Posted on 2017-04-14 by

Logo of ApigeeAt one of my former projects at a client of Luminis I got the opportunity to work with Apigee. Apigee is a platform for APIs. In this blog I’ll describe in an overview its features.

In Apigee APIs can be easily created with shared modules, called policies, and flows. Because of this it is easy to arrange authentication and authorization, but also other things like protection against traffic spikes. Apigee is still a work-in-progress, so not all specifications are well documented and the version control system can still be improved a lot. That’s why we stored the versions in a git repository on Stash and deployed it with Jenkins to Apigee. On the other side, the versions of the APIs themselves can be disclosed through a segment in the path.

A great advantage to base the architecture on this platform is uniformity in APIs and their maintainability. Analyses and statistics belong to the standard functionality. The consumers and the API (Proxies) can be connected, so filtering is possible on basis of both.

There are a lot of standard policies with functionality available to compose a flow for an API. These consist of traffic management, security, mediation and extensions. The mediation policies are for conversion, extraction, and changing the request/response message. The extensions can be used for enclosing Java, JavaScript, Python and also to do call-outs to other APIs inside or outside Apigee, statistics and logging. Because of this the work for simple APIs and APIs with underlying applications can be limited to configuration in Apigee. On the other side it is also possible to put in some more code for fine-tuning or advanced capabilities. This can be done neatly in a management console, but can also be done directly in XML-files.

By working with API Proxy’s in Apigee, several security measurements can be taken for all passing traffic, like authentication, authorization, validations to prevent code injections, and prevent spikes in traffic. It’s also possible to share variables within flows and environments. Besides that, there are also caching possibilities. By caching key-value-pairs and responses a higher performance can be achieved.

Adding this layer and disclosing data like this offers many advantages, like re-usability of APIs and a central place to locate them. This is ideal for omnichannel, where companies want to disclose data through all channels, like websites, social media, apps, etc. Not only did we have front-end components on the website as consumers of our APIs, but also several apps. What can be done exactly in this layer, can vary from a simple proxy to complete applications. The proxy can be made for analyses and statistics, authentication, authorization, (first) validations, security measurements, and/or caching. This can also vary per API or API Proxy. In the context of microservices it can have advantages in terms of security and governance to disclose them through this platform. All in all, Apigee is a nice platform if you want to work with APIs.

Side note: last year Apigee was acquired by Google.

About Sander Meinema

Sander is a Software Engineer and Scrum Master at Luminis. He likes to build something useful, but also to facilitate a productive environment for the team. With a background in mathematics he has strong analytical skills which he can not only apply to code, but also to smooth processes.

Leave a Reply

Your email address will not be published. Required fields are marked *