In Apigee APIs can be easily created with shared modules, called policies, and flows. Because of this it is easy to arrange authentication and authorization, but also other things like protection against traffic spikes. Apigee is still a work-in-progress, so not all specifications are well documented and the version control system can still be improved a lot. That’s why we stored the versions in a git repository on Stash and deployed it with Jenkins to Apigee. On the other side, the versions of the APIs themselves can be disclosed through a segment in the path.
A great advantage to base the architecture on this platform is uniformity in APIs and their maintainability. Analyses and statistics belong to the standard functionality. The consumers and the API (Proxies) can be connected, so filtering is possible on basis of both.
By working with API Proxy’s in Apigee, several security measurements can be taken for all passing traffic, like authentication, authorization, validations to prevent code injections, and prevent spikes in traffic. It’s also possible to share variables within flows and environments. Besides that, there are also caching possibilities. By caching key-value-pairs and responses a higher performance can be achieved.
Adding this layer and disclosing data like this offers many advantages, like re-usability of APIs and a central place to locate them. This is ideal for omnichannel, where companies want to disclose data through all channels, like websites, social media, apps, etc. Not only did we have front-end components on the website as consumers of our APIs, but also several apps. What can be done exactly in this layer, can vary from a simple proxy to complete applications. The proxy can be made for analyses and statistics, authentication, authorization, (first) validations, security measurements, and/or caching. This can also vary per API or API Proxy. In the context of microservices it can have advantages in terms of security and governance to disclose them through this platform. All in all, Apigee is a nice platform if you want to work with APIs.