Practical guide for Google Cloud's Apigee

By Bhushan Nikhar

Apigee API gateway illustration

Here's a practical Apigee guide. I am writing this guide for someone who is freshly trying to learn Apigee.

Problem with APIs

Nowadays, almost all product companies expose their APIs to facilitate interactions for consumers. However, exposing APIs introduces multiple challenges:

  • Lack of understanding if APIs are secure against external access.
  • Potential misuse of APIs and difficulty detecting it.
  • Inconsistency in API usage and developer experience.
  • Ensuring proper API documentation.
  • Distinguishing internal vs external API consumers.
  • Quota management for APIs.
  • Modifying requests/responses without changing backend.
  • Backward compatibility for existing APIs.
  • Monetizing API usage as per business model.

Apigee Introduction

Apigee is an API gateway for your organization. It intercepts each request from an API consumer to your APIs, enabling powerful transformations, monitoring, security, and management.

Apigee Introduction Diagram

API Proxy per API

Apigee sets up an API proxy for each API. This proxy acts as the interface between your consumers and your backend API.

API Proxy Diagram

API Product

An API product can contain one or more API proxies. It allows you to group APIs and manage access collectively.

API Product Diagram

Policies

Policies define transformations, validations, or access rules for requests and responses. You can attach policies at various stages in the request-response flow.

Policies Diagram

API Proxy Endpoints

Each API proxy has two endpoints:

  • Proxy endpoint: Consumer-facing endpoint.
  • Target endpoint: Backend-facing endpoint.
Proxy and Target Endpoints Diagram

Request Flow

Requests traverse multiple stages (pre-flow, flow, post-flow) in both proxy and target endpoints. Each stage can have policies applied for security, transformation, or logging.

Request Flow Diagram

How it is supposed to be used?

Each API has an API proxy. API proxies are grouped into API products. Access control is applied at the API product level to restrict or allow specific consumers.

Usage Diagram

Debugging Request or Response

Apigee provides a UI to inspect eachhop's execution time and the transformations or mediations applied.

API Proxy Folder Structure

Typical structure of an API proxy:

apiproxy
├─ apiproxy/Policies
├─ apiproxy/ProxyEndpoint/default.xml
├─ apiproxy/TargetEndpoint/default.xml
└─ apiproxy/Resources/*.jsx