Google Cloud's Apigee

By Bhushan Nikhar

Here's practical Apigee guide.
I am writing this guide for someone who is freshly trying to learn Apigee.

Apigee concepts

Problem with APIs

Now a days, almost all product companies expose their own APIs to facilitate something or other for their consumers. These APIs serve as entry point for external developers or partners to interact with their product. But exposing APIs create various problems for product company.

  • Lack of overall understanding if all APIs are secure to get data in from external entities.
  • What if someone uses API in unintended way. Can organization detect misuse?
  • Are APIs consistent to access and use? What's developer experience for API usage?
  • Is API documented properly?
  • Is there any way to identify if API consumption request is coming from interal developer in organization or external?
  • Can certain APIs be set Quota? Eg. Enable certain API for only 3 requests and then disallow requests.
  • What if my backend API is not modifiable and want certain way to modify request and response on the way to API so my backend systems are shielded from any developmental change.
  • Are APIs backward compatible ie is there possibility to break current API? How do we handle that?
  • I want to sell API usage in any of models my business deems worthy. How to go about it?
apigee 1 light theme

Apigee Introduction

Apigee simply is Api gateway for your organization. Apigee intercepts each request from API consumer to API. This key position allows API to do wonders that we will talk about soon.

apigee 2 light theme

API proxy per API

Apigee has proxies(we call them APIProxy) setup internally for each API.

apigee 3 light theme

API Product

Each API product can contain one or more API proxies.

apigee 4 light theme

Policies

You can set policies on Request or Response of APIs.

apigee 5 light theme

API proxy endpoints

Each API proxy has two endpoints within it ie proxy endpoint and target endpoint.

Proxy endpoint is one which reflects API proxy's API consumer side.

Target endpoint is one which reflects API proxy's backend API side.

apigee 6 light theme

Request flow

Whenever request is fired from API consumer, it goes through following hops.

  1. Proxy endpoint: Pre-flow
  2. Proxy endpoint: flow
  3. Proxy endpoint: Post-flow
  4. Target endpoint: Pre-flow
  5. Target endpoint: flow
  6. Target endpoint: Post-flow
  7. Proxy endpoint: Pre-flow
  8. Proxy endpoint: flow
  9. Proxy endpoint: Post-flow
  10. Proxy endpoint: Post-client-flow: This is special step where logging operations or any housekeeping stuff can be done to avoid response time delays.

Note, each hop can have policy attached to it. Policy can be built-in Apigee standard policy or custom made policy implemented by you in any of programming language.

apigee 7 light theme

How it is supposed to be used?

Each API has API proxy.
One or more API Proxies can be packaged together in different sets called as API Product.
Each API Product can be given separate access and so can be used to restrict or enable access to specific APIs with access to API products.

apigee 8 light theme

Debugging request or response

Each hop is available in Apigee UI for looking at specific time it took to what transformation or mediation that hop did to request or response.

API Proxy folder structure

Following is folder structure for API Proxy

  • apiproxy
  • apiproxy/Policies
  • apiproxy/ProxyEndpoint/default.xml
  • apiproxy/TargetEndpoint/default.xml
  • apiproxy/Resources/*.jsx