmed with requests. 
• Quotas
• Analytics
• Caching
• API Catalog published through the Developer portal
• Request response transformations and enrichment

Implement any API architectural style (REST, gRPC, SOAP, GraphQL, and more) suitable for your application needs.

Apigee provides publishing API products in out-of-the-box integrated developer portals. In addition, with comprehensive rating plans, Apigee provides monetization features for API access.

Through Apigee Management API, we have created and managed APIs for one of our clients: Trestle. So let’s dive deep into the POC of Apigee for Trestle.  

Creating API Proxy

Here’s how you can create an API proxy with Apigee Management API. In this example, the backend service is hosted in AWS Lambda.

1. Sign in to Apigee UI.

2. Click API Proxies in the main window, or select Develop > API proxies from the left navigation bar.

3. Click Create New.

4. In the “Create Proxy” wizard, click “Use OpenAPI Spec” for the “Reverse Proxy (most common)” template. 

5. Please click the following URL and enter the OpenAPI spec.

Info:

title: OpenAPI definition

version: v0 servers: 

url: https://at6honuo4xcu6me57tfiuookqe0hrsnf.lambda-url.ap-south-1.on.aws

 description: Generated server

 url paths: 

/products: 

get: 

tags: 

6. Enter the base path.

The Create Proxy wizard’s Proxy details page displays pre-populated fields using values defined in the OpenAPI Specification, as shown in the following figure,

7. On the “Common policies” page under the “Security” tab, select “Pass through (no authorization)” and click “Next.” In the current flow, we are not integrating any authorization to API Gateway.

8. Please click “all operation” on Flows page.

9. Select “an environment” on the Summary page before clicking “Create and deploy.”

10. Lastly, click on “Create” and “Deploy.” 

11. Meanwhile, the deployment will be in progress;

12. Now to invoke the Apigee url, go to admin->environments->groups.

13. Now try to access this. You can click on the URL:

http://<<ipaddress>>?apiKey

Security To API Proxy

API keys are crucial. However, it’s important to protect your API from unauthorized access. An app that requests an API proxy configured to verify an API key must supply a valid key. At runtime, the Verify API key policy checks that the supplied API key is: 

• Valid 
• Hasn’t been revoked 
• Matches the API key for the API product that exposes the requested resources

1. Go to API Proxy > Select the API Proxy that we created earlier. 

2. Now go to the “Develop” section.  Select “Pre Flow” and add “+Step.”

3. After that, add “Verify Key Policy.”

4. Click on Add and Save. 

This will get saved to revision 2 and starts deploying it.

5. When we try to access the API, we will get auth issue, as this needs the API key to be passed. 

We need to generate the API Key, which must be associated with a user or account. 

1. Create an API Key.
2. Select Publish  > API products.
3. We need to create a new API product here. 

We need to generate the API Key, which must be associated with a user or account. 

1. Create an API Key.
2. Select Publish  > API products.
3. We need to create a new API product here.

4. Enter the product details

5. Select “add an operation” enter the details and click “save”

6. Go to “Publish” > “Developers”. Add your developer’s details.

After the developer is added, go to publish > apps. 

7. Create an app and associate the product and developer with the app.

This will generate an API key.

Now access Apigee proxy with API key passing as query parm.

http://<<ipaddress>>?apiKey=<<value>>

Restrict The API With Rate Limit 

1. Go to publish->API products, choose the product we created, enter the quota limit, and save. 
2. The limit set here is 3 requests in one limit.

3. Add quota policy in the API Proxy. 

4. Go to API proxy-> select the API proxy that we created and go to develop section.

5. Add the below for the quota policy.

6. Next “save” and “deploy” to new version.

7. Now access the API more than 3 times in 1 minute, and you can see the rate limit exceeds the message. 

This way, you can apply a rate limit to API.

Publish To The Developer Portal

There are several developer portal solutions that Apigee supports. The solutions range from simple turn-key to fully customizable and extensible. When choosing a developer portal solution, you must carefully consider your customization requirements against the time and knowledge required to implement your portal.

Below Is The OpenAPI Spec Generated

openapi: 3.0.1

 info: 

title: OpenAPI definition

 version: v0 

servers: url: https://<<domainname>>

description: Generated server

 url paths: /myproducts: 

get: 

tags: app-controller

 operationId: productData

 responses:

 "200": 

description: OK 

content: 

'*/*': 

schema: 

type: string 

components: securitySchemes: 

api_key: 

type: apiKey 

name: apikey 

in: query 

security: 

api_key: []]

1. Go to publish > portal. Create new portal.

2. Give a name to the portal.

3. Now select the API catalog. Add API product to new API.

4. Select the check box for published and select the registered users accessing the portal.

5. Upload the OpenAPI spec created and click on Save.

6. Click on “Live Portal”.

7. Register yourself in this development portal to access the APIs. 

8. After having registered, you receive a confirmation email. 

9. Once the link sent in the mailbox is clicked, the account becomes active and you can log in with your registered id. Register your apps in the developer portal. 

10. Now after enabling, this will generate an API key to access APIs from the developer portal. 

11. Select APIs. After that select Product Data and go to API docs. 

12. Click on “Authorize”. 

13. After authorization is successful and the API is executed. Now you can get the Response.

14. Now you are able to execute 3 times in a minute and at the same will get a rate limit issue.